Wednesday, December 26, 2007

Webtracer

The Webtracer is a professional forensic tool to trace internet identities such as a website owners, the sender of an e-mail etc.

Each internet resource (IP address, server name, e-mail address, URL etc.) can be investigated to retrieve underlying relations and owner details.

The Webtracer also allows in depth analysis of e-mail headers and can be used to analyse logfiles after a possible intrusion.

http://www.forensictracer.com

Thursday, November 22, 2007

EMLATORS & TRAFFIC GENERATOR / DoS Attack Tools

WEBLOAD

http://www.webload.org/overview.html

WEBLOAD PROVIDES A COMPREHENSIVE AND ROBUST ENVIRONMENT FOR LOAD TESTING. THIS INCLUDES A FULL AUTHORING ENVIRONMENT FOR RECORDING, EDITING AND DEBUGGING TEST SCRIPTS, A HIGHLY EFFICIENT EXECUTION ENVIRONMENT FOR DEFINING LOAD PARAMETERS (VIRTUAL USERS), RUNNING AND MONITORING THE TESTS AS WELL AS REPORTING TOOLS FOR ANALYZING AND PRESENTING TEST RESULTS.

CURL-LOADER

http://sourceforge.net/projects/curl-loader

A POWERFUL C-WRITTEN WEB APPLICATION TESTING AND LOAD GENERATING TOOL. IT USES HTTP, FTP AND TLS/SSL STACKS, SIMULATING TENS OF THOUSAND USERS / CLIENTS EACH WITH OWN IP-ADDRESS. THE GOAL IS TO PROVIDE AN ALTERNATIVE TO SPIRENT AVALANCHE AND IXIA IXLOAD

SEAGULL

http://gull.sourceforge.net/index.html

SEAGULL IS A FREE, OPEN SOURCE (GPL) MULTI-PROTOCOL TRAFFIC GENERATOR TEST TOOL. PRIMARILY AIMED AT IMS (3GPP, TISPAN, CABLELABS) PROTOCOLS (AND THUS BEING THE PERFECT COMPLEMENT TO SIPP FOR IMS TESTING), SEAGULL IS A POWERFUL TRAFFIC GENERATOR FOR FUNCTIONAL, LOAD, ENDURANCE, STRESS AND PERFORMANCE/BENCHMARK TESTS FOR ALMOST ANY KIND OF PROTOCOL. IN ADDITION, ITS OPENNESS ALLOWS TO ADD THE SUPPORT OF A BRAND NEW PROTOCOL IN LESS THAN 2 HOURS - WITH NO PROGRAMMING KNOWLEDGE. FOR THAT, SEAGULL COMES WITH SEVERAL PROTOCOL FAMILIES EMBEDDED IN THE SOURCE CODE:

  • BINARY/TLV (DIAMETER, RADIUS AND MANY 3GPP AND IETF PROTOCOLS)
  • EXTERNAL LIBRARY (TCAP, SCTP)
  • TEXT (XCAP, HTTP, H248 ASCII)

NETWORK SIMULATOR - NS-2

http://nsnam.isi.edu/nsnam/index.php/User_Information

NS IS A DISCRETE EVENT SIMULATOR TARGETED AT NETWORKING RESEARCH. NS PROVIDES SUBSTANTIAL SUPPORT FOR SIMULATION OF TCP, ROUTING, AND MULTICAST PROTOCOLS OVER WIRED AND WIRELESS (LOCAL AND SATELLITE) NETWORKS.

WANULATOR

http://www.wanulator.de/Home.html

WANULATOR COMBINES "WAN" AND "SIMULATOR. THIS PRETTY MUCH ALREADY DESCRIBES WHAT THE SOFTWARE DOES: IT SIMULATES DIFFERENT INTERNET CONDITIONS SUCH AS DELAY OR PACKET LOSS. FURTHERMORE IT SIMULATES USER ACCESS SPEEDS E.G. MODEM, ISDN OR ADSL

HARPOON

http://wail.cs.wisc.edu/waildownload.py

HARPOON IS A FLOW-LEVEL TRAFFIC GENERATOR. IT USES A SET OF DISTRIBUTIONAL PARAMETERS THAT CAN BE AUTOMATICALLY EXTRACTED FROM NETFLOW TRACES TO GENERATE FLOWS THAT EXHIBIT THE SAME STATISTICAL QUALITIES PRESENT IN MEASURED INTERNET TRACES, INCLUDING TEMPORAL AND SPATIAL CHARACTERISTICS. HARPOON CAN BE USED TO GENERATE REPRESENTATIVE BACKGROUND TRAFFIC FOR APPLICATION OR PROTOCOL TESTING, OR FOR TESTING NETWORK SWITCHING HARDWARE.

