mubix
-
Posts
516 -
Joined
-
Last visited
-
Days Won
3
Posts posted by mubix
-
-
Originally Posted: http://www.paterva.com/forum/index.php/topic,47.0.html
You will find below the steps I had to take to install Maltego CE on my MacBook runing OSX 10.5.Even though this post is quite long, The procedure is actually quite simple and should work as long as you have a 64bit Intel Mac. (e.g. Core2Duo processor).
I go into details about command line steps because most Mac users aren''t used to typing commands. Sorry about that if you know what you are doing already. All the commands are case sensitive so type carefully.
Step 1: Updating Java
First, you need to download and install Java 1.6 since you most likely have version 1.5 on your system.
A simple way to check this is to lauch a terminal window and type the following command:
> java -version
you should get an output that looks like this
> java version "1.5.0_16"
> Java 2 Runtime Environment, Standard Edition (build 1.5.0_16-b06-284)
> Java HotSpot Client VM (build 1.5.0_16-133, mixed mode, sharing)
If you already have version "1.6.xxxx" you are all set. Download Maltego CE for Linux, double click on the .jar file and follow the instructions on screen. Otherwise, keep reading.
Java 1.6 for the mac can be downloaded here:
http://developer.apple.com/java/download/
You want to download the package named Java for Mac OS X 10.5, Update 1 (or any more recent update)
Note: this update will only work for 64bits Intel macs.
Double click on the .dmg file to mount it
Double click on the .pkg file to install it and follow the onscreen instructions
Note: If you execute the java -version command again, it will still tell you version 1.5 is installed. This is normal. Keep reading.
Installing java 1.6 neither removed version 1.5 nor configured your system to use version 1.6 by default.
I will not show you how to do this here. Instead, I will explain one way to use version 1.6 explicitly without reconfiguring the system. Feel free to do it in any other way if you want and skip to the next step instead.
(I tried to use the -version option of the java command without success, hence the following solution)
In a teminal window:
Find out where java is located by typing the following command
> which java
you should get something like
> /usr/bin/java
go to that location by typing (make sure to use the location you got above)
> cd /usr/bin
if you now type
> ls -l java
you should see that java is only a link that looks like this:
> java -> /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java
we will now create a link to version 1.6 and call it java6: (make sure to use the location you got above)
> sudo ln -s /System/Library/Frameworks/JavaVM.framework/Versions/1.6/Commands/java java6
The system will ask you for your password. This is normal since you need super user privilege to write to the /usr/bin directory.
if everything went well, typing:
> java6 -version
Should now get you something like this:
> java version "1.6.0_07"
> Java SE Runtime Environment (build 1.6.0_07-b06-153)
> Java HotSpot 64-Bit Server VM (build 1.6.0_07-b06-57, mixed mode)
Note: there could be some minor differences in version number... as long as it starts with 1.6, you''re fine.
The tough part is over now. You can move on with step 2.
Step 2: Installing Maltego
Download Maltego CE for linux from the parterva web site
Do NOT double click on the downloaded .jar file instead, go back to you terminal window and do the following
Assuming you have downloaded the jar file in the standard OSX download folder, type these two commands:
> cd
> cd Downloads
If you have downloaded it somewhere else, you will have to get to the proper location issuing the proper cd commands...
Find out the precise name of the downloaded file by typing:
> ls Mal*
You should get something like this:
> MaltegoInstaller-v2-210-CE.jar
You can now run the installer by typing the following commands: (Note: make sure to use the filename you found in the previous step)
> java6 -jar MaltegoInstaller-v2-210-CE.jar
This will display an installation window. Click next, accept the license an follow the online instructions.
Once the installer completed its job, you have successfully installed Maltego using Java 1.6
Step 3: Configuring and launching Maltego
One more thing to do before using Maltego: you must tell it to specifically use java version 1.6
All the instructions below assumes you have installed Maltego on the default location. If you did otherwise, you will have to navigate to the proper installation location.
In the finder, navigate to this folder:
Applications -> MaltegoCE -> etc
Double click on the maltego.conf file to open it in your favorite text editor.
Near the end of the file, there is a line starting with:
#jdkhome=
Remove the leading # sign and add the path to your java 1.6 installation. (Note: You found that path earlier while installing Maltego)
The result should be similar to this: (Note the double quotes and the trailing /Home)
jdkhome="/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home"
You are done. To lauch Maltego from the finder, navigate to the folder
Applications -> MaltegoCE -> bin
And double click on the maltego file. (Note: do not click on maltego.exe or maltego_w.exe, these will not work.)
