Slashdot Mirror

Celarent Darii writes "Slashdot readers have undoubtedly heard of Google Docs and the many other online word processing solutions that run in the browser. However, as a long-time user of TeX and LaTeX, these solutions are not my favorite way of doing things. Wouldn't it be nice to TeX something in your browser? Well, look no further, there is now an online collaborative LaTeX editor with integrated rapid preview. Some fantastic features: quasi-instant preview, automatic versioning of source, easy collaboration and you can even upload files and pictures. Download your project later when you get home. Are you a TeX guru with some masterpieces? Might I suggest uploading them? For the beginner: you can start here."

Attila Dimedici writes "I came across a an article this morning that suggests that the Nook and the Kindle have changed things in such a way that schools are becoming obsolete. His premise is that the ideal way to teach children is by a tutor ..., [and] the Nook and the Kindle have allowed large amounts of written material on many different subjects to become accessible enough that parents can tutor their children at a price that just about everyone can afford." The author is a bit off-base on the nature of the public schooling, but easy access to resources like Project Gutenberg and Wikibooks certainly removes some barriers to self-study and the limitations of the 20+ child classroom.

eldavojohn writes "The Metasploit Framework has come a long way and currently allows just about anyone to configure and execute exploits effortlessly. Metasploit: The Penetration Tester's Guide takes current documentation further and provides a valuable resource for people who are interested in security but don't have the time or money to take a training class on Metasploit. The highlights of the book rest on the examples provided to the reader as exercises in exploiting several older versions of operating systems like Windows XP and Ubuntu while at the same time avoiding triggering antivirus or detection. The only weak point of this book is that a couple chapters refer the reader to external texts (on stacks and registers) in order to meet requirements for crafting exploits. The book also gives the reader a brief warning on ethics as many of these exploits and techniques would most likely work on many sites and networks. If you're wondering how seemingly inexperienced groups like lulzsec constantly claim victims, this would be an excellent read." Keep reading for the rest of eldavojohn's review. Metasploit The Penetration Tester's Guide author David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni pages 300 publisher No Starch Press, Inc. rating 10/10 reviewer eldavojohn ISBN 978-1593272883 summary A thorough guide to penetration testing with the Metasploit Framework. In 2007, Metasploit was migrated from Perl to Ruby. The book opens with a brief history of the framework and mentions this but does not address any complaints of performance loss. Instead, the authors argues that this increased contributions and adoptions. As a result, all the code in this book (which the exception of some SQL payloads) is written in Ruby. If you don't know Ruby but you know many other languages, it's a fairly simple language to pick up.

The first chapter of this book clearly indicates that the objective is to empower white hat hackers and researchers. They lay down a predefined set of phases that one takes while pen testing a target. They are Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation and Reporting. Chapter two covers the terminology that is used across the Metasploit Framework so if you're unfamiliar with concepts like 'shellcode' or 'payload' this chapter will set you straight. It also mentions a UI for Metasploit called Armitrage but my personal tastes kept me using the minimal MSFConsole and MSFcli.

Chapter three begins to cover intelligence gathering and covers everything from the basic whois tool to writing your own custom scanner. The chapter does a great job of carefully explaining in detail the difference between passive and active scanning. The stealth TCP scan that nmap provides was a new thing for me and the chapter also details how Metasploit can use several database technologies to record and store the results of your scans to be used later on. The chapter shows how to use Metasploit to scan ports, server message blocks, MS SQL servers, SSH servers, FTP and simple network management protocol sweeping. Most of these techniques are a few quick commands in Metasploit's console and with Ruby mixins the chapter illustrates how to write your own scanner for use in Metasploit in about 20 lines of code. But all of this is just to get a grasp of what's up and running on the server.