NETPATH

http://wail.cs.wisc.edu/waildownload.py

NETPATH IS A SCALABLE LINK EMULATION TOOL, WHICH AUTOMATICALLY ASSIGNS PROFILES TO LINKS IN A LABORATORY ENVIRONMENT. IT EMULATES FIXED AND PROBABILISTIC PROPAGATION DELAYS, PROBABILISTIC BIT ERRORS, PROBABILISTIC PACKET LOSS, PROBABILISTIC PACKET REORDERING, PROBABILISTIC PACKET DUPLICATION AND BANDWIDTH SHAPING. THE LINK EMULATION IS ACHIEVED BY INTERPOSING THE NETPATH MACHINE EITHER PHYSICALLY OR VIRTUALLY BETWEEN A PAIR OF HOST MACHINES. NETPATH CAN BE CONFIGURED IN THREE DIFFERENT OPERATIONAL MODES: DIRECT INTERPOSITION (MODE 0), VIRTUAL INTERPOSITION, WHICH MAY EITHER BE BETWEEN ROUTERS (MODE 1) OR END HOSTS (MODE 2), AND A LAYER 3 (IP ROUTED) INTERPOSITION MODE.

MGEN

http://cs.itd.nrl.navy.mil/work/mgen/index.php

THE MULTI-GENERATOR (MGEN) IS OPEN SOURCE SOFTWARE BY THE NAVAL RESEARCH LABORATORY (NRL) PROTOCOL ENGINEERING ADVANCED NETWORKING (PROTEAN) RESEARCH GROUP. MGEN PROVIDES THE ABILITY TO PERFORM IP NETWORK PERFORMANCE TESTS AND MEASUREMENTS USING UDP/IP TRAFFIC (TCP IS CURRENTLY BEING DEVELOPED). THE TOOLSET GENERATES REAL-TIME TRAFFIC PATTERNS SO THAT THE NETWORK CAN BE LOADED IN A VARIETY OF WAYS. THE GENERATED TRAFFIC CAN ALSO BE RECEIVED AND LOGGED FOR ANALYSES. SCRIPT FILES ARE USED TO DRIVE THE GENERATED LOADING PATTERNS OVER THE COURSE OF TIME. THESE SCRIPT FILES CAN BE USED TO EMULATE THE TRAFFIC PATTERNS OF UNICAST AND/OR MULTICAST UDP/IP APPLICATIONS. THE RECEIVE PORTION OF THIS TOOL SET CAN BE SCRIPTED TO DYNAMICALLY JOIN AND LEAVE IP MULTICAST GROUPS. MGEN LOG DATA CAN BE USED TO CALCULATE PERFORMANCE STATISTICS ON THROUGHPUT, PACKET LOSS RATES, COMMUNICATION DELAY, AND MORE. MGEN CURRENTLY RUNS ON VARIOUS UNIX-BASED (INCLUDING MACOS X) AND WIN32 PLATFORMS.

