Theory…

The project came out of pure theory… “Why can’t I make WEP more secure? I have the resources..” WEP is cracked using a replay attack. All attack methods boil down to the same thing; you are replaying a packet that makes the router give you a nice, fresh, shiny, new IV. I won;t get into what exactly it is, you can learn more from wiki or Aircrack-ng.org Pure math is used with statistics in cracking the WEP key after gathering enough IV’s through something called “votes” in Aircrack-NG. After being on the Offensive side of wifi, I decided to try and stop myself… literally.

What I used was a single box on the LAN that had both a wireless device (that can inject packets, in monitor mode) and a wired device right into the LAN. I set up an extra wired device to SSH to the Box as it didn’t have a monitor.

The whole concept of this application is that a device is listening for ARP packets on the LAN. I used TCPDump and set it to listen ONLY for ARP requests using something similar to the following:

tcpdump -nne arp -i eth0

There’s an awesome, very detailed guide to tcpdump HERE: Linux-IP.net I then have the output go to a file by using a bent pipe.

tcpdump -nne arp -i eth0 > file.txt

Then I created a process that reads the file and clears it out every 3 seconds. If it sees more than, say 20 ARP packets in it, then you known you have an attacker. Here is a simple Perl script that will read the file and check for the attacker:

#!/usr/bin/perl -w
my $sendmail = "/usr/sbin/sendmail -t";
my $n = 0;
scanner();
sub scanner {
open (LOG, "file.txt"); # don't die!
while () {
if ($_ =~ /ethertype\sARP/) {
@line = split(/ /, $_);
$ATTK_MAC = $line[1];
$n++;
}
}
if ($n > 0) {
attack();
}
}
$n = 0;
close FLE;
sleep 3;
scanner();
sub attack {
open (SNDML, $sendmail);
print SNDML $reply_to;
print SNDML $subject;
print SNDML $send_to;
print SNDML "Content-type: text/plain\n\n";
print SNDML "You have an attacker! from MAC: $ATTK_MAC";
close(SNDML);
system "aireplay-ng -0 0 -a -e -c $ATTK_MAC ";
}
# Done.


Now there’s some flaws in the code, I’m sure, I just wanted to give the gist of what this exercise is about. That isn’t the actual code, just an example written by memory. The actual application wouldn’t start DDoSing the first MAC address it saw, it’s a bit smarter and pushes the MAC’s into an array. Also an attacker can spoof his MAC to a legitimate client, and you would be DDoSing a legitimate client! If you have a list of white-listed MAC addresses, you can stop the attack without DDoSing the legitimate client. What you could do is simply flood the air with non-existent MAC addresses, ALL of which don’t do anything but hide your legitimate clients. Another way is to use MAC filters in your AP. If your AP is linux based, all of this can run right from the AP (router) and you can even go so far as to putting the routers WLAN interfaces down temporarily.

Even still, this is a security breach, and you just received an Email saying you have an attacker with the MAC address! What are you gonna do now? Obviously go into the Lab/work/home and track the machine or cause down, before bringing your network back up.

I tested this whole thing out one day. I brought up the AP with WEP, I setup a legit client, and I ARP replayed to get the IV’s. The Machine attacked me and disassociated me and de-authenticated me instantly. Then is when I realized that if I added the:

aireplay-ng -1 999 -q 10 ...

to the aireplay-ng command, that I can re-authenticate with “keep alive” packets. This is when I added the -0 (go forever) to the de-authentication command in the beginning of this paper. You can only go so far though. Once the attacker realizes that he/she has been made, they would probably leave though. You can visually inspect the area around the Lab/work/home, call the authorities, etc.

I don’t give up…

I think I have found a solution, and that is to temporarily drop ARP requests from all MAC addresses that start broadcast flooding using arptables. This is a temporary fix and should give you enough time to secure your WLAN until the attacker gives up or leaves!