Chapter four starts to get interesting with actual vulnerability scanning. Banner grabbing is an important technique in pen testing and the book suggests using NeXpose community edition (also a Rapid7 tool). This is covered in more detail in the appendix but NeXpose is a web GUI interface for scanning, storing and managing site scans. This provides great reporting features, it's intuitive and reduces everything to point-and-click for the user. But luckily this tool can also be run from the console (something I preferred). The chapter also covers another popular scanner called Nessus and shows to import the results to Metasploit for use. The chapter also includes noisy options like SMB login scanning or just looking for open VNC or X11 servers. Mentioned here first (but also frequently later in the book) is Back|Track for connecting to such targets. Something neat about this chapter is that if you don't care that your target knows you're attacking them, you can just move from these results collected with NeXpose, Nessus or OpenVAS and drop them into the 'autopwn' tool in Metasploit. It's three commands on the console and apparently works more often than it should.

Chapter five familiarizes the reader with the MSFConsole and its basic commands like showing all the exploits, payloads and targets available in the Metasploit Framework installed. These are constantly updated and maintained so they often change. With that information, the chapter proceeds to step the reader through an exploit in a Windows XP SP2 (MS08-067) and then a Samba exploit in Ubuntu 9.04.

Chapter six spices things up by introducing Meterpreter that extends the Metasploit Framework to serve a shell to the exploited system and from there perform additional attacks. The chapter shows how to brute force an MS SQL server and use the stored procedure xp_cmdshell to gain remote access. Meterpreter has a lot of neat features like keystroke logging, capturing screenshots and dumping password hashes (including the pass-the-hash technique). Simple commands in meterpreter can allow the user to easily and effortlessly accomplish many things: privilege escalation, token impersonation, pivoting to another system, process migration, killing antivirus software, system scraping, the list goes on. The chapter finishes by briefly mentioning an intriguing tool called Railgun that I wish they had spent more time on.

Chapter seven covers avoiding antivirus detection through tools like msfencode (to avoid your exploit being fingerprinted). Even better is encoding it many many times. If you know what antivirus your target uses, you can simply run the antivirus on your encoded exploit on your local machine to see if it's picked up. The chapter also covers the basics on continuing normal execution of a backdoored executable and packers that compress an executable for you with decompression code built in.

The book gets progressively more technical with chapter eight focusing on client side attacks. The chapter covers the NOP slide technique and also introduces the Immunity Debugger. It covers the Internet Explorer Aurora Exploit (MS10.002) as an end of chapter exercise for the reader to do. Chapter nine takes a quite look at Metasploit's auxiliary modules that allow the user to do many other things than just exploits. They run through the source of a mischievous Foursquare Location Poster that can make you appear to be everywhere on Foursquare. They also cover heap spraying attacks in web browsers — a topic that was particularly discomforting for me considering how long I often leave my browser open for.

Chapter ten was probably one of the more boring for me but a very important tool for pen testers. It shows how to turn the Metasploit Framework into a social exploitation tool that can be used to send templated e-mails to distribution lists. The intent of this, of course, is to get one user in a large company to click on a site that looks like their company's homepage and perhaps enter their credentials. By just selecting from lists of options, you can create java applet exploits that appear to be legitimately signed, clone a website like gmail and harvest credentials, tabnabbing, webjacking, man-left-in-the-middle and finally mixing those all together in a multipronged attack. The next chapter is just more exploits via Fast-Track (an open source Python based tool that builds on top of Metasploit).

Chapter twelve covers Karmetasploit, a Metasploit implementation of the wireless security tool Karma. The strategy of this exploit is to present your machine as a wireless access point. When a user connects, you can use karmetasploit to host fake webpages and grab their credentials or even gain shell access through a client side attack. Knowing how frequently people attach to anything in coffee shops and airports, this sort of attack could be particularly brutal and extremely easy to execute given Metasploit's simplicity for users.

The final chapters do an okay job of showing you how to first build your own module for Metasploit in chapter thirteen. Then in fourteen, the book looks at building your own exploit and goes into detail about fuzzing applications on your local machine and using the Immunity Debugger to look at what's happening given the fuzzed input. What follows is a lengthy discussion of the Structured Exception Handler (SEH) and the Next SEH (NSEH) and how you can manipulate registers and utilize JMPs to hit a NOP slide into your shellcode. This is one of the longest and most complicated chapters with probably the most technically intensive writing. I would like to see further editions of this book expand on things like this as it was important for me as a software developer to understand how these attacks are manufactured.