-
Just wanted to put my two cents in. The newest version of Kismet has some wicked abilities to detect "cloaked" ssids. Yes, you will still need to have a client connected, it definitely doesn't take as long any more. They will show up in Kismet as blue ESSIDs when you get them. An easy way to generate that traffic that will reveal a ESSID is the old school blanket deauth.
-
Ok, SSL Certs in browsers are verified via a 3rd Party. Usually Verisign. The only way to make a cert come up green and valid is to also spoof the verification of the SSL cert. But here inlies the problem. The public keys for those sites are installed in browsers by default and will not accept any false verification site. So, to make this a complete hack, you have to:
1. Replace the public cert that is installed on the targets browser with your fake verification cert
2. Set up a fake verification server
3. Generate your key so that the fake verification server will validate the request.
Oh yeah, and not all sites certify through Verisign. Possible, definitely. Worth the effort?, maybe. Difficult and extremely targeted, absolutely.
I don't mean to scare you away from this project, it is actually one that taught me a lot when I had the same question. I suggest VMware and a weekend dedicated to the project.
Good luck.
-
Now that is the hotness right there. Love the charger/battery
-
Originally posted: http://www.room362.com/archives/233-Jasage...and-Future.html
If you haven’t heard already about Jasager.. well you probably don’t read this blog, but for those who want to know a bit more about the history of Jasager - Karma on the Fon, where the project is now, and where it’s headed, then buckle up, and hang on while we first travel down memory lane.
History:
The time was ShmooCon 2006. It was my very first “HACKER” convention. I was there with my buddies from Hak5 and SploitCast. I just so happened to sit in a talk by Dino (A. Dai Zovi). He was talking about Karma, his project that basically sat in the middle of wireless connections and instead of picking out the special bits directed his way, Karma accepted and responded to them all. I was in love, no not with Dino, but the project. I wrote theta44.org in my notebook (the site Dino noted to find out more) and continued on with the craziness that is any con. Having no money to invest in a wireless card that could handle Karma that page with theta44.org kept hounding me.
In early 2007, boxgamex (a gentlemen from the Hak5 community) sold me a little Fonera router. What’s the first thing I did? Hack it, put OpenWRT and DD-WRT on it. But one day that page in my notebook showed up again and reminded me of Karma. I looked on Dino’s page and was appalled to find that the project hadn’t gone anywhere. Did no one see the potential that this project had? Putting 2 + 2 (=5) I decided to put Karma on the Fon for an ultra portable wifi attack tool. Well, I am by no means the Killer Coding Ninja Monkey that either Dino or Robin Wood are. I scripted my way into it working for one target at a time. The problem? I did all the work on the Fon. You can see where this is going. At DEFCON 15, I brought my scripted up Fon to test it out in the shark infested waters (Wall of Sheep addition?). Got excited to be there, booted the Fon up in my room, connected to the Fon and change a setting. The Fon bricked. No proof that I had done anything, didn’t even get the chance to test it out.
I explained what had happened to my friend Darren Kitchen, and the project really sparked in him. He talked to the Killer Coding Ninja Monkey that I mentioned before, Robin Wood, and before you know it, the project was renewed under a new name “Jasager”, and this time with a better hand at the wheel.
What was the point of this history lesson? If you have idea, and someone else has done it. Take it to the next level, and if you don’t have the time, find a partner who does. Enough history, lets get some information.
Here is the home page of Jasager: http://www.digininja.org/jasager/index.php
HINT: Robin Wood’s main site, while lacking style has some things that you also want to check out. (digininja.org)
If you like reading, here is Darren’s blog post on how to get Jasager going
If you are more of a visual person, check out episode 405 of Hak5
And if you have problems or want to discuss options and configurations with other Jasager users, check out the Jasager Forum
Back to the Furture:
MITM (Man-In-The-Middle) attacks on computer systems have been around since the dawn of time. The natural (rapid) progression of security attacks made it guaranteed that MITM would hit Wireless just as hard. If you have ever talked on a CB Radio, you know the frustration when the kids with the high powered antenna start playing the Mortal Kombat soundtrack over the CB without letting up the talk button. This is a simple example of how Jasager works. It gets in the middle of wireless communications. How do you protect against something like that? I don’t know. I don’t believe that there is a protection for Jasager or Karma (again, released in 2006). Where is Jasager heading? I think that adding the functionality of Karmetasploit (H.D. Moore’s project) to a portable device and then maybe shipping that device like the guys over at Errata Security did with an iPhone, would be one dangerous route. Or putting it in a box like Richard Mogull did. Or in a wall like Larry Pesce did.