Extra steps…

Flood the air, obfuscate where your real client are to an attacker, MAC filters, DHCP client that has a finite amount of addresses to offer (ALL IN USE) = 3 machines, 3 IP’s and that’s it. The WEPGuard, hidden ESSID, HTTPS for the router configuration, ARPtables to drop ARPs from $ATTK_MAC MAC addresses, re-act swifty to the emergency Email sent out by the WEPGuard, know who to call in case of a wireless penetration attempt is detected, and stay cool.

~Douglas.

I was lucky enough to have the extra cash to sign up for WiFu a course offered by Offensive Security at: WiFu I won’t go too much into detail, it’s a course – if you want more details – take it!
The registration process was painless, but took a while as the authors Mati and Thomas, use your real ID to avoid piracy of his work. For $350 they give you a couple hours worth of videos (SWF files and an HTML controller file) and a 400+ page PDF. I watched the video’s which focused very heavily on WEP and ARP replay (nothing really too hard). They are all watermaked with your personal information (Name and address) to avoid piracy, which isn’t bad, but get’s a bit distracting while watching the videos. And I am past the halfway point of the PDF. The PDF is very, very detailed and goes down to the packet level of information. Mati does an outstanding job at showing you exactly what the protocol is doing, what is in the actual packets, and more. There’s tons of information in the PDF that I never knew. I am now quite familiar with a lot of acronyms used in the WiFu field, and feel like my WiFu skill *does* in fact have “better karma.”

This is only part one of my review, as I will add a part two after I schedule and take the exam. The Exam, according to the website previously posted, consists of 4 AP’s in which you must ascertain the network encryption keys for, using pre-setup BT3 machines in the lab. I am quite excited to do this, actually. Remoting into a machine to break another networks key? That’s awesome! I just hope I can get VNC access, so I dont have to ssh a bunch of times to get different terminals!

I will finish the 2nd part of the review after I complete the exam. So far, I feel quite lucky to have the opportunity to learn more about WiFu from the experts over at OffSec.

This is out of the ordinary for my posts, but it is still technology related. I learned on a Chinese abacus, and would recommend it to any new beginner to the subject. In this tutorial you will be taught how to create a Chinese Abacus.

The abacus has been around for centuries Wikipedia. It is more than just a kids learning tool, it is a calculator and a computer. Doing simply multiplication problems in your head using single digit integers is easy, i hope. So, something like 9 * 5 should be easy to instantly figure out right? On an abacus you actually have to move the number nine into the device 5 times, which can be pretty tricky.

It seems almost inefficient, and for said applications it is. Anyone can simply use a calculator or their cell phone to figure out the multiplication if they somehow forgot it and save tons of time. But doing it with an abacus is like solving a puzzle problem. You stimulate your brain in ways that the television, or reading out loud, or even doing math on paper can’t.

I will show you how to create a professional, sturdy abacus using supplies from your local craft store. What you need: dial rods, beads that have wide enough holes for the dial rods, a frame (large enough to house 9 of your beads vertical and a support beam, and as many rows as you like horizontally (at least nine). Shadow boxes work perfectly. Mine had plastic in it, that I had to break out, so if you do this, be careful! A square dial rod (not spherical), wood glue, drill or dremel tool, and patience.

First I cut the support beam:

It should be just a tiny bit wider than the inside length of the frame, so it needs a tiny amout of force to get into the frame (slightly supporting itself by adding a small amount of stress to the frame).

Now, squish it in there, leaving as much room as you can for the dial rods to pass through the frame:

Now measure out evenly how you would like to space out the the dial rods, keep in mind that your beads shouldn’t be touching and the more room you leave between them, the more uncomfortable it is while doing calculations. In the picture below you will see two marks in the wood, one for spacing between beads, and one for centering the dial rods, right in the center of the frame, from front to back.

This will show me were to drill. Do this to both the top and bottom of the shadow bow (or frame).

