Backtrack Team: Virtual Machine

Affichage des articles dont le libellé est Virtual Machine. Afficher tous les articles

Asterisk Tutorial For Beginners- Trixbox Tutorial

VoIP or voice over IP (Internet protocol) is now become a next generation communication medium, VoIP is a method of transmission and the infrastructure of VoIP based on IP network. There are so many advantages of VoIP but this is not the topic of our article. Asterisk is a wonderful software that has been designed to make your computer a communication server, it is an open source software means available free of cost. Trixbox is based on asterisk project and it is an alternate of PBX. This is going to be a series of tutorial in which I will show you how to install trixbox and how to configure and how to make your first call.

How to Install Trixbox on Virtual Machine?

Lets build an IP based network for communication based on Trixbox, in this tutorial I will install Trixbox in a virtual machine and the software known as virtualbox. Go and download the latest version of virtualbox and trixbox.

Create on the New button of virtualbox to start wizard, click on the next than enter the name and operating system configuration for your trixbox.

Allocate a memory size 512 MB is enough for this job.
Than it will give you two options, whether create a new hard disk or use existing hard disk. Create a new virtual hard disk for this purpose.

When it will ask about virtual disk storage type there will be two options like dynamic allocated and fixed size. Choose dynamic allocated because whenever your server require more HDD (hard disk drive) space it will automatically give more space

Than the next windows will ask you about virtual disk file location and size, it is fine to leave the location by default and 8 GB memory size if enough for startup.

On the next windows go through from each and everything than click on the create button so that it will create a virtual space for trixbox.

Now after creating the space you will need to install trixbox on it, as you have downloaded ISO image of trixbox from the website mentioned above. Now all you need to do right click on the trixbox icon of your virtual box than click on setting.
In the setting panel click on storage than empty than browse the downloaded ISO image.

On the next step click on setting than network than enable network adapter and choose bridge adapter so that this virtual machine will connect to your network.

We have successfully setup all these stuffs now there is a need to start this virtual machine.

Click on start to start the virtualbox, it will automatically boot trixbox because we have launched it on the previous step. Hit enter at the boot menu so that it will go further.

The next window will ask you to choose your keyboard layout, choose whatever you want.
On the next step you need to choose your zone, use Tab button to move cursor and hit OK.

On the next window you need to be very careful because it will ask about the root password, enter a password and do not forget it, hit enter.
Now you need to wait so that it will complete the installation. It will take some time depends on your computer speed.

When all the installation will complete it will restart if not than restart this virtual machine.
On the next start it will show the start menu than you need to be wait so that it will ask about the password, enter the right password that you have created on the previous step.

Next article of this series will be publish soon.
Main image source.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

by Malik korrich ~ vendredi 23 décembre 2011 0 commentaires

Virtual Machine Security - VMware Security Hardening

Virtual machines are very common in the enterprise and even for home user, most common virtual machines are VMware and virtual box in both machines security is an essential part. Security of a virtual machine is also important as the security of host machine. There are different Hardening tips are available for virtual machine (VMware) and in this article we will discuss the basic security tips for VMware.

Virtualization is complex and there are many moving parts. I can not speak to all the details of hardening a VMware environment but I can speak to the minimum things to consider when installing or maintaining a VMware environment. For more advice, look at these documents:

A Typical ESX Environment

A typical ESX environment will have one or more ESX servers connected to a shared storage system such as a fiber channel or iSCSI SAN. Each ESX server will have one or more guest operating systems, each with VMware tools and a myriad of applications installed. This can be seen in the figure below:

In this environment there are three major areas of concern: the storage system, the ESX servers, and the guest operating systems.

Storage Systems

Four things to think about with storage systems are data availability, traffic isolation, the security levels of the ESX servers sharing the storage systems, and which ESX servers are allowed to see which data sets.

Data Availability

Whatever storage system is used, fiber channel or iSCSI, ensure there are multiple data paths between the storage system and the ESX servers. This includes dual controllers on the SAN, dual switches, redundant power sources for the SAN, and dual host bus adapters (HBA) on the ESX server. It is not enough to have a single HBA with dual ports, two HBAs are necessary. Before the system goes into production, testing should be done to ensure a single device failure does not prevent the ESX server from accessing the data.

Traffic Isolation

Traffic isolation is of particular concern in iSCSI systems because they use the same basic infrastructure as a standard network. All iSCSI traffic should be segmented from the rest of the network traffic to prevent an attacker from sniffing the iSCSI data. I am not a fan of using VLANs to segment traffic of differing security levels and always recommend physically segmenting iSCSI traffic from the rest of the network.

