i'm very noob with linux OS
right now i'm using Windows vista as my default OS and as guest i'm using linux backtrack 3 through Vmware workstation v6.51...
my wireless adapter is Broadcom 4311 802.11 b/g WLAN

1.how to add my wireless adapter on vmware..?
2.if can tell me step by step ...plz

Given that your guest is that abomination Backtrack, I suspect you want it to see your wireless card as a wireless card. The short answer is you can't. The whole point of virtualization is that the "hardware" the guest sees is virtual. In VMware, the virtual card is a wired one, so you can't expose wireless functionality to the guest.

If you simply want to use your wireless card as the normal bridge to the virtual wired card, you do that when you run vmware-config.pl.

yeah...it's true ..
but on video i've watcth...the person in that video show me the wireless adapter are on her VM tab > Removable device > Realtek RTL 8187 wireless 802.11 b/g... the video is how to hack wireless network post by mushroomHEADBANGERS on youtube...

mine adapter was Broadcom 4311 802.11 b/g...

show me how exactly that he can configure his wireless adapter on his VMware...

It is probably a USB wireless adapter. Those might be able to be seen as a wireless adapter through the USB system.

hmmm..maybe thats is true...

by the way thanks man...

well,, i guest i have to buy a wireless adapter...

could anyone suggest a compatible wireless adapter on my laptop and detected by my VMware workstation...

mine was acer aspire 4715Z
wireless adapter is broadcom 4311 802.11 b/g
OS vista x86
intel dual core
guest OS is backtrack 3.

Though this is a dead thread I thought I would throw in a Necro post since ryodan777 was kind of enough to mention my video. The adapter I was using was an integrated adapter that came with my ASUS M2N32-SLI Deluxe motherboard. VMware's official statement in regards to network adapter compatibility is that it needs to be a USB device. Some integrated adapters do work though but it's VERY rare.

And Hangdog42, I'd hardly consider Backtrack an abomination...

Well, there is at least one thing we don't agree upon. If you hang around here long enough, you'll see a ton of people trying to use Backtrack and largely failing at the basics. My opinion is that true security professionals don't need something like Backtrack because they are perfectly capable of putting together the tools they need on their own. What Backtrack is largely doing is enabling skiddie wannabes by giving them access to tools they don't have the skill to use otherwise.

Hi,

I have to agree here with Hangdog42 about the kiddies. But the tools available on BT as a LiveCD do assist the knowledgeable person. It will also provide a useful toolset for people who are trying to become proficient at the task(s) by having central access.

But to have BT as a installation, not for me. My toolset is in the toolbox. If something is not there then it is either devised or gotten from other resourceful users. Sometimes polished to suit my needs then added to the toolbox.

I can understand your position Hangdog42 and it's a very valid point you have. It's still a well assembled distro and useful all around. If there is a specific task one would need to fulfill (IE: Forensics, Reverse Engineering/Debugging, Network penetration, etc...) then I completely agree but for someone with use for all of those, Backtrack would be an ideal and efficient choice. Granted, I don't think it'd be wise to have as a primary OS and/or installed on a Hard-Drive, the fact remains that it's not intended for that (Hence the removal of User-Account creation during setup).

I definitely know where you're coming from though in regards to people posting absurdly basic questions for a distro like Backtrack. That seems to be a shared frustration with most. Especially considering Backtrack itself is based off of Distro's that they should probably learn first before jumping right into a distro like Backtrack. I just don't think it's fair to criticize a very well developed distro like Backtrack primarily because of a vast number of "noob" user's you've seen use it. A lot of the same "noob" user's use other reputable distros and many advanced users use Backtrack as well.

Anyways, I would hardly consider myself a Linux guru by and means but just felt I'd voice my opinion

Well, again we don't agree. My main beef (but not my only one) with Backtrack is its inclusion of wireless cracking tools. My opinion is that those tools are completely useless in a professional setting. Any security professional worth their weight in warm spit knows that WEP is no security at all and you have to pay attention to what WPA encryption your using. Proving you can crack a wireless network does absolutely nothing for a security professional, but it does enable people with nefarious or mischievous motives. I think it is VERY telling that the questions about Backtrack here revolve almost entirely around wireless problems. Furthermore, the kinds of professional activities one might use Backtrack for are only useful in the context of an overall security plan. What I think is telling is that nowhere on the Backtrack site do they promote overall security. They focus exclusively on cracking, and that is a useless activity in and of itself. Heck, their site doesn't even include a forensics forum, even though they tout their forensics ability. Have you ever tried to diagnose a cracked machine? People need help, and lots of it, to get it right.

The bottom line for me is that Backtrack makes very poor choices about what tools it includes and how they operate their site. It would be easy for them to promote responsible use of Backtrack and promote security awareness and proper security procedures, but they don't. I do understand the point you and onebuck are making about the utility for professionals. However, for someone trying to learn security, they need to learn about overall security, not just penetration testing, and Backtrack doesn't even begin to help with that. Until they take steps to start increasing overall security awareness of their users and take a more responsible attitude about what they include in Backtrack, I will still consider them an abomination.