And here’s how I came to that size, i left a small amount of room between beads, and measured from center hole to center hole:

Next, you can drill out the holes. Make sure you use a drill bit with a wide enough tip to make a hole big enough for the dial rods to slide through. Slide the dial rods through, then break off the ends leaving a small amount of slack:

Now we can use a pencil to lightly draw where in the support beam we want to drill holes. Simply grab a pencil and stand the device upwards as if you are looking down on it like so, and draw where the holes should be:

Once you have the holes drilled, push the support beam back into the frame using a little force and then start threading the dial rods with the beads. The beads should be 2 on top and 5 below. These are the “Heaven” and “Earth” beads respectively.

Now simply trim the edges of the dial rods and use wood glue to to set into any excess holes, or spaces. and let dry.

Once dry, you can start doing calculations on the Abacus. You can do binary operations with the heaven beads, or multiplication with all of the beads, hey, it’s up to you! You can even use it instead of doing crossword puzzles or sudoku to get brain stimulated. With hands on and math, you can exercise your brain to where you can do huge math problems on the abacus really quickly. I hope you enjoyed this and I’d like to see pics if anyone makes one from this tutorial!

I read this this morning, with one eye as i lied in bed after my alarm went off and though, “oh, I know this far too well.”

http://linux.slashdot.org/story/10/04/19/233259/Adding-Some-Spice-To-nix-Shell-Scripts

My Linux distribution, WeakNet Linux Assistant, was originally called “Assistant” because I learned Perl/Tk. Perl/Tk was my new ability to make scripts and other peoples programs and such, into a GUI based program to “assist” those who hate the terminal. Since it’s first release back in like 2008, it has gone through many, many, dramatic changes, and should actually be called something else. That is for another topic though even yet. Let’s get back onto course, shall we?

Perl/Tk. My experience falls into Solaris, Linux (Debian based distributions), and FreeBSD. Installing Perl/Tk on said distributions is quite simple, try in Debian based Linux:

apt-get install perl-tk

if not found, try:

apt-cache search perl | grep tk

Or in WeakNet Linux:

acs perl | grep tk

This should find the application and you can simply install it with it’s name. On FreeBSD simply open terminal and cd into the ports tree /usr/ports/ and do

find . * | grep perl | grep -i tk

and that should find a directory. cd further into that directory and type

make && make install

If any errors arise, you will need to be-friend Google’s search engine, or simply install Debian. (I am not very fond of Googling FreeBSD Ports errors). On Solaris you can install the package from the site: http://www.sunfreeware.com/ simply type:

pkgadd -d
Or try the BlastWave pre-compiled app: http://www.blastwave.org/ Solaris is insanely fun and I miss it. Anyways, once it’s installed you can now add:

use Tk;

to your Perl applications and make GUI’s for them! It’s like creating an object, in OOP when making a window or “widget” as they are sometimes called. Here is an example of a Hello World GUI app that simply is a “spiced up” shell script:

#!/usr/bin/perl -w
use Tk;
my $mw = MainWindow->new(-title=>"Hello World!", -background=>"black");
$mw->geometry("300x300+100+100");
$text = `echo Hello World!`;
$mw->Label(-text=>$text, -foreground=>"green", -background=>"black")->grid(-row=>"0", -column=>"0", -sticky=>"w");
MainLoop;

And that’s it. Here is a screenshot of the output I did on WNLAv4:

Let’s go through a few lines for those who may not understand them. Our “script” was ran by the Perl interpreter, when it saw the back ticks: `echo Hello World!`; This could have been anything. In fact, you can even run a command that gives multiple lines as output pushed into an array, and run a foreach loop on each element in the array to display the output.

$n = 0;
@array = `ping -c 5 google.com`;
foreach (@array) {
$mw->Label(-text=>$_, -foreground=>"green", -background=>"black")->grid(-row=>$n, -column=>"0");
$n++;
}

This would make a “Label” for each line of output and display it on our Window “$mw.” The arguments given to the “geometry” line are as follows: widthxheight+pixelsfrom top+pixels from left. This will adjust the size and placement of your application. The next line we will cover is the “$mw->Label” line. This creates a “Label” or just text on the application window. If you specify a background color for the whole window, as I did in:

my $mw = MainWindow->new(-title=>"Hello World!", -background=>"black");

Making it black, You need to specify the background for each label to be the same color, or if you want the text highlighted a different color and not match, change it. The ‘-foreground=>”green”` argument is the color of the text. Then we have our “MainLoop” call, which simply says, the widget is complete.