MULTICAST BEACON V1.3

http://dast.nlanr.net/projects/Beacon/

THE NLANR/DAST MULTICAST BEACON IS A MULTICAST DIAGNOSTIC TOOL WRITTEN IN PERL WHICH USES THE RTP PROTOCOL (RFC3550) TO PROVIDE USEFUL STATISTICS AND DIAGNOSTIC INFORMATION ABOUT A GIVEN MULTICAST GROUP'S CONNECTIVITY CHARACTERISTICS.
MULTICAST IS A WAY OF DISTRIBUTING IP PACKETS TO A SET OF MACHINES WHICH HAVE EXPRESSED AN INTEREST IN RECEIVING THEM. IT IS A ONE-TO-MANY DISTRIBUTION MODEL SUITABLE FOR VIDEO CONFERENCING AND OTHER FORMS OF DATA SHARING OVER THE NETWORK.
TEAMED UP WITH THE ACCESS GRID, THE MULTICAST BEACON PROVIDES MEASUREMENT DATA FOR THE CURRENT MULTICAST TRAFFIC IN A GROUP. THE ACCESS GRID IS A PROJECT LED BY ANL TO IMPLEMENT LARGE-SCALE DISTRIBUTED COLLABORATION OVER THE NETWORK. IT RELIES ON MULTICAST FOR DISTRIBUTING AUDIO, VIDEO, AND OTHER DATA ACROSS THE NETWORK.
THE MULTICAST BEACON CAN ALSO BE USED AS A GENERAL-PURPOSE MULTICAST MEASUREMENT TOOL AS WELL.

MHEALTH

http://imj.ucsb.edu/mhealth/

MHEALTH, THE MULTICAST HEALTH MONITOR, IS A GRAPHICAL, NEAR REAL-TIME MULTICAST MONITORING TOOL. BY USING A COMBINATION OF APPLICATION LEVEL PROTOCOL DATA ABOUT GROUP PARTICIPANTS, AND A MULTICAST ROUTE TRACING TOOL FOR TOPOLOGY INFORMATION, MHEALTH IS ABLE TO DISCOVER AND DISPLAY THE FULL NETWORK TREE DISTRIBUTION AND DELIVERY QUALITY. MHEALTH ALSO PROVIDES DATA LOGGING FUNCTIONALITY FOR THE PURPOSE OF ISOLATING AND ANALYZING NETWORK FAULTS. LOGS CAN BE ANALYZED TO PROVIDE INFORMATION SUCH AS RECEIVER LISTS OVER TIME, ROUTE HISTORIES AND CHANGES, AND THE LOCATION, DURATION, AND FREQUENCY OF LOSS.

WANEM

http://wanem.sourceforge.net/

WANEM IS A WIDE AREA NETWORK EMULATOR, MEANT TO PROVIDE A REAL EXPERIENCE OF A WIDE AREA NETWORK/INTERNET, DURING APPLICATION DEVELOPMENT / TESTING OVER A LAN ENVIRONMENT. TYPICALLY APPLICATION DEVELOPERS DEVELOP APPLICATIONS ON A LAN WHILE THE INTENDED PURPOSE FOR THE SAME COULD BE, CLIENTS ACCESSING THE SAME OVER THE WAN OR EVEN THE INTERNET. WANEM THUS ALLOWS THE APPLICATION DEVELOPMENT TEAM TO SETUP A TRANSPARENT APPLICATION GATEWAY WHICH CAN BE USED TO SIMULATE WAN CHARACTERISTICS LIKE NETWORK DELAY, PACKET LOSS, PACKET CORRUPTION, DISCONNECTIONS, PACKET RE-ORDERING, JITTER, ETC. WANEM CAN BE USED TO SIMULATE WIDE AREA NETWORK CONDITIONS FOR DATA/VOICE TRAFFIC AND IS RELEASED UNDER THE WIDELY ACCEPTABLE GPL V2 LICENSE.

WANEM THUS PROVIDES EMULATION OF WIDE AREA NETWORK CHARACTERISTICS AND THUS ALLOWS DATA/VOICE APPLICATIONS TO BE TESTED IN A REALISTIC WAN ENVIRONMENT BEFORE THEY ARE MOVED INTO PRODUCTION AT AN AFFORDABLE COST. WANEM IS BUILT ON TOP OF OTHER FLOSS [FREE LIBRE AND OPENSOURCE] COMPONENTS AND LIKE OTHER INTELLIGENT FLOSS PROJECTS HAS CHOSEN NOT TO RE-INVENT THE WHEEL AS MUCH AS POSSIBLE.

