Pen-testing using Backtrack and De-ICE under VMWare Fusion

Haven’t had an entry in quite a while, but tonight’s work on getting a little pen test lab setup got me to document the process, before I forget what I did 😉

So – objective: need to setup a virtual lab for pen-testing using Backtrack LiveCD as repository of penetration tools, and De-ICE LiveCDs as targets.

Problem: VMWare workstation uses a different network for the NAT option (vmnet8) than what De-ICE LiveCDs require with their pre-configured IPs (and NO, you cannot change the IP on the De-ICE LiveCDs at this stage!)

Solution: under the host terminal:

$ ifconfig

vmnet8: … inet …

$ cd /Library/Applications\ Support/VMWare\ Fusion

$ grep -R 192.168.109




Replace all 192.168.109… entries in those files (locations, dhcpd.conf and nat.conf) with the networks | IPs required by De-ICE LiveCDs (, setup the Backtrack and any De-ICE LiveCD VM as NAT and … good luck with the real work of pen-testing!


A brief update

Trying to build a little site as repository of consulting services offered by Network Fortius LLC. Still not decided which hosting company to use, so things may change. In any case – feel free to visit and, even more so, to contact us, if anything looks interesting to your [company’s] present infrastructure needs:

– Cost-effective solutions for SMBs, or high-end architectures for enterprise data centers and global networks and security

– Applications performance audit and optimization, as correlated to the underlying systems on which they run: network (local, global or Internet-based), servers, storage, etc.

And now what?

Having no time, at the moment, to sit through comprehensive writing on any subject (be it of professional, or personal interest), I would point out that I am trying to keep up with the dynamics of communications, in my area of interest, via micro-blogging, instead. So – if interested – please follow me (and I’ll follow you) on twitter – last 10 comments should be available on the right side of this posting (when the widget actually works)
I’ll try to come back here, once having something of more substance (and time) to document …

VMWare tools installation for Mandriva

I meant to write this post for a long time, but today my level of frustration having to carry out the process below, all over again (upgrade of vmware workstation to version 6.0.5 meant another version of tools to be installed to run my mandriva inside Vista) reached a point where I saved it – and here it is (your mileage in regards to version of either vmware, or mandriva kernel, or both, may vary, but the problem is there):


… — eventually the following comes up

What is the location of the directory of C header files that match your running
kernel? [/usr/src/linux/include]

The directory of kernel headers (version does not match
your running kernel (version  Even if the module were
to compile successfully, it would not load into the running kernel.

PROBLEM: different names used by mandriva in different places. Here is what we have, in the scenario above:

# ls -l /usr/src/linux

lrwxrwxrwx 1 root root 19 2008-08-19 08:55 /usr/src/linux -> linux-

NOTE the -1mnb

Now let’s do this:

# grep -r 1mnb /usr/src/linux

/usr/src/linux/fs/proc/proc_misc.c:     printk(KERN_INFO “Hook version: 2008/07/11\n”);
/usr/src/linux/include/config/auto.conf:# Linux kernel version:
/usr/src/linux/include/linux/utsrelease.h:#define UTS_RELEASE “”
/usr/src/linux/include/linux/autoconf.h: * Linux kernel version:
/usr/src/linux/include/linux/autoconf.h:#define CONFIG_KERNELVERSION “”
/usr/src/linux/Makefile:EXTRAVERSION = .7-1mnbcustom
/usr/src/linux/.config:# Linux kernel version:

It looks like we’ll have to change ALL occurences of the string “” in the files above, with what the info about the running kernel is, i.e. “”. So:

# grep -rl 1mnbcustom . |xargs sed -i -e ‘s/1mnbcustom/desktop-1mnb/g’



runs to completion!

VMWare Fusion & shared folder with Linux guest

Under guest (Linux) identify uid and gid:

guest$ id
uid=500(username) gid=500(groupname) groups=500

then adjust the /etc/fstab file accordingly, in the block added by VMWare software:
old: .host:/ /mnt/hgfs vmhgfs defaults,ttl=5 0 0
new: .host:/ /mnt/hgfs vmhgfs defaults,ttl=5,uid=500,gid=500 0 0

lastly umount and remount hgfs:

guest$ sudo umount /mnt/hgfs
guest$ sudo mount /mnt/hgfs

securely saving kmail critical info to an USB key

This is what I have done on my macosx system for this:

1. created a directory for what I deem to be critical files (emails and configuration) on my system:

~$ md /<path-to-mail-backup-dir>/mail-backup

2. created a script able to update the backup directory, from the major ~/.kde place, tar and encrypt (using openssl and a password file to be passed to the encryption process) the tar file, then moved the encrypted file to the mounted USB volume (generically named “NO NAME” in the example). The script file is:


cd ~/.kde/share/apps/
rsync -avz ./kmail –delete /<path-to-mail-backup-dir>/mail-backup/
rsync -avz ./kabc –delete /<path-to-mail-backup-dir>/mail-backup/
cd ../config/
rsync -avz ./kmailrc* –delete /<path-to-mail-backup-dir>/mail-backup/
rsync -avz ./emailidenti* –delete /<path-to-mail-backup-dir>/mail-backup/
cd /<path-to-mail-backup-dir>/mail-backup
tar -cf mail-backup.tar /<path-to-mail-backup-dir>/mail-backup/
openssl des3 -salt -in mail-backup.tar -out mail-backup.tar.des3 -pass file:/<path-to-password-file>/password.txt
mv -f mail-backup.tar.des3 /Volumes/NO\ NAME/
rm -f mail-backup.tar*

kmail, firefox and macosx

Need to document how to configure firefox launching from within kmail, as none of the “obvious” (googled) options worked:

X11 –> terminal –> kcontrol –> KDE components –> Component chooser –> Web browser –> enable “in the following browser” and add this line:

open /Applications/

The problem is that the only answer having come up close to the above was indicating the line to be:


recommendation from an old posting on the subject, but which option leads to a “complaint”, if firefox is already running: “A copy of firefox is already open …”