The “->grid();” function is something that allows you to place the items (labels, text entries, pictures, etc,) into your application in a row/column matrix style layout. This way they down overlap and you can specify spacing and how you exactly would like to layout the window. -sticky=>”w” means to stick to the west or left side of the screen.

I would seriously recommend installing Tk, and trying this application out. It is insanely simple, especially for anyone who knows Perl and *nix scripting. It’s just an added step. After doing this for years now and making hundreds of GUI applications, the syntax is now burned into my head and I rarely ever have to reference code in Google, but it’s a good thing to do when you are new to this and you don’t have the $50 to drop on the O’Reilly book. :S

Please note that this is a very limited example. The extent to which Tk travels is far beyond a simple weblog post. There can be radio buttons, check boxes, file open buttons, graphic buttons, graphic backgrounds, text boxes, large text areas, tabs, menus and more. If you scripts require input from the user, you can use input boxe[sn] and submit buttons. Use the “-textvariable=>$newvariablename” in the $mw->Entry(); Text entry form, and a submit button that calls a sub routine &start; like so:

$mw->Entry(-textvariable=>$text)->grid(-row=>"0", -column=>"0", -stucky=>"w");
$mw->Button(-text=>"START!", -command=>sub{ &start; })->grid(-row=>"1", -column=>"0", -stucky=>"w");
sub start {
print $text . "\n";
}

Or something to that effect. You can use interpolation with backticks, so you can put variables right into the statement:


#!/usr/bin/perl -w
$lol = 'w';
@who = `$lol`;
foreach (@who) {
print $_ . "\n";
}
exit;


You can read more about Tk anywhere online, by searching Google. Here are two papers I have written about introductory coding:
Introduction to Perl – covers some Tk.
Making Tk based Splash screens for applications.
If this is what you mean by spicing up your scripts, I would definitely recommend buying the O’Reilly book (even from Amazon.com to save $$).

Here are some Tk applications I have made recently:

~Douglas.

I get asked a lot about regular expressions. Well, ever since I praised them on Taming The Electron episode 1, I seem to get asked more and more. One thing I seem to have trouble explaining is Backreferencing.

When you use regular expressions, in egrep to find specific lines, you have the option of using parenthesis to group together your expressions. Say we want to find each line that has three letters, a space, then three letters again. Any letters. I would use:

egrep '([a-z]{3})\s([a-z]{3})'

See how I had to write the same text between the parenthesis twice? Well, when you use a set of parenthesis in regular expressions, most of the time, a variable is made for each set. So if ([a-z]{3}) were a successful match, then it would be assigned to the variable “1″ To access “1,” you simply escape the variable. “\1″

So now, we can write egrep '([a-z]{3})\s\1' rather than re-write the regular expression in parenthesis, we can write “\1″

See the image above? You can see what text was actually matched. Were people get confused, while teaching, is what value is actually assigned to “\1″ Can you guess, by examining the picture above? Everything that is green is matched and our regular expression says “any letter 3 times, followed by a space, followed by the variable 1″…

Our value of 1 changes for each line that is put through egrep. The first value of 1 becomes “cat” when line 3 of file.txt is passed through egrep, the second line to match, line 5, assigns “bus” and the third, line 6, assigns “car” to “\1″

Now we can see that the value of 1 is the matched text, NOT the regular expression! Look at it at another angle: ([a-z]{3})\s\1 is equivalent to: ([a-z]{3})\scat for line 3, ([a-z]{3})\sbus for line 5, and ([a-z]{3}\scar for line 6.

