Saturday, October 14, 2006

BackTrack v2.0 Public Beta Has Been Released!

Released a public Beta version today. Max and I have stomped out most of the bugs, and after s short testing period, we'll release the final. Send feedback!

http://www.offensive-security.com/downloads.html

Monday, October 02, 2006

McAfee Epolicy Orchestrator / ProtectionPilot Buffer Overflow

I've released a PoC exploit for McAfee Epolicy Orchestrator / ProtectionPilot last night.
This exploit was tested on Win2k SP4 / Win2k3 sp1.
McAfee were notified on the 14th July, and havn't managed to get it pacthed since.

Proof of concept exploit code is available at:
http://www.remote-exploit.org/exploits/mcafee_epolicy_source.pm

And a short article describing the exploit is available at :
http://www.remote-exploit.org/advisories/mcafee-epo.pdf

Monday, September 25, 2006

BackTrack John the Ripper (MPI) Cluster Server

I've been working on a password cracking cluster. I will be integrating this into the next version of BackTrack (which is currently under development). The general idea is to have a BackTrack CD with PXE capabilities. Computers can now boot from the network, and join the Cracking cluster.

For more info, check this:

http://www.remote-exploit.org/BTJTRMPI.pdf

Monday, May 15, 2006

Back|Track Security Final Release

After spending countless hours flattening out bugs - Max and I will soon be releasing the final version of BackTrack. Our estimated date is the 26th May, but of course, subject to change.

Check http://www.remote-exploit.org/index.php/BackTrack

We've decided to beta test the final release, and provide a limited download to our hardcore IRC users - just to make sure we havn't messed anything up. Several nice people are helping us host this iso. PLEASE GIVE FEEDBACK.

http://backtrack.mick27.info/iso/backtrack-final-18-5-06.iso
http://64.27.12.222/backtrack-final-18-5-06.iso
MD5sum : 14ebbbf7f914cc547fba995c513fa4bf

Metasploit on WRTSL54GS

After mucking around with my NEW Linksys router, a managed to get Metasploit Framework to run on it. More information can be found in the remote-exploit site:
http://www.remote-exploit.org/research/OpenWRTvsMetasploit.html

Unbricking a WRT54G

I bricked my WRT54G. T'was a sad day. Well, to be honest, I didn't exactly "brick" it, I had openwrt on it, with no "boot_wait", and i had forgotten the ssh password to it. It seemed like the only option I had was do build a serial console for it, and solder it to the WRT54G board - which made me shudder. After googling for a while, I found an interesting article describing an "unbricking" method which worked for me. The whole presentation can be found at http://www.trilug.org/talks/2004-09-wrt54g/Hacking_The_WRT54G_Presentation.PDF .
Apparently, this is a dangerous procedure, which can result in a completely DEAD WRT, be warned.