debian linux


Have an old PC gathering dust? Use it for a Linux server! Linux runs great on older hardware giving it new life and it's easy to do. Just follow along with our guide pages and we'll walk you through installing the Debian Linux OS and setting up a network with the most common types of Internet and LAN servers all on one system. You'll learn some things about operating systems, networking, and the Internet in the process, and you may just have some fun along the way. Even if you have never worked with Linux before, you'll be able to use our guide pages to go from zero to "sysadmin" in no time, as well as get a solid start in the knowledge needed for the Linux+ certification.


Why Not Red Hat ?

Red Hat is in a tough spot. Most of their revenue streams are based on sales, support, and training while the open nature of Linux has resulted in thousands of freely-available Linux resources on the Web. Their survival depends on having a product that is proprietary enough to make you dependent upon them for upgrades and support. And now that they are a publically-held company they are under pressure to meet the expectations of Wall Street analysts for revenue growth and cash flows every quarter. (Did you think it was just a coincidence that they churned out new versions at an average of two a year?) In time, Red Hat's dominance will likely kill off smaller commercial distributions like Mandrake and TurboLinux and dealing with Red Hat will be no different than dealing with Microsoft.


Why Debian ?

Debian is the world's leading non-commercial totally free Linux distribution. Remaining loyal to the concept upon which Linux was created, it is produced by hundreds of volunteer developers around the world. Contrary to a common misconception, Debian is not for Linux gurus only. As a matter of fact, as you will see on the guide pages, its advanced package management system makes it one of the easier distributions for new Linux users to work with. Here are just a few of its advantages:

* Non-Proprietary: Debian is a true GNU/Linux distribution using the standard UNIX style commands. This ensures that what you learn today won't be obsolete in two years and makes it easier to also learn how to work with UNIX systems.
* Easy Maintenance: A seamless, totally-integrated package management system makes it easy to keep your system up to date and free of orphan files and incompatible products. Most dependent packages are handled automatically so you don't get the "Failed dependencies" error commonly encountered when trying to add software on RPM-based systems like Red Hat and Suse.
* Automated Patching: The Debian package system also allows you to use a single command to update your entire system (operating system and installed packages) over the Internet. This allows you to use a scheduler to routinely run a shell script to automatically update your system with the latest program, OS, and security patches.
* Extensive: Only free software packages (applications, utilities, etc.) are allowed to be included in the official Debian distributions, and the current binary distribution comes on 21 CDs or 3 DVDs because there are over 18,000 of them. With Debian, you don't have different "server" and "workstation" or "personal" editions. It's everything all in one.
* Support Options: Peer support is available through a community of listservs (mailing lists) and chat rooms. Replies to messages may even be from those who helped develop the product. And since you're likely not the first person to encounter a given issue, there are also searchable archives of listserv messages. If your company requires commercial support contracts fear not. Numerous for-profit support operations offer a variety of technical support options. With Debian, you don't have to worry about forced upgrades due to vendors dropping support for older versions.
* Minimal Investment: Debian's peformance is excellent even with the modest hardware requirements Linux is famous for. While most OSs require newer, faster, bigger hardware, Debian allows you to utilize those old Pentium systems instead of throwing them into a landfill. This, along with the fact that you can load a single copy of Debian on as many systems as you want, means you can set up a full-blown enterprise at very little cost.
* Reliable: Debian's focus on stability and reliability results in servers that you may have to reboot once a year, rather than once a month.
* User-centric: New versions of Debian are developed when major changes warrant one, not to generate revenues from upgrades. (You need only look at the version numbers of the various distributions to verify this.)

Debian disc images are available for download from www.debian.org. If you download the images, be sure to download the current "stable" release (get the "i386" set for an Intel PC system). However, downloading and burning 21 CDs or 3 DVDs takes some time and effort. You can also purchase ready-made DVD sets from Web vendors for around $20 with CD sets costing a little more. (We now sell CD/DVD sets to help fund the ad-free operation of this site.)

If you don't have a spare computer we've got good news. Linux doesn't need much. You can pick up a Pentium-III on sites like eBay for well under $100. A system with 128 meg of RAM and a 4-gig drive is more than enough for our needs. (If you have a network be sure to pick up a network card for it also. Used 3Com 3C905s are going for around $10.) If money is tight you could always just pick up a used 2-gig hard-drive and mount that in your current system (we cover this option in more detail on the Installation page).


Why Not Debian ?

If you're the type who likes to base your operations on the bleeding edge, Debian isn't for you. Debian's focus on providing a stable, reliable operating system across all hardware platforms means it will never be "first to market" with new bells and whistles. They are incorporated into new releases once the bugs have been discovered and worked out.


Why Us ?

First of all, No Advertising! With so many sites out there being so cluttered with banner and pop-up ads that it's down-right painful to use them, we wanted to keep your Linux learning experience free of such distractions. As an alternative, we have chosen to use Amazon book links and sell Debian discs and gear to try and raise the funds necessary to keep this site operating. We feel this approach offers a win-win situation in which we raise operating revenue and you get some great books, software, etc. in the process.

Secondly, Linux resources tend to fall into two categories; those for newbies that cover the basics but never get into the "fun stuff" like servers and firewalls, and those that do get into the fun stuff but assume the reader has a lot of experience with Linux.

We take the middle ground here, "fun stuff for newbies" if you will. We feel the best way to learn is by doing. So after covering the basics on the Linux Basics page, and getting a system up and running on the Installation and Packages pages, we dive right into the fun stuff. When you learn by doing and then buy some Linux books you'll better understand what's being presented and better appreciate the depth of the material.

Messin with BackTrack v.1.3


Saint - SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego - The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus - Tenable would not allow for redistribution of Nessus.

Kernel - 2.6.21.5. Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

Tools - As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.



General Info

* We have released a 784 MB USB / DVD image, as well as a stripped down 695 MB iso and a 689 MB VMWare image.
* Dual core issues have been fixed (mostly due to the new kernel - 2.6.21.5).
* Wireless card compatibility has maximized, and injection patches applied wherever possible.
* Xorg configuration scripts have been improved.
* Updated exploit repositories, updated metasploit exploit framework and dependencies.
* Get BT3 final Kernel Sources

Backtrack Oracle



The following short tutorial explains how to do a (limited) pentest against Oracle (8.1.7.4 –
10.2.0.2). This tutorial will be extended in the future…
The following tutorial explains how to do an Oracle pentest with Backtrack 2.0. I want to
thank the entire Backtrack-Team for this great collection of security tools and Max for the
collaboration.
Nowadays there are many Oracle 10g databases around. Oracle did a good job (but not a
perfect) hardening the database out of the box. Most tutorials still describe how to break older
8i/9i databases. Most of the older tools are not working against the new 10g listener. We will
show how to connect to an Oracle database, decrypt Oracle passwords, hack the TNS listener
and escalate privileges.
Questions and comments are welcome.
Nov. 2006 - http://www.red-database-security.com 1 / 19


At a glance:
1. Find the Oracle database + port of the listener (with nmap/amap)
nmap –v
2. Get the version number of the database (with tnscmd)
tnscmd10g.pl version –h
3. Get the SID/servicename (with tnscmd or sidguess)
tnscmd10g.pl status –h (unprotected listener)
sidguess host= port= sidfile=sid.txt
4. Connect to the database (with sqlplus)
sqlplus user/password@//:/
5. Check the database for weak passwords(with checkpwd)
checkpwd user/password@//:/
default_password.txt
6. Hacking the TNS Listener with tnscmd10g.pl
7. Escalating Privileges via sqlplus
a. dbms_export_extension
b. more coming soon.