~Douglas

Sometimes, things just don’t want to work. Sometimes, days go by and you seem to be around the world’s “most broken” computers. I find myself arguing with people about Apple products more than not. In fact, I hate talking about them at all. So I am withdrawing myself from opinions for now. I work for Apple indirectly. I am certified to work with their portable machines, Desktops, and OS X(any version).

I was given the task to transfer data from an old iBook G4 to a new MacBook 13″ white unibody. Usually, this would be an easy procedure, right? Hehe, anyways, The new MacBook Unibody 13″ White does not feature FireWire. What does that mean for me as a technician? No Target Disk Mode. The iBook does, BTW.

Let’s try Migration Assistant, you know, the data transfer application that utilizes lame little 10/100 ethernet ports. Yeah, no dice, I don’t even remember what the errors were, they were too cryptic and stupid.

Alright, I’ll take apart the old iBook and take the drive out and place it into an external enclosure to the fresh install of the system. No dice; The little keyboard “lock” in the center of the keyboard was stuck and wouldn’t budge. I am sure the person wouldn’t care if I broke the tab, but I really didn’t want to. I wanted Apple’s garbage hardware to start cooperating.

Hrmm, what to do.. Oh yeah, OSX has a built in FTP server! Let’s try that!

1. On the fresh install go to preferences and file sharing, then enable the FTP server. This only works if you set a password and didn’t leave it blank when installing the OS.
2. Open up Terminal on both machines and set static IP’s to each ethernet port, yeah the lame 10/100 on the iBook will severely slow this process down.

2a. Become “root” and get a “bash” shell:
sudo su
bash

2b. Set IP’s and same netmask:
on MacBook:
ifconfig en0 10.10.10.1 netmask 255.255.255.0
on iBook:
ifconfig en1 10.10.10.2 netmask 255.255.255.0

3. Now, let’s create a tarball of the whole User directory:

cd / && tar vcf Data.tar /Users/*

This will produce Data.tar in the / root directory.
4. Now, let’s upload that to the new MacBook:

ftp 10.10.10.1
( put in username, put in password, (you will be dropped down to the /Users/ directory of which ever user you logged in as.))
put Data.tar

** now wait a long time…
5. untar the tarball you uploaded to the MacBook:

tar vxf Data.tar

** wait a long time.

6. Done.

That was refreshing. No broken parts, no lame software. etc. Make sure you put the en0 device down, or more than likely, it will simply reset when you plug the machine into a working network that offers DHCP. This solution was easy to come by, as I walked away from the problem and took a deep breath. That really helps when you get frustrated over poorly designed hardware and software.

Hard drives are going bad a lot on older white MacBooks. This is most likely due to the thickness of plastic used by the Apple for the palm rest. The Palm rest is the only thing between your heavy hand and the disk that is spinning at 7200 RPM. (Squeezing or putting pressure on the disk while it’s reading, or infinitely worse, writing to a disk is devastating and could make your precious, pirated data irretrievable.) Not that it matters to anyone, but my opinion includes the thought that Apple HAS NOT created “The World’s Most Advanced Operating System.”

Linus has.

~Douglas.

Well, Here is a new puzzle i took part in that I would like to share with you. A Windows XP SP3 machine came to me today with a problem; no applications would load and the wireless “green lines” icon was missing form the task bar. I was also informed that she had to run her applications “indirectly” to get them to work. Hrmm. Firts is first, boot it up and see what’s wrong.
I start up the machine and realize that the networking icon is missing. I try to right click on “Computer” in the start menu and click “Properties” to get to the Device Manager to check the adapter settings. No dice; “Run32DLL.exe is missing” Wow, I never saw that before? I try iTunes and Office links on the desktop and sure enough, EXE association is once again, gone.

