Friday, October 7, 2011

Scripting in Perl! [Linux/Windows]

So currently at school I'm taking a Scripting in Perl class, and I'm in absolute LOVE with this language. It's easy to understand, has very good English-like syntax, simple array and hash usage, built in BASH support (for all you Linux freaks!), easy GUI creation, and so many other things that we haven't even gotten into.
I'll be posting examples based upon things in my lab and lecture, including full programs, certain syntax, and other cool things. My teacher is very good and explains many things, so you have him at your disposal (meaning, ask me a question I don't know and I'll ask him, learn it, then explain it back to you!).

Lets get started with basic syntax then get into all the fun stuff.

Friday, September 9, 2011

Where I've been and what I've been doing, AKA why I haven't been posting.

First of all, I've started my new college at the Rochester Institute of Technology majoring in Information Security and Forensics so I've been busy starting classes, moving in, and a bunch of other stuff.

I've been trying to find time to update my posts, and I apologize that I haven't gotten much if any content out lately. I should be updating my BASH scripting tutorial with more information on BASH, as well as some awesome Perl scripting stuff, so check that out in the next couple of weeks.

Tuesday, August 16, 2011

BASH scripting in Linux: an introduction [Linux]

I've already used a bit of BASH scripting in my Wifi sniffing tutorial, but the importance of scripting in BASH and other languages such as Perl, Ruby, and Python is so great I need to write separate posts for them all.
Bash stands for "Bourne-Again Shell" (you will see "sh" stands for "shell" in many places). Named aptly for being the successor of the Bourne Shell, it came into use in 1989 and has since been a main scripting language for Linux and has many different options such as piping (seen before on my blog), variables and control structures (like all good languages), file reading, and the Unix "wildcard" usage by the asterisk (*) key.

Enough about stuff I'm sure you guys don't care about, lets jump right in!

Thursday, July 21, 2011

Installing and using Nmap [Linux/Windows]

I'm afraid I've been very busy lately with a new job working overnights and figuring out all my college needs for moving in next month, but I've been doing a lot of research and reading on a few interesting topics so hopefully the next few posts will be very interesting.
I've also updated a few of my posts including my wifi sniffing and securing your home network posts, so check those out!

Today's post is about one of the most important netsec tools you will have in your arsenal. This program is called Nmap and is a free, open-source network auditing and security tool that we will use quite often while looking for vulnerabilities on networks.

I will be explaining how to install and do some basic usage on Linux AND Windows (yay Windows!). I will be using my Backtrack 5 for Linux and Windows XP and hopefully get a Vista/Win7 part up as well.

Saturday, July 9, 2011

Sniffing Passwords Over a Wifi Connection [Linux/Backtrack5]

Now here's where some fun stuff starts!
I hope many of you have followed my installing Backtrack 5 guide and read up on what ARP is as well as basic Linux commands so you can follow along easily; if not, go read those now!

What you'll need for this tutorial:
If you don't have any of these, follow the links and set up your system before continuing.

Monday, July 4, 2011

Securing your personal home network [Information]

Today's the 4th of July so I'm throwing out a quick post since it's been a few days, but I hope all my readers will be happy with another informational piece about securing your own network since, after all, that's what netsec is about!

Below is a simple guide to getting the most security out of your network to protect your information and the users of your network's information.

Friday, July 1, 2011

What is ARP? [Information]

 Since I've explained now how to get Backtrack 5, if you're still not on Linux then go install it now before all the fun stuff starts!
As for today's post I'll be explaining an important part about netsec: Address Resolution Protocol.

Understanding ARP, or Address Resolution Protocol, is a key part in understanding how networks communicate.

Wednesday, June 29, 2011

So you want to use Backtrack 5? [With Pictures/Windows/Mac/Linux]

I'm seeing a lot of my viewers still use Windows, and since I haven't posted any Windows information yet (don't worry, I will!) I felt like posting a how-to on dual-booting (or single-booting) the penetration testing suite I use called Backtrack 5 would be very helpful to everyone viewing my blog.

Here's a quick list of the things you'll need to install Backtrack 5:
  1. a USB stick with at least 2gigs of free space (mine is 8gigs), I would suggest 4gigs as a minimum.
  2. a computer to install it to (you can dualboot, or fresh install and overwrite a disk)
  3. an Ethernet Internet connection makes this easier in the updating stage.

Tuesday, June 28, 2011

Installing SSLStrip [Linux]

I've written most of a how-to and explanation of how to use two programs, SSLStrip and Ettercap, to sniff networks and grab passwords even if a secure connection is used (HTTPS rather than HTTP), but I have to cover a few topics before I release it.
First, I need to explain how to install SSLStrip for those people not using Backtrack 5, then I must explain ARP (Address Resolution Protocol) poisoning and spoofing, since this is an important part of using SSLStrip and Ettercap to grab passwords.

If you're using Backtrack 5, like I mentioned before SSLStrip should be installed already and located in the "/pentest/web/sslstrip" folder and can be run by typing "python sslstrip.py"
For the users not using Backtrack 5, follow the directions below:

Monday, June 27, 2011

Beginning networking in Ubuntu [Linux]

Since I'm trying to cover all the basics first so new users can jump right in to later topics by just reading these and the other posts I've released and *hopefully* gain and understanding of the most basic Linux commands and functions.