DUMMYNET

http://ai3.asti.dost.gov.ph/sat/dummynet.html
DUMMYNET IS A FLEXIBLE TOOL FOR BANDWIDTH MANAGEMENT AND FOR TESTING NETWORKING PROTOCOLS. IT IS IMPLEMENTED IN FREEBSD BUT IS EASILY PORTABLE TO OTHER PROTOCOL STACKS. THERE IS ALSO A ONE-FLOPPY VERSION OF FREEBSD WHICH INCLUDES DUMMYNET AND A LOT OF OTHER GOODIES, SEE BELOW. IT WORKS BY INTERCEPTING PACKETS IN THEIR WAY THROUGH THE PROTOCOL STACK, AND PASSING THEM THROUGH ONE OR MORE PIPES WHICH SIMULATE THE EFFECTS OF BANDWIDTH LIMITATIONS, PROPAGATION DELAYS, BOUNDED-SIZE QUEUES, PACKET LOSSES, ETC.

MODELNET

http://modelnet.ucsd.edu/

MODELNET IS A LARGE-SCALE NETWORK EMULATOR THAT ALLOWS USERS TO EVALUATE DISTRIBUTED NETWORKED SYSTEMS IN REALISTIC INTERNET-LIKE ENVIRONMENTS. MODELNET ENABLES THE TESTING OF UNMODIFIED PROTOTYPES RUNNING OVER UNMODIFIED OPERATING SYSTEMS ACROSS VARIOUS NETWORKING SCENARIOS. IN SOME SENSE, IT COMBINES THE REPEATABILITY OF SIMULATION WITH THE REALISM OF LIVE DEPLOYMENT. THE MODELNET USER COMMUNITY HAS DEPLOYED IT TO AID IN THE DESIGN AND TESTING OF NOVEL CONTENT DISTRIBUTION NETWORKS, PEER-TO-PEER SYSTEMS, TRANSPORT-LAYER PROTOCOLS, CONTENT-BASED SWITCHES, DISTRIBUTED STREAM PROCESSORS, DISTRIBUTED FILE SYSTEMS, AND NETWORK MEASUREMENT TOOLS.

USERS DEPLOY MODELNET ON THEIR LOCAL-AREA CLUSTER. EACH INSTANCE OF YOUR APPLICATION RUNS ON A VIRTUAL NODE; MODELNET MULTIPLEXES VIRTUAL NODES ACROSS A SET OF PHYSICAL MACHINES THAT WE CALL EDGE NODES. THE SYSTEM CONFIGURES THE EDGE NODES TO ROUTE THEIR PACKETS THROUGH A MODELNET CORE (CONSISTING OF ONE OR MORE PHYSICAL MACHINES). THIS CORE SUBJECTS EACH PACKET TO THE DELAY, BANDWIDTH, AND LOSS SPECIFIED IN A TARGET TOPOLOGY. MODELNET SUPPORTS HOP-BY-HOP EMULATION, CAPTURING THE EFFECTS OF CROSS TRAFFIC AND CONGESTION WITHIN THE NETWORK.

LANFORGE ICE (COMMERCIAL)

http://www.operativesoft.com/html/lanforgeice.htm

LANFORGE ICE IS A WAN OR NETWORK IMPAIRMENT SIMULATOR.
LANFORGE ICE IS USED TO SIMULATE THE CORE OF A NETWORK, AND IS USED TO TEST AND VERIFY EQUIPMENT THAT COMMUNICATES THROUGH THE CORE. THE LANFORGE ICE PLATFORM IS USED TO SIMULATE T1, DS3, OC-3, OC-12, GIGE, DSL, SATELLITE, DIAL-UP, AND OTHER WIDE AREA NETWORKS (WANS).

GLOMOSIM

http://pcl.cs.ucla.edu/projects/glomosim/

GLOMOSIM IS A SCALABLE SIMULATION ENVIRONMENT FOR WIRELESS AND WIRED NETWORK SYSTEMS. IT IS BEING DESIGNED USING THE PARALLEL DISCRETE-EVENT SIMULATION CAPABILITY PROVIDED BY PARSEC. GLOMOSIM CURRENTLY SUPPORTS PROTOCOLS FOR A PURELY WIRELESS NETWORK. IN THE FUTURE, WE ANTICIPATE ADDING FUNCTIONALITY TO SIMULATE A WIRED AS WELL AS A HYBRID NETWORK WITH BOTH WIRED AND WIRELESS CAPABILITIES.

