BackTrack 3.0 Final released
We finally released BackTrack 3.0 !!! For this release we have 3 versions: CD, USB (extended
tool-set) and a VMware image.
We have slaved for weeks and months, together with the
help of many remote-exploit'ers to bring you this fine
release. As usual, this version overshadows the previous ones
with extra cool things.
Saint
SAINT has provided BackTrack users with a functional version of SAINT,
pending a free request for an IP range license through the SAINT
website, valid for 1 year.
Maltego
The guys over at Paterva have created a special version of Maltego
v2.0 with a community license especially for BackTrack users. We would
like to thank Paterva for co-operating with us and allowing us to
feature this amazing tool in BackTrack.
Nessus
Tenable would not allow for redistribution of Nessus.
Kernel
2.6.21.5. Yes, yes, stop whining....We had serious deliberations
concerning the BT3 kernel. We decided not to upgrade to a newer kernel
as wireless injection patches were not fully tested and verified. We
did not want to jeopardize the awesome wireless capabilities of BT3
for the sake of sexiness or slightly increased hardware
compatibilities. All relevant security patches have been applied.
Tools
As usual, updated, sharpened, SVN'ed and armed to the teeth. This
release we have some special features such as spoonwep, fastrack and
other cool additions.
Availability
We will be releasing an internal "IRC pre release" version of BT3F for
final testing and identification of possible blunders...and shortly
after that we will have a full blown release.
Final Requests
We request the community to not mirror or torrent this release, or
otherwise distribute it online without our knowledge. We are trying to
gather statistics about bt3 downloads. If you would like to mirror BT3
then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.
If you would like to add a link to BackTrack downloads to your
website, please use http://www.remote-exploit.org/backtrack_download.html as the download
link.
Rants
Problems, fixes, bugs, opinions - should all end up in our Remote
Exploit community forums, and our wiki:
http://forums.remote-exploit.org
http://wiki.remote-exploit.org
Over and out,
Muts, Max, Martin
Latest News
Offensives Security Courses in the US From the creators of the award winning security distro, BackTrack comes an intense, 5-day live security certification course. Join us in one of our four locations with limited seats for this amazing new offering from Offensive Security. Click here to register and save your seat now!
New Exploit - Novel eDirectory HTTP DOS Muts discovered another neat DoS in the Novel eDiretory HTTP Server. You can download his exploit from our advisories section.
New Exploit - Mcafee EPO 4.0 (and others) FrameworkService.exe DOS And again MCafee. This time a DoS. You can download his exploit from our advisories section.
Advertisements in BackTrack 3
We now offer your company the possibility to place
advertisements within BackTrack.
See the Services page for more information.
BackTrack 3 Beta Released
We are happy to announce that BackTrack 3 Beta is available
for download.
Just check the download
section.
Happy Birthday to muts.
World first: 27Mhz based wireless security insecurities - "We know what you typed last summer"
|
Today we announce together with Dreamlab Technologies (http://www.dreamlab.net) another world first.
Although the trend in wireless communication in peripheral devices such as keyboards and mice is moving towards Bluetooth,
market leaders such as Logitech and Microsoft rely on cost-efficient, tried-and-tested 27Mhz radio technology. Using just a simple radio
receiver, a soundcard and suitable software, the remote-exploit.org members Max Moser & Philipp Schroedel have managed to tap and decode the
radio frequencies transmitted between the keyboard and PC/notebook computer. Although manufacturers of wireless keyboards partially prevent
data from being tapped by using cryptography, unfortunately the encryption is weak and thus does not offer real protection. During the test,
we succeeded in eavesdropping traffic from a distance of up to ten meters. With the appropriate technical equipment, larger distances are possible.
Checkout our advisories section for a presentation, the white-paper and a demonstration video of the attack.
|
|
New Exploit - Apple QuickTime 7.3 RTSP Response Vista / XPSP2 Universal Ooops he did it again...he play'd with your songs..you lost control again :-). You can download his exploit from our advisories section.
New Remote Exploit - IBM Tivoli Storage Manager Express CAD Service Remote Exploit Muts did a great work again. You can download his new remote-exploit from our our advisories section. This release is also available as a exploit Module for Metasploit.
BT3 is progressing Well as usual, just a minor news post about the BT3 development. We had some other work to do, so we where not able to keep up with the desired shedule. Please forgive us. But we promise you will get something nifty out of the wait
Mirrors changed Germany has got a new law that forbids distribution of "hacker tools" so we had to remove the german mirror from the BackTrack downloads. Thanks to Secaron and Pascal, we have two additional mirrors
Bugfix release announcement & Donation request We just like to mention two more things today. First the good one: We are currently working on a bugfix realease for backtrack and its dvd release. Now the bad one: We may ask the community to donate to our projects please, we have to buy stuff and finance our costs by ourselves and the amount of donation money we get per release is not traveling slowly to about 100-150US$. I think this is rather lousy if you know that we have a multiple of 10'000 people downloading that CD every release. Don't be a sucker and start donate. Now! It's easy, just hit the button and donate.
A Warm Welcome To Our Newest Team - Youngster Andreas Naepflin did join the remote-exploit.org team and works on some interesting stuff. For today he has just released his first practical reversing tutorial on manual unpaking and manual resource extraction. He will release a series of small guides in our research section and got some nifty stuff in his pocket. But this is enough teasing for today.
IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit Muts invested quite some time on a working remote exploit for the latest Lotus Domino bug. Get the release in our advisories section.
Mercur Messaging 2005 SP3 IMAP Service Remote Exploit Mercur IMAP4 servers < SP4 do have a bug, Muts wrote a remote exploit code which takes advantage of it. Get the release in our advisories section.
Busting The Bluetooth Myth Today we published a research paper about the widely spread myth that bluetooth sniffing requires a special type of hardware to achieve the required hopping speed in ordner to sniff raw bluetooth traffic. Checkout the research section to download the pdf.
BackTrack Wins Innovation Award 2006/2007 At the Cebit 2007, the German computer magazine "PC Professionell" hand over the innovation award in the category OpenSource to the remote-exploit.org team for their BackTrack product. For us it is a great pleasure to see that our product is not only accepted by specialists all over the globe, but also mainstream did recognize its potential. You can find some pictures from the happening at http://picasaweb.google.com/max.moser/PCProfessionellNomination.
BackTrack 2.0 stable released It's taken us almost 5 months to pull ourselves out of the beta stage. Every time we thought we were done, a new idea or improvement would surface, and we just *had* to implement it. Many features were added, and many of the old (yet persistent) bugs were fixed. We honestly believe that BackTrack v 2.0 Final is the leanest, mind blowing and sexiest version to come out and hope that you enjoy using it as much as we did making it.
SIPcrack-0.2 released SIPcrack now supports HTTP digest authentication for all methods, proxy-authorization, qop, cnonce, and the whole sniffer part was rewritten and cleaned up.
New Website up and running
As you can hardly see, our fancy and kicking new website is now up
and running.
Besides the new layout we now offer commercial services
and courses, check them out in the above menu.
New release: Bluebugger New software released: bluebugger, a tool that implements the bluebug attack.
Wyd updated to 0.2 wyd 0.2 is now released. Fixes in HTML parsing, new modules for openoffice documents, jpegs, etc.