Each command listed below I will attempt to describe the basis for it's name, what it's acronym stands for (if necessary), the basic uses of it, a few more advanced uses of it, and any other information I (or any commentators!) see useful.

Sunday, June 26, 2011

Installing Ettercap [Linux]

Right now I'm working on a password-sniffing Ettercap guide, but I require my home Desktop to finish it (with screenshots and better scripts), and me being on vacation in Florida right now impedes me from doing that. I'll be home tomorrow night, and should be working hard on it so look for something relating to this then!

For now, here's a guide on installing the program I'll be using: Ettercap. Backtrack5 should come automatically installed with it, but for those dual-booting and using general Linux flavors, here's a guide for you!

Saturday, June 25, 2011

Installing Metasploit [Linux/Now Updated with Windows!]

Now that I've briefly covered some WEP/WPA cracking, lets install an important tool to our arsenal for issuing exploits and "payloads" (a name for exploits).

This program is called "Metasploit" and is considered by many to be one of the most important hacking/pentesting tools around. It has an amazing array of exploits that can be used on many vulnerable machines, and when coupled with the vulnerability scanner Nessus (I'll cover this in the future) becomes a highly sophisticated tool we can use to hack into and secure our networks.

I'm installing this on Ubuntu Gnome Backtrack 5 (the newest release), so if you're on a different GUI (like KDE) and aren't using BT5, some things might be different.

NOTE: It may be useful for new users to check out my Linux commands overview that I recently updated (the day this post was released).

Hopefully you know the basics of Linux navigation and listing commands, so lets begin.

Friday, June 24, 2011

Cracking WEP/WPA/2 networks with Aircrack-ng [Linux]

Now that you have hopefully installed the Aircrack-ng suite and familiarized yourself with some basic Linux commands, we can start cracking WEP and WPA1/2 networks to see the differences in security Wired Equivalent Privacy (WEP) and Wi-fi Protected Access (WPA) provide.


A Quick Overview of Linux Commands [Linux]

Before my posts really start, I thought a quick overview of commonly used Linux commands would be useful since this blog is for complete newbies and those starting off with almost no experience.

Below is a list of commonly used Linux commands (I will update this frequently, so it might be small at first):

Getting Started With Aircrack-ng [Linux]

As my first "real" post, I'll explain the basics to installing an important suite that I use quite often and is one of the most important tools to pentesting networks called Aircrack-ng (ng stands for new generation, like IPng or IPv6).

I use Ubuntu Backtrack 5 which comes preloaded with the aircrack-ng suite, but I'll explain how to install and configure this on a fresh Linux computer or laptop for those who aren't strictly into netsec and want to start or have fun with it.

Before starting on Linux, make sure you have all the necessary kernel headers and other files necessary to run aircrack. Issue the command "apt-get install build-essential" and add the prefix "sudo" (super user do) before if you are not running as root. This should install all necessary files if you do not already have them, and  you should be ready to begin.
Also, the aircrackng suite requires the "openssl-dev or libssl-dev" dependencies (thanks Anon in comments!); try apt-getting these as well.

Thursday, June 23, 2011

Hardware

This blog post is a quick explanation of the hardware I'm using (laptop/desktop specs).

I currently have a "linxtop" (laptop with Linux Ubuntu/Backtrack 5), as well as a desktop computer running Windows XP SP3 dualbooting Ubuntu (which I don't really use), and also a VMware XP on the side. I'll be getting a laptop soon with Windows 7, at which point I will begin using Windows applications related to network and computer security, such as Cain & Abel and others.

Hello World --- My Goals and Contact Information

Hello world, I felt like this was a fitting title for the obligatory "first post" on my hack-blog.

Well, thank you for coming, whether it be through a Google search, a personal link, or any other means.

This blog will focus on my learning experience with network and computer security (or information security and forensics, as my major states), and will provide simple and easy to understand walk-throughs, explanations, and newbie help for starting Pentesting (penetration testing), exploiting, and general hacking functions.

I'll be using Ubuntu (Linux) with Backtrack 5 throughout this, but if someone requests a walkthrough or anything I do on Windows XP/Vista/7 I might be able to write it for those operating systems. I don't own iOS and probably will never, so don't bother asking for that; just get 7 or Linux.

Contact Me
Ask me questions, report any mistakes, submit articles and walkthroughs, or chat about netsec!
  • Marshall.Hallenbeck@gmail.com - Main personal email; I receive emails on my phone and check them frequently.
  • MJHallenbeck - Personal Twitter. I also post when new blog posts are up.
  • Reddit - Lasereye - Reddit account
Be sure to check out my University of Reddit class page, too!


NOTICE: all of the material posted here is meant to secure your own network against intruders. This is all based upon "white-hat" penetration testing to secure your personal information from outside intrusion. I am not responsible for you trying to hack someones wifi or computer server and getting arrested. I don't condone any illegal actions. If you receive written permission to test a friends or colleagues network, then by all means, make the world a safer place for information, but please do so legally.