Chapter fifteen was similar to fourteen but showed how to port exploits to the metasploit framework. This chapter covers more so the general guidelines for writing exploits for the metasploit framework and doing it so that you leverage metasploit's flexibility. Chapter sixteen covers the scripting abilities of meterpreter and customizing that to execute further exploits once you have access to a target machine with meterpreter.

The final chapter brings the key steps together for a simulated penetration testing of a preconfigured system with web server (the book lists the Pirate Bay as a source of this torrent). As you work through this chapter, the phases of pen testing are exercised with all the aforementioned strategies employed.

This book was a real eye opener to read for a software developer. I haven't done formal pen testing aside from testing my own code so a lot of these advanced concepts were new to me. I enjoyed how the code was laid out with circled numbers marking code (instead of every line being numbered) that were referenced later in the text. I hope future editions of this book provide progressively more and more material as there's clearly a lot of sections that are condensed into a few paragraphs but could be expanded upon almost endlessly. I'm glad this sort of tool didn't exist during my younger more mischievous years as this book demonstrates that it could be used for gaining access to just about anything (depending on how much free time and skill you have).

You can purchase Metasploit: The Penetration Tester's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Grooves writes, "A new initiative spearheaded by a University of Georgia professor aims to produce a library of 1,000 wiki textbooks by tapping the collaborative power of wiki. Inspiration for the project came from a computer science course that wrote its own textbook on XML when no suitable commercial offerings were available. From the article: 'The Global Text Project will work a bit differently from most wikis. Each chapter of each book will be overseen by an academic with knowledge of that field. Although the site will allow anyone to make changes, these will not become "official" until an editor signs off on them.' Textbooks free as in speech, and beer? Sign me up."

By Leon Shiman, X.org -- X11R7.0 is the first release of the complete modularized and autotooled source code base for the X Window System. It is the first major version release of the X Window System in more than a decade. X11R6.9, its companion release, contains identical features and uses the exact same source code as X11R7.0, but uses the traditional imake build system. (Read the rest of the announcement below) These changes in source code management, which give openness and transparency to the source code base and employ current technology, invite a new generation of developers to contribute, building on the long tradition of the X Window System. The new modular format offers focused development and rapid, independent updates and distribution of tested modular components as they are ready, freed from the biennial maintenance release timetable.

X11R6.9 is comprised of many distinct components bonded in a single tree, based on imake. X11R7.0 splits that set of components into logically distinct modules, separately developed, built, and maintained by the community of X.Org developers. This simultaneous release gives a transition point for developers, builders, and vendors to adapt their practices to the new X.Org modular process.

X11R7.0 supports Linux and Solaris at this time, with other support pending. X11R7.1, the first modular roll-up release, is scheduled mid-2006. While the monolithic tree will continue to be fully supported and released, new feature development is expected to concentrate on the modular code base.

The X11R7.0 and X11R6.9 releases are the work of more than fifty volunteer contributors worldwide, working under the release management team of Kevin Martin (Head), Alan Coopersmith, and Adam Jackson, with the support of Red Hat, Sun Microsystems, and the unsupported, generous contribution of effort by Adam Jackson.

All X Window System Releases are available from ftp.X.Org and mirror sites worldwide (see http://wiki.x.org/Mirrors). They are distributed under the MIT ("X") License by the X.Org Foundation LLC. Information concerning organization, activities, and mailing lists can be found at www.X.Org. Membership is free and open to contributors. Sponsorship is encouraged to support the global activities of the X.Org Foundation. Current X.Org Sponsors include Sun Microsystems, HP, IBM, StarNet Communications, AttachmateWRQ, Hummingbird, and Integrated Computer Solutions Incorporated [ICS].

In continuous use for over 20 years, the X Window System provides the only standard platform-independent networked graphical window system bridging the heterogeneous platforms in today's enterprise: from network servers to desktops, thin clients, laptops, and hand-helds, independent of operating system and hardware.

* LINUX is a registered trademark of Linus Torvalds. "Solaris" is a trademark of Sun Microsystems. All company names are trademarks of their registered owners.

-------------------

Have an important announcement or article to share with Slashdot readers? Send the complete article (or a proposal) to roblimo (at) slashdot (dot) org.