Cracking Tools

WEB LINKS TO DICTIONARY WORD LIST FILES

http://www.cotse.com/tools/wordlists.htm
http://packetstormsecurity.org/Crackers/wordlists/

ORACLE DEFAULT PASSWORD AUDITING TOOL

http://www.petefinnigan.com/default/default_password_checker.htm

A SIMPLE COMMAND LINE TOOL THAT CAN BE USED TO CHECK IF ANY DEFAULT USERS ARE INSTALLED IN YOUR DATABASE AND MORE IMPORTANTLY WHETHER THOSE DEFAULT USERS STILL HAVE THEIR DEFAULT PASSWORDS SET TO KNOWN VALUES

ORACLE DEFAULT PASSWORD LIST

http://www.petefinnigan.com/default/default_password_list.htm

THE LIST CAN ALSO BE THOUGHT OF AS A LIST OF ORACLE DEFAULT PASSWORD HASHES.

UNIX RECONNAISSANCE SCRIPTS

http://www.petefinnigan.com/tools.htm

NUMEROUS SCRIPTS THAT DETAIL PRIVILEGE LEVEL, DEFAULT PASSWORD CONFIGURATION, AND SYSTEM ACCESS INFORMATION. ADDITIONAL SCRIPTS FOR FORENSIC DB ANALYSIS ARE ALSO LISTED

CAIN & ABEL

http://www.oxid.it/

CAIN & ABEL IS A PASSWORD RECOVERY TOOL FOR MICROSOFT OPERATING SYSTEMS. IT ALLOWS EASY RECOVERY OF VARIOUS KIND OF PASSWORDS BY SNIFFING THE NETWORK, CRACKING ENCRYPTED PASSWORDS USING DICTIONARY, BRUTE-FORCE AND CRYPTANALYSIS ATTACKS, RECORDING VOIP CONVERSATIONS, DECODING SCRAMBLED PASSWORDS, REVEALING PASSWORD BOXES, UNCOVERING CACHED PASSWORDS AND ANALYZING ROUTING PROTOCOLS. THE PROGRAM DOES NOT EXPLOIT ANY SOFTWARE VULNERABILITIES OR BUGS THAT COULD NOT BE FIXED WITH LITTLE EFFORT. IT COVERS SOME SECURITY ASPECTS/WEAKNESS PRESENT IN PROTOCOL'S STANDARDS, AUTHENTICATION METHODS AND CACHING MECHANISMS; ITS MAIN PURPOSE IS THE SIMPLIFIED RECOVERY OF PASSWORDS AND CREDENTIALS FROM VARIOUS SOURCES, HOWEVER IT ALSO SHIPS SOME "NON STANDARD" UTILITIES FOR MICROSOFT WINDOWS USERS.
CAIN & ABEL HAS BEEN DEVELOPED IN THE HOPE THAT IT WILL BE USEFUL FOR NETWORK ADMINISTRATORS, TEACHERS, SECURITY CONSULTANTS/PROFESSIONALS, FORENSIC STAFF, SECURITY SOFTWARE VENDORS, PROFESSIONAL PENETRATION TESTER AND EVERYONE ELSE THAT PLANS TO USE IT FOR ETHICAL REASONS. THE AUTHOR WILL NOT HELP OR SUPPORT ANY ILLEGAL ACTIVITY DONE WITH THIS PROGRAM. BE WARNED THAT THERE IS THE POSSIBILITY THAT YOU WILL CAUSE DAMAGES AND/OR LOSS OF DATA USING THIS SOFTWARE AND THAT IN NO EVENTS SHALL THE AUTHOR BE LIABLE FOR SUCH DAMAGES OR LOSS OF DATA. PLEASE CAREFULLY READ THE LICENSE AGREEMENT INCLUDED IN THE PROGRAM BEFORE USING IT.

THE LATEST VERSION IS FASTER AND CONTAINS A LOT OF NEW FEATURES LIKE APR (ARP POISON ROUTING) WHICH ENABLES SNIFFING ON SWITCHED LANS AND MAN-IN-THE-MIDDLE ATTACKS. THE SNIFFER IN THIS VERSION CAN ALSO ANALYZE ENCRYPTED PROTOCOLS SUCH AS SSH-1 AND HTTPS, AND CONTAINS FILTERS TO CAPTURE CREDENTIALS FROM A WIDE RANGE OF AUTHENTICATION MECHANISMS. THE NEW VERSION ALSO SHIPS ROUTING PROTOCOLS AUTHENTICATION MONITORS AND ROUTES EXTRACTORS, DICTIONARY AND BRUTE-FORCE CRACKERS FOR ALL COMMON HASHING ALGORITHMS AND FOR SEVERAL SPECIFIC AUTHENTICATIONS, PASSWORD/HASH CALCULATORS, CRYPTANALYSIS ATTACKS, PASSWORD DECODERS AND SOME NOT SO COMMON UTILITIES RELATED TO NETWORK AND SYSTEM SECURITY.

