Thursday, December 13, 2007

BackTrack 3 Beta out!

Max Martin and I are ecstatically happy to announce that Backtrack 3 Beta is available for download.

We are all suffering from lack of sleep - we will make a public announcement about this tomorrow.

The images are currently being uploaded to mirrorswitch servers, and a torrent has been made available:

BackTrack 3 Beta ISO version (Stripped Down - 700 mb)
md5sum : 04ed8742fc8facd1ecc8c9f6f567c116
shasum : 70c33e0aa75a978b8a87a207bf488ecec8d10a87

BackTrack 3 Beta USB version (946 mb)
md5sum : bd0d8f507502787184b187f5a39288df
shasum : 853b80a77e3881e8084c797ba55077ead15f84ae

More info, howtos, changelogs etc will be updated on our wiki:

We need sleep.

Enjoy !


Monday, December 03, 2007

BT3 Beta ETA - 14th Dec 2007

I've finally managed to pull Max Martin and me out of the proverbial work cycle we're in - we plan to release the Beta on the 14th Dec 2007.
"Beta" means we think this version is stable and ready, and need final confirmation from the community before adding a few more modules and tweaks, and calling it a final.

There will be 2 releases of BT3 - a ~700 mb iso file, and a ~1 GB USB stick image. Compiz will NOT be included in the stock 700 mb bt3 iso. We have to fight for each MB on the iso...and compiz is far from being useful in a penetration test environment. We DO however plan to have compiz modules for download separately, and to add them to the 1 GB distribution.


Wednesday, September 26, 2007

BackTrack 3 in the oven!

Max, Martin and I have started working on BackTrack 3....and's sexy. I know I've said this before about BackTrack 2...but's sexy...sexier than ever before.
New shiny kernel, new patched wifi drivers, compiz working out of the box (so we can all pwn like r0ckstarz). We are planning on new public repositories for BT3 - for better support for updates and HD installs.

We still don't have an ETA for BT3...but one thing is for sure - it will be worth the wait! More info about BT3 dev to follow in the next few weeks.

PS - I've updated the offsec website with this BackTrack 3 Teaser:

Friday, April 13, 2007

Microsoft Bugs vs Features

I've been watching the developments of the "Word 2007" doc bugs fiasco. Its seems like Microsoft are calling these crashes "features" rather than bugs.;377659799;fp;2;fpid;1

I'm not sure if this is the result of IT security media contorting the infomation they recieve and presenting it in a provocative way, or if Microsoft are really trying to blow off these bugs as part of their application design.

To make things clear - The bugs that I released are proof of concepts which cause denial of service. In their current state, they do not present a real threat to Word 2007 users. However, having an application crash or consume 100% CPU on a machine due to malformed user input - is probably the most classical description of a software bug.

It also seems that there is no mention of the HLP heap overflow, which probably presents more danger than all 3 doc bugs combined.

Wednesday, April 11, 2007

Microsoft DOC bugs and friends

Wow! Who thought 7 lines of python could go so far.

A few days ago I released a few proof of concepts to full disclosure -

3 doc files which crashed my Word 2007, and a hlp file which when analysed looked like a classic heap overflow, with a twist or two.

It looks like there is some confusion by Microsoft - who for some reason are not able to reproduce these bugs -

I've recieved many mails from full disclosure members confirming the crash. Someone even mentioned Word 2004 crashing on OSX.

So just to make things clear - here are some screenshots of the crashes. I fully hope that Microsoft will find the resources to figure this out.

PS - The really interesting part is this... Does anyone remember the old HLP heap overflow condition ? -

It turns out, that by simply copy/pasting the OLD hlp file mentioned in the post and executing it on a fully patched XP SP2 machine one would have triggered this new heap overflow....QA anyone ?

Tuesday, February 13, 2007

BackTrack 2.0 Final Due End of Febuary

We have been working really hard on BackTrack 2.0 Final.
I managed to change kernels (twice), and I think I broke some sort of record in fuxxing up BT :)
Things are looking good however, with some nice features included into v.2.0 final. These are just a few:

* Updated to Kernel 2.6.19
* Broadcom Wifi drivers +injection (bcm43xx)
* IPW2200 Wifi drivers + injection
* RTL8180 Wifi drivers + injection
* RTL8187 Wifi drivers + injection
* Support for a wider range of Wifi cards
* Fixed BT JTR PXE Cluster Pack
* Added Metasploit PXE ninja
* Updated tools and packages

Things are looking extremely sexy, and we hope to have a final release by the end of Febuary.