Shared Storage for ESX Servers with Differing Security Levels

ESX servers in differing security levels are configured and maintained differently. An ESX server setup as a lab environment is not going to be hardened to the same level as an ESX server holding the companies production systems and those two ESX servers should not share the same storage. An attacker who gained access to the weaker ESX server could use it to attempt to gain access to the production data on the shared storage system.

Share Data Volumes with the Appropriate ESX Servers

On a typical SAN, multiple data volumes are configured and each one is assigned a SCSI logical unit number (LUN), which is used to uniquely identify that volume. The SAN can then be configured to only allow specific HBAs to access specific LUNs. As an example, in a group of ESX servers only two of those servers may need access to the LUN that holds the HR data, the SAN should be configured so only the HBAs in those ESX servers have access to the LUN with HR data.

Conclusion

As stated earlier there are three major areas of concern with a production VMware environment, the storage system, the ESX servers, and the guest operating systems. I will discuss the latter two in upcoming blog entries. For now, remember to configure and test multiple paths to the data on the storage system, to isolate iSCSI traffic from the rest of the network, to keep ESX servers of differing security levels from sharing the same storage system, and to only share data sets with the appropriate ESX servers.

About the Author
Stephen has over ten years experience in the information technology field working as a programmer, technical trainer, network operations manager, and information security consultant. He holds a Bachelor of Science in Math and a number of industry certifications, including the Certified Information Systems Security Professional(CISSP), Offensive Security Certified Professional(OSCP), and GIAC Penetration Tester(GPEN).

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

by Malik korrich ~ mercredi 9 novembre 2011 0 commentaires

Damn Vulnerable Linux & App - Tools to Practice Hacking

Penetration testing and ethical hacking is a fast and growing field, there are so many student and learner around the world wants to learn penetration testing and some of them enrolled in different courses like CISSP, CEH and Cisco security. Practice makes a man perfect a famous proverb that is also applicable in the field of information security. So many people are using virtual machines to practice penetration testing but there are different tools and software are also available that give you the feature and learn and practice hacking.

Yes I am talking about Damn vulnerable application, different tools like damn vulnerable web application and Linux has been created for the sake to practice the penetration testing in ethical way. Below is the list of some tools that has been designed for hacking.

Damn Vulnerable Web Application

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

It is a best platform to practice web application hacking and security.

Damn Vulnerable Linux

Unix based Linux operating system is now become the most famous OS in server side, Linux seems to be most secure and reliable OS so if you want to practice your skills for Linux environment Damn vulnerable Linux is for you. Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

Hacking-Lab

This is the LiveCD project of Hacking-Lab. It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox).
The LiveCD gives you OpenVPN access into Hacking-Lab Remote.You will gain VPN access if both of the two pre-requirements are fulfilled.

HackXor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.

Web Security Dojo

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

WebMaven

WebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.

by Malik korrich ~ lundi 10 octobre 2011 0 commentaires

Trixbox Tutorial for Asterisk- Virtualbox

Asterisk is a open source telephonic project that has been developed by the open source community and it can turn a computer into a communication server. Asterisk can be used as a VoIP gateway, it can do all the stuffs that an PBX do. Call detail recording for accounting and billing, Routing and call handling for incoming calls, Media management functions (record, play, generate tone, etc.). In short asterisk provide a complete telephonic platform for cheap calls.

So in this article we will configure trixbox for asterisk, but now the question what is Trixbox? Asterisk need some software's and hardware to implement the open source communication server or VoIP server.

What Is Trixbox ?

Trixbox is a IP based solution for small and medium business, there is a two version of trixbox available one is open source (free) while the other is for commercial purposes (need to purchase). Trixbox is based on asterisk project.

How to configure trixbox for asterisk project ? This is the main objective of this article and in this article we will cover how to install trixbox on virtual machine (Vmware, Virtual box).

Trixbox Tutorial- Asterisk

On a vary first step you need to download trixbox download the latest version in ISO.
Start your virtual machine, in my case virtual box (virtual box tutorial).
Create a new virtual machine
Name of the virtual box is trixbox and select your OS
512MB of memory is enough for trixbox
Make sure to check on dynamic expanding storage
Now select the HDD memory 8-10 GB is enough
Now finish this setup

From this point we need to configure our VM for Trixbox, follow the tutorial below.

Click on the setting button from main window
From the left side select Storage and on the right under IDE Controller choose Empty and click the folder icon.