To the future? What if I could put this whole project on a USB stick that didn’t do anything but draw power so it could run Jasager + Karmetasploit? Maybe running it on the NeoPwn? The possibilities are endless with this project. For all those feed readers out there, you can keep up with the latest and greatest form Robin Wood and the Jasager project via their RSS feed.
-
Sorry, I have been having a few family issues. It will be out this week, and I will post here, my blog and on links.
-
well i'v got a problem booting redboot, when i connect to my putty, my putty dissapeared. i tried putty on port 9000 on telnet. and i switch on the fon connecting the ethernet to my laptop directly.
Try using the tool that is described in Darren's blog post. It's a automated tool that will catch the Fon in redboot and complete the process for you. All you have to do is specify the root fs and firmware
-
I am using Opera, and I think I have posted comments on one of your pages before, so not sure what is happening.
Everytime I posted it refreshed the page and nothing showed up. I figured you had to approve them first before they showed up, so I stopped trying as I didn't want to fill your blog with double posts.
Just tried it again and this time I get this:
Can you post exactly what you are putting in each field or just email me with it
-
Not sure if your blog gives a reply when comments are sent, but I see that they have to be approved before they will show up. So, if you get two from me, sorry, but I don;t think it went through, so I will just reply here.
PeID is a nice little tool for looking at an exe and finding what it is packed with, what encryption it may be using, and also to look at the strings. It also lets you unpack a lot of exe's, but can be dangerous as it can let the programs run to do this. It's nice to use it if you do not want to trace through a debugger and just want a quick way to look at the dll's it hooks to and the strings in the program.
I didn't see the comment come across for moderation. Any idea what the problem was? I'll post the reply.
-
I don't know if this really fits into this, but I'd love it if we could get some detailed how to(s) on installing these USB Goodies. Not simple things like programs, but you know, like the switchblade
All the info on the swtichblade can be found in the USB Hacks forum. These will all be programs that run from a USB with no installation, most without even needing administrative rights.
-
Ok, so now that the new season has started I have been getting a lot of requests via email, IRC and sheer volume of site hits for "Mubix USB" via google. So what I am going to do this year is a bit different. Instead of the just the tools I use I want to include the ones that you guys use as well (a.k.a. I'm being selfish and want all yo stuff). So tomorrow night (080912) I will compile a list of tools that I have updated, added, and removed from my last post and set up a new torrent. I will also take this chance to fix that poor excuse for a page I have.
To sum up everything I said above: I get it, you can stop kicking my ass to get it done.
Look forward to hearing what's new:
-
I had a guest blogger on room362.com today and I wanted to pimp his article as much as possible. Check it out at:
http://www.room362.com/archives/226-Runtim...the-cheese.html
He breaks down runtime packers so that anyone can understand them and get started trying them out.
-
-
That is just pure awesomeness wrapped in warm home-baked bread.
-
Is there any form of PWDump that does NOT require admin access to successfully run?
I'm not very familiar with the hacking tools... but I'm trying to learn.
Thanks!
Not really. This is due to the file it accesses, the SAM file, which is guarded by permissions that only allow administrative access. I welcome you to try out a program called Cain & Able and see what you can find.
-
quake live
in Gaming
Signed up and downloading. w00t! tomorrow it is GAME ON, who else got in?
-
Dude, Boris, it's a good script, especially if you integrate it with Evilgrade. Yes, rewriting links would be good too but then you are a lot more detectable. Now, if you can download, modify images into GIFs and rewrite links while adding execution to those GIFs. THEN you have something.
-
Ya'll are hardcore
-
Anyone using windows have the same problem?
EDIT: I am an idiot. Since I never use IE for anything other than testing stuff out through proxies, I forgot that AIR apps usually use the same settings as IE. IE going through non existent proxy = nothing on screen.
USER ERROR FAIL!
-
Everything is blank for me. No juju. Don't know what the issue is.
-
Use WiFi Assistant. It is in the "Internet" part of the menu
-
Some how my in-laws were finagled into buying me an iPhone so I will be getting one as well. I just have to deal with the crazy monthly bill.
-
It's a camera designed to watch for movement on the bed and start streaming to Ustream.tv under the name ItalyDormPorn.
-
true, it doesn't, you've me there
Mubix's USB Goodies
in Security
Posted
All done guys. Sorry for the delay. Life loves to give you everything all at once. Anyways, I'll have the list and links posted tomorrow. The time will probably be 9 PM EST, although with any luck I'll have them out sooner. Feel free to barrage my email (mubix@hak5.org) if they aren't posted at some point tomorrow.