Hi,

Your premise is correct. But we cannot place our heads in the sand. I agree that the BT site and plan is not realistic when it comes to how, why and what to do whenever the system(s) are cracked. Yes, problems from a cracked machine can be catastrophic and very difficult to recover from. But if the security of the systems is initially setup with good recovery methods then the possibilities of lost time can be minimal. Hopefully things are initially tight without holes 'but'. That 'but' is the problem, as a professional one needs to know every possible variant or potential intrusion(s). The usage of tools such as 'BT' can benefit or utilize a means to identify potential problems. I won't depend on 'BT' alone but as utility to issues or potential problem areas along with other professional tools. Responsibility for proper security is a very heavy load.

I do agree that the mission statement is lacking for 'BT' but the tools are useful in the right hands. In some defense the script kidde can get just about anything to cause problems for anyone from a decent search on the Internet. It's not just the 'kiddie' that's the problem, they are but a big nuisance. It's the criminal cracker or black hat that is looking for economical gain that we need to stay two steps ahead of.

Your correct about the "BT' problems that are apparent on the forum but we in a sense can selectively refuse to assist if that individual requests assistance that seems to be wrong. In fact that would be against the LQ rules to aid someone to hack or crack a system. But if an individual is having problems with a wireless setup for personal access then some assistance can be rendered. But a suggestion may be given that 'Maybe BT is not the distro for you" statement would be justifiable. There's always going to be 'wanna be's' and sometimes that 'BT' user is just symbolic in the sense of status by usage. Much in the way some newbies jump on GNU/Linux to just say they are 'users'. Even though they maybe using nothing more than a DE on a GNU/Linux distribution.

But your are right with the responsibility of a 'BT' user awareness. With that statement I conclude.

Hm. We're actually agreeing on something. I haven't seen any flying pigs yet, but you might want to consider carrying the heavy-duty umbrella today........


Actually I think you're setting too high a standard here (although I'm sure I'd get some disagreement from real security professionals). I don't' believe it to be necessary, or even possible, for a professional to know every possible variant or intrusion. There are just too many of them. However, what is very possible is having in-depth defense and detection so that if an intrusion occurs, a sysop has an excellent chance of catching it and a way to recover from it. This is EXACTLY where Backtrack could make a difference, but chooses not to. Furthermore, there are lots of defensive tools that users could be putting in place that need more "publicity". Again, Backtrack could be an excellent resource for advice on system hardening since they have an engaged audience. Penetration testing only tells you about what was tested for, it can't tell you about new threats. So it seems logical that to defend against the unknown, you need a defense that is generalized, not just specific to any individual threat. I also think this is why penetration testing is of limited use by itself. It will always be lagging behind the bad guys and unless a user understands that, they are vulnerable.

That sounds rather biased to me. Yeah WEP is easy exploit and WPA can be as well but the very job of a good security professional is to not only to know how to make something secure, but also know how to access something insecure, this is how vulnerabilities, misses, and exploits are found. There are many methods of cracking and different preventive measures that can be taken. Rather then just trusting the settings applied, I'd rather verify through testing. Having a good set of tools to do just that from all angles can be beneficial.

Granted the may not explicitly promote having good security but it's pretty much implied. Backtrack isn't designed for setting up a secure network, it's designed to test and learn exploits to overall better security. So it pretty much goes without saying.

They certainly hope for knowledge to come from those that use the distribution. Hell they even have certifications for it (Even for WiFi exclusively):

http://www.offensive-security.com/in...certifications
"
Offensive Security holds it’s students to a higher standard than any other information security certifications today. It forces the students to show they truly learned the concepts, the skills and the knowledge and didn’t just memorize some answer to a few multiple choice questions.
"

As far as penetration testing goes, you can't just rely on one tool that does a specific task and assume all is well if it checks out. Having a variety of tools that perform differently can be essential at times. So many variables need to be taken into consideration to make decision on what tool to use. I'd rather have a vast array of tools (Just in case) rather then not enough to accomplish what needs to be done.

OK, explain how actually cracking a wireless network allows a professional to make a network more secure as opposed to paying attention to literature on the subject. My argument is that it is never necessary to crack a wireless network in order to understand the steps needed to make it secure. And for noob users, cracking networks actually doesn't help them in understanding security at all. They would be much better served by doing some research on how wireless encryption works and its vulnerabilities. Simply cracking networks only gives them some superficial "click here/Type this" knowledge that is pretty much useless as opposed to an actual understanding of the situation.

Bullshit. My take on their attitude is that it is entirely devoted to breaking into things and they've couldn't care less about the consequences. Enabling someone to break into a system should immediately raise the question "How to stop it" and Backtrack remains completely silent on this.

Just look at the name of that. "Offensive" security. Where is the "Defensive" security certificate? They are focusing exclusively, and in my opinion inappropriately, on one side of the issue.


And you're missing the overall picture. Penetration testing is completely and totally useless unless accompanied by the knowledge and skills necessary to establish defenses against these sorts of attacks. In fact, I would argue that penetration testing is ONLY useful as a test of established defensive measures. Simply enabling attacks doesn't get you anything, and in my opinion is more harmful than useful. Certificates like they issue potentially give people the idea that they know something about security, when they may only know one side of the issue.