CROWBAR

http://www.sensepost.com/research/crowbar/

GENERIC WEB BRUTE FORCE TOOL

DIGDUG

http://www.edge-security.com/soft.php

THIS LITTLE PROGRAM IS FOR AUDITING A DNS, IT WILL BRUTE FORCE A DOMAIN ASKING FOR HOSTNAMES TAKEN FROM A PREDEFINED LIST. THE LIST HAS THE MOST COMMON NAMES USED FOR HOSTS. IT SUPPORTS HYBRID QUERYS TO FIND A BROADER RANGE OF HOSTS.

CREDDUMP

CREDENTIAL MANAGER PASSWORD DUMPER FOR WINDOWS XP/2003

http://www.oxid.it/creddump.html

CREDDUMP IS A UTILITY THAT DUMPS PASSWORDS FROM WINDOWS XP/2003 USER'S CREDENTIAL FILES AND SHOWS THEM IN THEY'RE CLEARTEXT FORM.

DNSMAP

http://unknown.pentester.googlepages.com

DNSMAP IS A SMALL C BASED TOOL THAT PERFORMS BRUTE-FORCING OF DOMAINS. THE TOOL CAN USE AN INTERNAL WORDLIST, OR WORK WITH AN EXTERNAL DICTIONARY FILE.

LCP

http://www.lcpsoft.com/english/index.htm#lcp

MAIN PURPOSE OF LCP PROGRAM IS USER ACCOUNT PASSWORDS AUDITING AND RECOVERY IN WINDOWS NT/2000/XP/2003.

GENERAL FEATURES OF THIS PRODUCT:

  • ACCOUNTS INFORMATION IMPORT:
  • IMPORT FROM LOCAL COMPUTER;
  • IMPORT FROM REMOTE COMPUTER;
  • IMPORT FROM SAM FILE;
  • IMPORT FROM .LC FILE;
  • IMPORT FROM .LCS FILE;
  • IMPORT FROM PWDUMP FILE;
  • IMPORT FROM SNIFF FILE;
  • PASSWORDS RECOVERY:
  • DICTIONARY ATTACK;
  • HYBRID OF DICTIONARY AND BRUTE FORCE ATTACKS;
  • BRUTE FORCE ATTACK;
  • BRUTE FORCE SESSION DISTRIBUTION:
  • SESSIONS DISTRIBUTION;
  • SESSIONS COMBINING;
  • HASHES COMPUTING:
  • LM AND NT HASHES COMPUTING BY PASSWORD;
  • LM AND NT RESPONSE COMPUTING BY PASSWORD AND SERVER CHALLENGE. SID&USER PROGRAM IS SID AND USER NAMES GETTING TOOL FOR WINDOWS NT/2000/XP/2003. GENERAL FEATURES OF THIS PRODUCT:
  • SID GETTING FOR A GIVEN ACCOUNT NAME;
  • GETTING OF AN ACCOUNT NAME FOR SINGLE SID OR ACCOUNT NAMES FOR SID RANGE.

IKECRACK

http://ikecrack.sourceforge.net/

IKECRACK IS AN OPEN SOURCE IKE/IPSEC AUTHENTICATION CRACK TOOL. THIS TOOL IS DESIGNED TO BRUTEFORCE OR DICTIONARY ATTACK THE KEY/PASSWORD USED WITH PRE-SHARED-KEY [PSK] IKE AUTHENTICATION. THE OPEN SOURCE VERSION OF THIS TOOL IS TO DEMONSTRATE PROOF-OF-CONCEPT, AND WILL WORK WITH RFC 2409 BASED AGGRESSIVE MODE PSK AUTHENTICATION.

