JRE for Google Chrome Browser in BT5R2

Chrome is pretty much my default browser for BT5R2. Despite the fact that it refuses to be ran as root with out some tinkering, I have found it easier to operate in BT5 than Firefox. Firefox fights me at every turn when I try to get flash player, JRE, or anything else running. Chrome comes with flash player already operational, and getting JRE going isn't too tricky either. What follows is the commands I used in the CLI to get the JRE going:

mkdir /opt/google/chrome/plugins
cd /opt/google/chrome/plugins
ln -s /usr/local/jre1.6.0_17/lib/i386/libnpjp2.so .

 --note, if you use a different version of JRE or filepath, you'll need to make sure that the last line reflects this.

Essentially, all we are doing is creating the plugins folder for the browser, and then linking JRE to that file. The "-s" switch means that we're making a symbolic link instead of a hard link. When you're finished don't forget to test your work by visiting this website:

http://www.java.com/en/download/testjava.jsp

Update

I reread my first post and I noticed I said I would be posting how-to videos. I still plan on doing this but at the present time I am deployed to SE Asia. My internet is unreliable at the best of times, and at the worst of times it is clogged with idiots downloading crap they don't need. I am currently running a deauth attack against my network using mdk3 to clear up the bandwidth. (On a side note I consider it the epitome of poor etiquette to start a bunch of torrents on your PC then leave the area and go do something else while your downloads finish. You're clogging the internet for everyone around you and not being affected by your own actions).  I suppose I could of made a video on that. Unfortunately, the other problem with living in barracks is that is is incredibly noisy in here at all times and is just not an environment that is conducive to making an instructional video. For now I am content to publishing posts on how to trouble shoot various issues. You would think there would be more resources for the various issues that surround pen test programs and the BT5R2 distro itself. In my experience it is hard to find recent/relevant information. It can be difficult to dig down past the out dated forum posts from 2008 and script kiddies that think they're uber l33t for breaking their neighbors WEP key.

Bash Scripting Revisited

I wish I could say that this script represented a leap in my skill, it doesn't. However, much like my mon0.sh script it represents the cutting edge in functionality and laziness. I'm not sure how other people have burp suite set up on their BT5R2, but on mine I either have to use the GUI to navigate to the folder and double click the jar file, or I have to use the CLI, navigate to the directory and remember the entire command line from memory. Both of these seem like too much work, so I present to you the burp.sh script.
  

#!/bin/bash
cd /root/burpsuite_v1.4.01
java -jar burpsuite_v1.4.01.jar

As with any script don't forget to go back to the directory and run chmod +x to make it executable.

Penetration Testing Lab

Anyone aspiring to get into penetration testing/hacking either recreationally or professionally will realize rather quickly that they need something to practice on. Everyone, solves the what to practice with equation as soon as they see their friend using backtrack or watch a tutorial video on an attack. However, if you're interested in doing more than breaking your neighbors WEP key and telling your friends how l33t you are; you need a penetration testing lab that allows you to explore how deep the rabbit hole goes. This is where purpose built vulnerable Linux distributions, unpatched windows OS's,  and web applications come into play. Currently, I run my penetration testing lab on virtual box. I use virtual box's internal network feature to keep my vulnerable virtual machines off of the web so I'm not vulnerable to the same kind of attacks I'm practicing. I run metasploitable, metasploitable 2.0, windows xp sp3 with mutillidae 2.1.20, Owasp broken web apps, and a few different flavors of Linux.

 Setting up your own network is as easy as downloading. I will provide some links at the end of this post to get you started. All you have to do is follow virtual box's tutorial on setting up your DHCP server, install the virtual machines, configure the network connections to the internal network, and start hacking.

Addendum:
I would like to get a hold of a virtual machine with windows xp sp2, but so far that has been difficult. The virtual machine that I run right now came on a VDI and I have been unable to roll it back to SP2. Acquiring said machine would unlock an entire range of exploits to practice that are currently unavailable to me.
Metasploitable 2.0 comes with mutillidae, however, the version that it operates is 2.1.19 and doesn't seem to be vulnerable to the attacks that it should be vulnerable. Ironically this makes it broke. Hence my xp machine with mutillidae 2.1.20 which works perfectly fine.

Relevant links:
http://updates.metasploit.com/data/Metasploitable.zip.torrent
http://pirateproxy.net/torrent/7351991/Metasploitable_Linux_2.0.0
https://www.virtualbox.org/wiki/Downloads
I'll leave it to your imagination where you can aquire windows xp.
--------
Additional Vulnerable Boxes I have been unable to get to work myself:
http://www.linux23.com/torrent/damn-vulnerable-linux-1-5:03171b19d9be4de01746e73e73781334a60df848
http://code.google.com/p/hacktooldepot/downloads/list

I have had a lot of difficulty with these boxes and so far I have not been able to get them to install properly. Not for lack of trying on my part, but the DVL machine resists the fdisk process like a fat kid avoids the rope climb in gym class. The Ultimate Lamp machine, I don't even know where to get started on why that one is broke. Ultimate Lamp appears to install properly, but I cannot get anything on it to work. It is beyond my skills and patience at this point in time. If anyone could point me in the direction of a clean download for Ultimate lamp I would greatly appreciate it.

Metasploit SVN propfind update error

I think this is more fall out from my last apt-get update. I've encountered this error in the past, but I didn't feel like I had to free time to fix it until today. (Days off are limited out here).

This is what the error looks like:

svn: PROPFIND of '/svn/!svn/bc/15586/framework3/trunk/lib/gemcache/ruby/1.9.1/gems/coderay-1.0.6/lib/coderay/scanners/yaml.rb': could not connect to server (https://www.metasploit.com)

This fix is as follows:

cd /opt/metasploit/common/lib
mv libcrypto.so.0.9.8 libcrypto.so.0.9.8-b
mv libssl.so.0.9.8 libssl.so.0.9.8-backup
ln -s /usr/lib/libcrypto.so.0.9.8
ln -s /usr/lib/libssl.so.0.9.8

Run msfupdate again and enjoy.

Enable Chrome browser in BT5R2

I am currently deployed over seas so the posts to this blog have not come nearly as fast as I had imagined they would when I started this project. This post mostly serves as a reminder for myself on how to fix this issue next time apt-update update's my chrome browser. Anyways with out further adduce:

If you enjoy using BT5 and chrome, it probably didn't take you very long to realize that the two weren't made for each other. Chrome refuses to be ran in root, and well.... BT5 is all root all the time. This conflict can be overcame by making a small addition to the google-chrome file in you /urs/bin directory:

gedit /usr/bin google-chrome

Add: --user-data-dir
To the end of the file on the last line so that it reads like this:

exec -a "$0" "$HERE/chrome" "$@" --user-data-dir 

Save, close, and enjoy.