I grab my flash drive and put the .REG reg fix on it for EXE association under XP. I then realize that Windows Explorer won’t load. ??? Isn’t that the Desktop itself that I am using? TskMgr.exe won’t load, obviously, so I can’t actually check. MsConfig won’t load, nothing at all. I need to put the REG somewhere on the local drive and get a working shell in CMD to run it. I then reboot to get into safemode with command prompt, no dice; hangs on MUP.SYS Now what? Oh yeah, Windows Recovery Console. First, since I have no faith in Microsoft, I boot into Linux and copy my .REG EXE association fix (you can get that BTW), to her desktop and umount the drives and reboot. I get to the desktop and double click the .REG file and it says “this has been successfully added to the registry, no dice; reboot to find EXE still not working and Run32DLL.exe is still gone.

Release date will be May 5th. The newer kernel (WEAKERTHAN) supports injection with Ath9k, but there are still a few downfalls from this. I have a lot more to offer with this release, I have every WiFi application and driver working i could think of. I have a new Technicians Area for Windows Registry repair, Forensics, and Malware analysis with code that I have written and tested on many machines. I have a MUCH faster boot time. New default user is now “root” UID0 for ease of use when using Networking applications and such (may need to su at prompt after boot, but installs will use login and root). Pyrit for dual / quad CPU’s and ready for compilation for GPU drivers. Lot’s of penetration and password utilities, WPA and dictionary / BruteForce file creation and more.

I coded my own Network Manager as I hate “WICd” and “Network-Manager” I am not sure why a second daemon needs to be running on top of the DHCPclient daemon??? This includes WPA help, WEP help, and can be accessed right from the Dock. The Dock doesn’t have security applications in it any longer, those are ALL accessed from the desktop menu (right clicking on the desktop(which has more than 200 security apps at this time in development!)). The Dock has normal user apps, like volume, xmms, gqview (picture viewer), file manager pcman-fm, google chrome, shutdown, terminal, and a few more.

I kept FluxBox and made terminals and fonts much cleaner and the Theme is now Blue not Green / Black.

I guess the biggest improvement is definitely the kernel and added functionality for pentesters.

I have tested as much hardware as I have available to me, Ralink (RT73 is dead, RT73USB injects at high rates), B43XX Broadcom AirForce One Injects at an amazing rate, Ath9k injects with the SR71e, Ath5k injects with the old Apple Airport cards, and I still need to add support for Intel based cards (I have one, I just need to install it. Intel injection sometimes requires recompiling of 80211eee kernel modules, which iis scary, when you know they work flawlessly with all other vendors. Now that Broadcom injects and supports monitor mode, Intel seems to be falling behind anyways.

I am proud to announce that WNLAv3 Lite was downloaded 27 thousand times from my web server alone.

If you have anything to add to this new release, please submit code ASAP, release date is less than a month away. I made this release date early for the arrival of summer, and my House is being rebuilt after the fire, so i kinda want it out of the way. I have been keeping a log at Tully’s ZDE (www.zerodayexile.com) Forums, if you’d like to join, there much to learn from there and everyone is willing to help!

Thanks for all the help and support from everyone in the (very idle as of late) Google Waves, hope to hear from you soon!

~Douglas.

This morning, Tully brought up an awesome point; the lighttpd that comes with Ubuntu will not start as the user “root.” In fact, it will fail with the message:

"I will not set uid to 0\n"

This is from 4 if statements in simple C code. All you have to do is re-compile the server after commenting out or removing the if statement lines. Root, or UID0 is needed to do networking tasks and kill processes and such right from your web browser. Let’s edit that code!

