Blog & What's New | Offensive Security

Kernel whoops in BackTrack 4

The latest Linux Kernel ‘sock_sendpage()’ NULL Pointer Dereference Vulnerability did not spare BackTrack 4 either. We’ve taken this opportunity to upgrade the BackTrack 4 kernel and include the required security patch.

The patched kernel source and image can be downloaded here :

BackTrack 4 Kernel Image (2.6.30.4)
BackTrack 4 Kernel Source (2.6.30.4)
*Links removed*

The repositories will be updated soon, to include additional drivers compiled against this kernel.

Metasploit Unleashed – Mastering the Framework

The Offensive Security Team along with several active community members, have been working diligently to bring you an in depth course on the Metasploit Framework – “Mastering the Framework” . This course will take you on a journey through the Metasploit Framework in full detail, and will include the latest MSF features such as:

Advanced Information gathering
Social Engineering attacks
Advanced port scanning
Writing your own MSF plugins
Auxiliary modules kung fu
Vulnerability Scanner Integration
Writing simple MSF fuzzers
Pivoting,

Social Engineering Contest – Defcon 2009

Social Engineer your way to a free course!

DC718 and Telephreak are bringing Social Engineering back to Defcon.

Offensive Security has linked together with DC718, Telephreak, the contest/event Goons Pyr0 and Russr and www.social-engineer.org to have the best of the best to judge and help mold this contest into the display of the serious threat that still exists with this attack vector. For more information,

BackTrack 4 Pre Final – Feel the pwnsauce!

Two weeks later..

130232 downloads of BackTrack 4 Pre-Final since the release.
This number does not include torrents, direct dls or black market underground copies.
That translates to 182325 GB of traffic served from our mirrors in the past two weeks.
Our repository serves 120 GB of traffic a day (not downloads)
We’re on our 7th security update (BTSU’s – they get posted on our twitter page)
Cool updates in the repo,

Holy Crack!

A wonderful BackTrack CUDA guide – showing some of the amazing CUDA tools included in BackTrack 4. MD4/MD5/NTLM hashes getting cracked at speeds of over 200M/s (million…two hundred of em…)

Check out the BackTrack 4 CUDA Guide by pure_hate

Installing VMWare Workstation 6.5.2 On BackTrack 4

As usual, brand new kernel woes with VMware. Here’s a quick way to patch up VMware 6.5.2 to get the modules to compile. Start by downloading and installing VMWare Workstation 6.5.2.

Keeping BackTrack up to Date

Our BackTrack repositories keep getting updated with new tools, drivers etc. For example, we just added legacy madwifi-ng and r8187 injection capable drivers to the repository. You can follow these simple steps to add them to your iso, and keep it updated in general.

Installing BackTrack 4 as a VMware Guest

As we havn’t released a VMware image yet, and vmware-tools does not play nice with our 2.6.29.4 kernel, i thought i’de post a short how-to on getting VMware tools installed in BT4 as a VMware guest. I used VMware Workstation 6.5.2 to test this.

The BackTrack kernel sources are already in place, so all that’s left to do is install BackTrack in VMware and start the VMware tools install. BackTrack uses up around 5 GB once installed,

BackTrack 4 Pre Final – Public Release and Download

The Remote Exploit Team is ecstatic to announce the public release of BackTrack 4 Pre Final (codename “pwnsauce“). A VMWare Image of BT4 will be released in a few days. We have major changes in BackTrack, and have tried to document and summarize them as best as possible. See the BackTrack Guide PDF for more info.

ITunes Reloaded – Getting the Shell

There goes our Information Security

This is part 2 of our previous post about the Itunes exploit for windows.

…little did we know that all the payloads being sent have to be pure AlphaNumeric (printable ASCII). The first thing to do is find a Alphanum friendly return address, which was found at 0x67215e2a

ITunes Exploitation Case Study

When masochism just isn’t enough

Our new AWE course is about to go live for the first time, in BlackHat Vegas. We chose the most interesting exploitation cases we’ve encountered, and dove really deep into them. We had many exploits to choose from, some were too easy, and believe it or not, some were just too hard. This blog post is going to be a multipart post, describing our exploitation process of the recent iTunes overflow described here.

CUDA and ATI Stream in BackTrack 4

We’ve just pushed CUDA and ATI Stream packages to the repo, including many updates and upgrades. Although the nvidia and ATI drivers are not included by default on the livecd, they can be apt-getted, and are working out of the box. Big thanks once again to pure_hate and KMDave for this wonderful feature!

Lastly, a quick screenshot from pure_hate showing 3 dual GTX 295’s in action. Ph33r.

The Fingerprinting power in BackTrack4

If you prefer running your BackTrack4 system in “secure mode” and not always have to type your password … fingerprinting can help you!

In the new BackTrack repository, the packages required to get this running are all in place:

Backtrack 4 Powered with CUDA

Some really exciting stuff going on in the world of CUDA on backtrack 4. We have updated to cuda 2.2 and will be offering the complete developers environment. This will include every thing you need to write some of your own tools with CUDA if the need arises. If you don’t know what CUDA is then you should read this to get familiar with the topic. CUDA
Pyrit will be included in bt4 and is now featuring multi card support.

Customizing the BackTrack 4 PreFinal ISO

One of the downsides of leaving the linux live scripts and moving to non lzma enabled squashfs, is that we loose the wonderful and convenient setup for modifying the BackTrack LiveCD on our own. We use to be able to pop in a LZM file into the “optional” directory, and that’s it – but no more.

Actually, customizing a casper based ISO isn’t that difficult, just different. I put up this quick guide on how to edit your own livecd and add various tools,

Backtrack 4 Forensics Capabilities

When you first boot up the new Backtrack 4, you might have noticed something slightly different.

So what is this “Start BackTrack Forensics” all about?

The OffSec Blog

Read the latest updates and news about Offensive Security

Kernel whoops in BackTrack 4

Metasploit Unleashed – Mastering the Framework

Social Engineering Contest – Defcon 2009

BackTrack 4 Pre Final – Feel the pwnsauce!

Holy Crack!

Installing VMWare Workstation 6.5.2 On BackTrack 4

Keeping BackTrack up to Date

Installing BackTrack 4 as a VMware Guest

BackTrack 4 Pre Final – Public Release and Download

ITunes Reloaded – Getting the Shell

ITunes Exploitation Case Study

CUDA and ATI Stream in BackTrack 4

The Fingerprinting power in BackTrack4

Backtrack 4 Powered with CUDA

Customizing the BackTrack 4 PreFinal ISO

Backtrack 4 Forensics Capabilities