OPHCRACK

http://ophcrack.sourceforge.net/

THE OPHCRACK LIVECD IS A BOOTABLE LINUX CD-ROM CONTAINING OPHCRACK 2.3 AND A SET OF TABLES (SSTIC04-10K). IT ALLOWS FOR TESTING THE STRENGTH OF PASSWORDS ON A WINDOWS MACHINE WITHOUT HAVING TO INSTALL ANYTHING ON IT. JUST PUT IT INTO THE CD-ROM DRIVE, REBOOT AND IT WILL TRY TO FIND A WINDOWS PARTITION, EXTRACT ITS SAM AND START AUDITING THE PASSWORDS.

SSH EXPECT BRUTE FORCE SCRIPT

http://www.securiteam.com/tools/5QP0L2K60E.html

THIS IS AN EXPECT SCRIPT THAT WILL ALLOW YOU TO SPECIFY A HOST FILE, USER FILE, AND A DICTIONARY. EXTREMELY USEFUL FOR AUDITING LARGE NETWORKS WHERE YOU CAN'T MANUALLY LOG INTO EVERY MACHINE OR DON'T FEEL LIKE RE-RUNNING SOMETHING ON EVERY HOST.

SIMPLE SSH BRUTE FORCE SCRIPT

http://ideacomplex.com/code/ssh-rbrute.rb

SSHATTER

http://www.nth-dimension.org.uk/downloads.php?id=34

SSHATTER IS A PASSWORD BRUTE FORCER FOR SSH, IT IS MULTI THREADED AND CAN AUDIT MORE THAN ONE SYSTEM AND ACCOUNT IN A GIVEN SESSION.

SNMP BRUTE FORCE SCRIPT

http://www.securiteam.com/tools/5EP0N154UC.html

THE FOLLOWING TOOL TRIES TO BRUTE FORCE THE COMMUNITY NAME USED BY THE REMOTE SNMP DEVICE. THIS BRUTE FORCE PROGRAM IS QUITE FAST, AND IS ABLE TO FIND THE COMMUNITY NAME IN A MATTER OF MINUTES.

MEZCAL

http://www.0x90.org/releases/mezcal/index.php

MEZCAL IS AN HTTP/HTTPS BRUTEFORCING TOOL ALLOWING THE CRAFTING OF REQUESTS AND INSERTION OF DYNAMIC VARIABLES ON-THE-FLY.

MEDUSA

http://www.foofus.net/jmk/medusa/medusa.html

MEDUSA IS INTENDED TO BE A SPEEDY, MASSIVELY PARALLEL, MODULAR, LOGIN BRUTE-FORCER. THE GOAL IS TO SUPPORT AS MANY SERVICES WHICH ALLOW REMOTE AUTHENTICATION AS POSSIBLE. THE AUTHOR CONSIDERS FOLLOWING ITEMS AS SOME OF THE KEY FEATURES OF THIS APPLICATION:

  • THREAD-BASED PARALLEL TESTING. BRUTE-FORCE TESTING CAN BE PERFORMED AGAINST MULTIPLE HOSTS, USERS OR PASSWORDS CONCURRENTLY.
  • FLEXIBLE USER INPUT. TARGET INFORMATION (HOST/USER/PASSWORD) CAN BE SPECIFIED IN A VARIETY OF WAYS. FOR EXAMPLE, EACH ITEM CAN BE EITHER A SINGLE ENTRY OR A FILE CONTAINING MULTIPLE ENTRIES. ADDITIONALLY, A COMBINATION FILE FORMAT ALLOWS THE USER TO REFINE THEIR TARGET LISTING.
  • MODULAR DESIGN. EACH SERVICE MODULE EXISTS AS AN INDEPENDENT .MOD FILE. THIS MEANS THAT NO MODIFICATIONS ARE NECESSARY TO THE CORE APPLICATION IN ORDER TO EXTEND THE SUPPORTED LIST OF SERVICES FOR BRUTE-FORCING.

