Posts Tagged ‘Cracking’

Johnny is the cross-platform Open Source GUI frontend for the popular password cracker John the Ripper. It was originally proposed and designed by Shinnok in draft, version 1.0 implementation was achieved by Aleksey Cherepanov as part of GSoC 2012 and Mathieu Laprise took Johnny further towards 2.0 and beyond as part of GSoC 2015.

Johnny’s aim is to automate and simplify the password cracking routine with the help of the tremendously versatile and robust John the Ripper, as well as add extra functionality on top of it, specific to Desktop and GUI paradigms, like improved hash and password workflow, multiple attacks and session management, easily define complex attack rules, visual feedback and statistics, all of it on top of the immense capabilities and features offered by both JtR core/proper as well as jumbo.

Features

  • Cross platform, builds and runs on all major desktop platforms
  • Based on the most powerful and robust password cracking software, supports both John core/proper and jumbo flavors
  • Exposes most useful JtR attack modes and options in a usable, yet powerful interface
  • Simplifies password/hash management and attack results via complex filtering and selection
  • Easily define new attacks and practical multiple attack session management
  • Manually guess passwords via the Guess function
  • Export Passwords table to CSV and colon password file format
  • Import many types of encrypted or password protected files via the 2john functionality
  • Fully translatable (English and French language for now)

Download

tv crime2

1. Nmap
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark
Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition
Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition
The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra
A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab
WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

 

tv crime2

Ever wondered what the numbers on your credit card mean? Well wonder no longer

CrackingCreditCode

tv-blackberry

If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.

The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files.

Scenario to Exploit Vulnerability: A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file.

As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code.

RIM is not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers, and recommends that affected customers update to the latest available software version to be fully protected from these vulnerabilities.” Blackberry said.

The exploit uses a TIFF image containing malicious code, and the dangerous image can either be linked to an email or attached directly to it. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

BlackBerry Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino and BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise are affected only.

For the full RIM statement, issue and resolution visit: Knowledge Base Article BSRT-2013-003

tv crime2

Here is a list of my favorite old & new school information security & hacking tools: 

Burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an applications attack surface, through to finding and exploiting security vulnerabilities.

Cain & Abel

Cain & Abel is a password-cracking juggernaut that runs on Windows. This amazing software, created by Mass-imiliano Montoro, features more than a dozen different useful capabilities for cracking passwords and various encryption keys. For starters, Cain can dump and reveal various encrypted or hashed passwords cached on a local Windows machine, including the standard Windows LANMAN and NTLM password representations, as well as application-specific passwords for Microsoft’s Outlook, Internet Explorer and MSN Explorer. Organizations can use Cain to test individual passwords and the effectiveness of their password policies. Cain & Abel can crack passwords for over a dozen different OS and protocol types. Just for the Windows operating system alone, Cain handles the LANMAN and NTLM password representations in the SAM database, as well as Windows network authentication protocols such as LANMAN Challenge and Response, NTLMv1, NTLMv2 and Micro-soft Kerberos. Its integrated sniffer monitors the LAN, grabbing challenge-and- response packets and cracking passwords using a built-in dictionary of more than 306,000 words. Beyond Windows passwords, Cain also cracks various Cisco passwords, routing proto-col hashes, VNC passwords, RADIUS Shared Secrets, Win95/98 Password List (PWL) files, and Micro-soft SQL Server 2000 and MySQL passwords. It can also crack IKE pre-shared keys in order to penetrate IPSec VPNs that use IKE to exchange and to update their cryptography keys. Beyond password cracking, Cain includes a wireless LAN discovery tool, a hash calculator and an ARP cache-poisoning tool (which can be used to redirect traffic on a LAN so that an attacker can more easily sniff in a switched environment)–all bound together in a sophisticated GUI.

DNSiff

DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.

Fast-track 

Fast-track is an open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack –> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage.

Fport

fport identifies all open TCP/IP and UDP ports and maps them to the owning application.

GFI LANguard

GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Hping

hping is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Kind of like the ping program (but with a lot of extensions).

IP Filter

IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavours of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.  It separates and identifies different wireless networks in the area.

Metasploit Community Edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.

Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Nessus

The Nessus Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavours of Unix.

Netcat

Netcat has been dubbed the network Swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol

NetFilter

NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packet mangling.

NexPose Community edition 

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features.

Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Nmap

Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

OpenPGP

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.