Now from virtual media manager click on add and browse trixbox ISO image on it than click on select.
You have just created the boot-able CD-ROM for your trxibox and you have to set network for trixbox, on the setting panel click on the network than enable network adapter-->attached to-->bridge adapter
Its time to start and install trixbox from the main panel click on start, you will get the trixbox boot screen.

The later steps is very easy just select your keyboard layout, your time zone, create a password for root account.
Its almost done just reboot your VM and than unmount the boot-able CD-ROM.

After reboot you will the welcome screen hit enter than after some time you will get the screen to enter password for root user.
You are done enjoy your trixbox, more tutorial realated to asterisk and trixbox will publish soon.

Credit

by Malik korrich ~ samedi 24 septembre 2011 0 commentaires

Virtualbox- Setup Windows On Linux Backtrack 5

Virtual machines allow to run different operating system on a single box, A virtual machine is a program that run in an isolated partition on real computer(machine). As the name suggest virtual means it is not real, operating system install on VM do not run on real hardware. There are different software's available for visualization, i will discuss virtualbox for this article.

If you are using Linux or windows and want to create another virtual environment for another operating system, for Linux like Ubuntu based follow the tutorial below.

First of all download the appropiate version of virtualbox, in our case virtualbox for Linux host.
If you are using backtrack 5 than it is based on Ubuntu 10.04 LTS ("Lucid Lynx") download the file.
After downloading open terminal locate the directory of the file and use the command to run the package.

sudo dpkg -i filename.deb

After extraction use the command below to start installation.

sudo apt-get update
sudo apt-get install virtualbox-4.0

Now its time to open the VM program, click on Application-->System Tools-->Oracle VM VirtualBox
Click on New button the wizard will start, click on next than it will ask about the name type of operating system.

Than it will ask you to set the memory 192MB is recommended, than click next.
On the next window choose "Create new hard disk" and click next.
Than follow the wizard to create the virtualbox, and than insert windows CD/DVD to start installation.

The overall procedure to create a virtual machine on Linux is same as described above so if you want to create a virtual environment of ubuntu and the other version of backtrack even other distribution of Linux, use the same procedure but keep in mind you have to download the virtualbox package to look after your Linux kernel.

by Malik korrich ~ jeudi 14 juillet 2011 0 commentaires

KisMAC- Wireless Security Tool For MAC OS

As discussed so many topics for both Linux and Windows operating system, now this article will talk about the Wireless LAN (WLAN) security tool that are available for MAC operating system. This article is linked with the series article of Wardriving. Wardriving a act of searching/locating and exploit a access point.

If you are a close user of MAC operating system so this tool is for you, KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Kismac is a replica of netstumbler for windows and Kismet for Linux, the overall idea of wardriving is same click here to learn.

You can get and install Kismac on your MACbook and start driving the concept of gpsd is same.

It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.

KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning.

Key Features

Reveals hidden / cloaked / closed SSIDs
Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
Mapping and GPS support
Can draw area maps of network coverage
PCAP import and export
Support for 802.11b/g
Different attacks against encrypted networks
Deauthentication attacks
AppleScript-able
Kismet drone support (capture from a Kismet drone)

Cracking Support

Bruteforce attacks against LEAP, WPA and WEP
Weak scheduling attack against WEP
Newsham 21-bit attack against WEP

Download

Tutorial

Wardriving- Wireless LAN Hacking

NetStumbler A Wrieless LAN Detection Tool

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

by Malik korrich ~ dimanche 15 mai 2011 0 commentaires

Virtual Machine

Introduction

A virtual machine is a program that run in an isolated partition on real computer(machine). As the name suggest virtual means it is not real, operating system install on VM do not run on real hardware.

When you install an operating system on a virtual machine and that OS tries to communicate with the hardware,

Virtual PC intercepts the communication and responds just as real hardware would.

A Virtual Machine uses virtual hard disk, it creates a virtual hard disk for this purpose you can format and make partition of this virtual hard disk like a real one.

Advantages

Multiple operating system can run simultaneously on a single computer.

Do not need to boot other operating system

High availability and Secure

Since the operating system is on virtual state no virus can affect your hardware.

Do not required multiple hardware for multiple operating system means low cost.

Disadvantage

Slow than the real computer

Less efficient

A virtual machine may also be a group of computers that work together to create a more powerful machine. In this type of machine, the software makes it possible for one environment to be formed throughout several computers. This makes it appear to the end user as if he or she is using a single computer, when there are actually numerous computers at work.

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

by Malik korrich ~ samedi 15 janvier 2011 0 commentaires

Asterisk Tutorial For Beginners- Trixbox Tutorial

How to Install Trixbox on Virtual Machine?