The live CD has all of the caches aptitude crap removed for space, so we have to update our database for apt-get repositories:

apt-get update

Let’s remove the old version of lighttpd and all of it’s config files, etc:

/etc/init.d/lighttpd stop && apt-get purge lighttpd && rm -rf /etc/lighttpd

Now, you need two dependencies for building the source code yourself:

apt-get install libbz2-dev libpcre++-dev

Now let’s get the source and put it into a clean directory:

mkdir /devel && cd /devel && apt-get source lighttpd
cd Lighttpd-*
cd src

Change the * to whatever version you end up getting. Now that we are in the src directory, let’s search the source codes for the string “I will not”:

grep 'I will not' *
which yields (at the time of this writing):

server.c: "I will not set uid to 0\n");
server.c: "I will not set gid to 0\n");
spawn-fcgi.c: "I will not set uid to 0\n");
spawn-fcgi.c: "I will not set gid to 0\n");

Now, just edit those two files and comment out the if statements. You can even just simply change them like so:

if (pwd->pw_uid == 0) {
fprintf(stderr, "%s.%d: %s\n",
__FILE__, __LINE__,
"I will set uid to 0, because you are God.\n");
#return -1;
}

cd back into the main source directory and run

./configure && make && make install

Now you should be able to simply run the executable and specify the config file. You may need to copy the config files and init.d files to the right spots, as make install doesn’t really do much. all of these config files that you need are right in the debian folder that is created when you run make in the Lighttpd source directory. Try testing out the new server with the user root:

/usr/sbin/lighttpd -f /devel/Light*/debian/lighttpd.conf

run ps aux and see root is running the new server!

~Douglas

Another part of my day to day is simply trying to retrieve data from dying hard drives. Drives that fail short tests, or S.M.A.R. tests are common amongst anyone who does not back up their work it seems. What’s the first thing I do? Boot into Linux. Why? Because of Windows Explorer’s poor file management.

Have you ever taken out a drive from a pre-existing Windows machine and plugged that into the computer via USB enclosure? It usually mounts fine, unless the damage is far too thorough, but sometimes you get a nasty “Access denied” message while trying to access the user’s directory. If you are using XP, I am sure there’s a way to chown or chmod the whole directory tree, but when you do that in Windows 7, or Vista, it takes an extremely long time. Extremely long time. Sometimes, it just stops before it finishes and the process PID is still there yet, the application is doing nothing at all. Nice.

If you mount the drive in Linux and cp the files from it to, say, a folder on your normal users Desktop, the process is much quicker and there aren’t any permission errors at all. Here is an example of how I do it:

mkdir /mnt/USB
mkdir /mnt/HDD
mount /dev/sda<#> /mnt/HDD
mount /dev/sdb<#> /mnt/USB
cp -Rvvvvv /mnt/USB/Users/ /mnt/HDD/Users//Desktop/BACKUP
reboot

And that’s it. Most newer Linux distributions don’t even require you to specify that you want to use NTFS-3G. The drives I work on usually have 3 or 4 slices and so sometimes I have to test each slice by mounting it and seeing what’s on it. The easiest way to tell that you have mounted the correct slice (partition) is that the /mnt/USB/Users/ or /mnt/HDD/Users/ directory has the right name in it. If you mount the “Recovery” partition, it may look like the right slice but the Users directory (in Windows 7 and Vista, if using Windows XP, you need to search /mnt/HDD/Documents\ And\ Settings/) will only have Admin and Default listed.

I have used Ustoppable Copier from RoadKil.net a ton of times on drives that mount and the permissions are proper. This application only goes that far though. if you try it on a Users directory from a foreign local disk, as we did in the example above, it will just say “0 files copied.” This tool is amazing when permissions are right though. You simply choose a source, a destination, click copy and walk away. No prompts at all while copying, nothing. It just works.

Another utility I have yet to try is xcopy. This was suggested to me by a colleague who said it does pretty much what unstoppable copier does. I found this great quote (notice sarcasm, please) from a website that describes it:

“Xcopy is a powerful version of the copy command with additional features; has the capability of moving files, directories, and even whole drives from one location to another.” – http://www.computerhope.com/xcopyhlp.htm

Wow, that’s power. When you can use a utility native to the OS to copy files, is just power. /sarcasm What makes it more powerful? Does it use more CPU cycles? More memory? or is it simply doing what it is supposed to do? it has the capability to move files, directories, and even whole drives (oh my!). Shouldn’t this be called xmove? I am sticking with what I know; Linux can handle files like a real OS should.