OpenSSH

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

Paros Proxy

Many custom Web apps are vulnerable to SQL injection, cross-site scripting, session cloning and other attacks. Attackers often rely on a specialized Web proxy tool designed to manipulate Web applications to reveal and exploit such flaws–and so must you. A Web app manipulation proxy sits between the attacker’s browser and the target Web server. All HTTP and HTTPS requests and responses are channelled through the proxy, which gives the attacker a window to view and alter all of the information passed in the browsing session, including any variables passed by the Web app in cookies, hidden form elements and URLs. Paros Proxy, which runs on Windows or Linux (with a Java Run-time Environment), is the best of these proxies, chock-full of Web app assessment widgets that make it a versatile and powerful hacking tool:

  1. Recorder. Paros goes be-yond similar tools by maintaining a thorough history of all HTTP requests and responses. Later, the attacker can review all of the actions, with every page, variable and other element re-corded for detailed analysis.
  2. Web spider. An automated Web spider surfs every linked page on a target site, storing its HTML locally for later inspection, and harvests URLs, cookies and hidden form elements for later attack.
  3. Hash calculator. Attackers sometimes have a hunch about the encoding or hashing of specific data elements that are returned. Using the Paros calculator, a hacker can quickly and easily test such hunches. Paros Proxy has a GUI tool for calculating the SHA-1, MD5 and Base64 value of any arbitrary text typed in by its user or pasted from an application.
  4. SSL-buster. While most other Web app attack and assessment proxies handle server-side SSL certificates, Paros can also probe apps that require client-side SSL certificates.

Paros also includes automated vulnerability scanning and detection capabilities for some of the most common Web application attacks, including SQL injection and cross-site scripting. Paros even scans for unsafe Web content, such as unsigned ActiveX controls and browser ex-ploits sent by the target Web server.

Pf

OpenBSD Packet Filter

SAINT

SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

Snort

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

TCPdump

TCPdump is the most used network sniffer/analyser for UNIX.

TCPTrace

analyses the dump file format generated by TCPdump and other applications.

THC-Hydra

A very fast network logon cracker which support many different services.

TripWire

Tripwire is a tool that can be used for data and program integrity assurance.

W3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Webscarab

WebScarabhas a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.

Wellenreiter

A Passive WLAN detector. While numerous tools detect wireless LANs, one of the very best is Wellenreiter. Traditional war driving tools, such as the popular NetStumbler, send a barrage of probe request packets to find wireless access points. But, NetStumbler can’t locate an access point that’s configured to ignore probe requests from clients that don’t know the WLAN SSID. Max Moser’s Wellenreiter can. Wellenreiter is completely passive; instead of sending probe requests, it puts a wireless card into so-called “rfmon mode,” so that it sniffs wireless traffic, capturing all data sent, including the entire wireless frames of all packets with their associated SSIDs, displaying the discovered access points in its GUI. It then listens for ARP or DHCP traffic to determine the MAC and IP addresses of each discovered wireless device. Wellenreiter can store wireless packets in a tcpdump or Wireshark packet capture file for later detailed analysis. An attacker or wireless penetration tester can fire up Wellenreiter, let the tool run passively for an hour or so, and return to find a nifty inventory of nearby wireless devices. It can also interface with GPS devices; storing the physical location of each war-driving computer when wireless LANs are detected. Wellenreiter runs on Linux and supports Prism2, Lucent and Cisco wireless cards.

Wikto

You need a solid Web server vulnerability scanner if you’re going to find flaws before attackers do. Internet-facing Web apps open enormous business opportunities–and dangerous holes for malicious and criminal hackers. In the last year, thousands of sites running vulnerable phpBB Web forum scripts, and countless others hosting the AWStats CGI script for gathering access statistics from log files, have fallen victim to attackers. Beyond those notable examples, vulnerabilities in various Web scripts are discovered on a regular basis. To help find such flaws in your network, turn to Wikto, an impressive Web server scanning tool. Written by Sensepost, a security services firm based in South Africa, Wikto builds on the popular command-line Nikto Web scanner Perl script with an easy-to-use Windows GUI and extended capabilities. Like Nikto, Wikto searches for thousands of flawed scripts, common server misconfigurations and unpatched systems. Wikto adds HTTP fingerprinting technology to identify Web server types based on their protocol behaviour’s, even if administrators purposely disguise Web server banner information to deceive attackers. For white hats, it’s a powerful inventory feature. What’s more, attackers are increasingly turning to well-crafted Google searches to look for vulnerable sites. Security researcher Johnny Long maintains the Google Hacking Database (GHDB) list of more than 1,000 Google searches that can locate vulnerable systems. Wikto can import the latest GHDB vulnerability list, and then query Google for such holes in your domain.

Winfingerprint

A Windows configuration harvester. Windows systems contain a treasure trove of sensitive configuration information that’s accessible in a variety of ways. Attackers and assessment teams typically extract as much information as possible from Windows systems to help refine and augment their vulnerability scans. Winfingerprint, written by Vacuum, is an invaluable tool for harvesting Windows configuration information, using a variety of mechanisms, including Windows domain access, Active Directory and Windows Manage-ment Instrumentation (WMI), Microsoft’s comprehensive framework for analysing system configurations. Winfingerprint pulls lists of users, groups and security settings from a single Windows machine or a network range. The tool also grabs information about the local hard drives of target machines, local system time and date, registry settings, and event logs. Rounding out its features, this handy tool includes a Simple Network Management Protocol (SNMP) scanner, as well as a TCP and UDP port scanner, all accessible from a single GUI

Wireshark

Wireshark is a network protocol analyser. It lets you capture and interactively browse the traffic running on a computer network.