THC-ORACLE SNIFFER/CRACKER

http://www.thc.org/thc-orakel/

THC PRESENTS A CRYPTO PAPER ANALYZING THE DATABASE AUTHENTICATION MECHANSIM USED BY ORACLE. THC FURTHER RELEASES PRACTICAL TOOLS TO SNIFF AND CRACK THE PASSWORD OF AN ORACLE DATABASE WITHIN SECONDS.
ONE OF THE NETWORK AUTHENTICATION MODES USED BY ORACLE DATABASES USES A WEAK KEY EXCHANGE MECHANISM. THIS MECHANISM IS STILL USED ON THE NEWEST DATABASE VERSIONS USING ORACLE'S JAVA DRIVERS. ALSO, FOR NATIVE ORACLE DRIVERS AN ATTACK IS KNOWN TO DOWNGRADE THE AUTHENTICATION MODE TO THE VULNERABLE VERSION. THE ORAKELSNIFFERT ARTICLE DOCUMENTS THE MECHANISM USED BY THE WEAK AUTHENTICATION MODE, THE COMPLEXITY AND IMPACT OF THE ATTACK AND AN EXAMPLE OF AN ATTACK IN THE FIELD. A WINDOWS BASED CRACKER AND A SIMPLE JAVA BASED CLIENT APPLICATION ARE INCLUDED TO VERIFY THE RESULTS. ALSO, A SUPPORTING CRYPTO UTILITY IS RELEASED.

HYDRA

http://www.thc.org/thc-hydra/

THC-HYDRA IS A VERY FAST NETWORK LOGON CRACKER WHICH SUPPORT MANY DIFFERENT SERVICES. CURRENTLY THIS TOOL SUPPORTS: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, POSTGRES, TEAMSPEAK, CISCO AUTH, CISCO ENABLE, LDAP2, CISCO AAA (INCORPORATED IN TELNET MODULE).

ENABLER.C

http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchtype=archives&counts=76&searchvalue=brute+force+
ENABLER.C ATTEMPTS TO FIND THE ENABLE PASSWORD ON A CISCO SYSTEM VIA BRUTE FORCE. TESTED ON CISCO 2600'S AND 12008'S AND HAS SUPPORT FOR LOGIN-PASS AS WELL AS LOGIN-ONLY DEVICES.

JOHN THE RIPPER

http://www.openwall.com/john/

AN EXTRAORDINARILY POWERFUL, FLEXIBLE, AND FAST MULTI-PLATFORM PASSWORD HASH CRACKER JOHN THE RIPPER IS A FAST PASSWORD CRACKER, CURRENTLY AVAILABLE FOR MANY FLAVORS OF UNIX (11 ARE OFFICIALLY SUPPORTED, NOT COUNTING DIFFERENT ARCHITECTURES), DOS, WIN32, BEOS, AND OPENVMS. ITS PRIMARY PURPOSE IS TO DETECT WEAK UNIX PASSWORDS. IT SUPPORTS SEVERAL CRYPT PASSWORD HASH TYPES WHICH ARE MOST COMMONLY FOUND ON VARIOUS UNIX FLAVORS, AS WELL AS KERBEROS AFS AND WINDOWS NT/2000/XP LM HASHES. SEVERAL OTHER HASH TYPES ARE ADDED WITH CONTRIBUTED PATCHES.

RAINBOW CRACK

http://www.antsight.com/zsl/rainbowcrack/

RAINBOWCRACK IS A GENERAL PROPOSE IMPLEMENTATION OF PHILIPPE OECHSLIN'S FASTER TIME-MEMORY TRADE-OFF TECHNIQUE. IN SHORT, THE RAINBOWCRACK TOOL IS A HASH CRACKER. IT IS TRADITIONAL BRUTE FORCE CRACKER THAT TRYS ALL POSSIBLE PLAINTEXTS ONE BY ONE IN CRACKING TIME. IT IS TIME CONSUMING TO BREAK COMPLEX PASSWORD IN THIS WAY. THE IDEA OF TIME-MEMORY TRADE-OFF IS TO DO ALL CRACKING TIME COMPUTATION IN ADVANCE AND STORE THE RESULT IN FILES SO CALLED "RAINBOW TABLE". IT DOES TAKE A LONG TIME TO PRECOMPUTE THE TABLES. BUT ONCE THE ONE TIME PRECOMPUTATION IS FINISHED, A TIME-MEMORY TRADE-OFF CRACKER CAN BE HUNDREDS OF TIMES FASTER THAN A BRUTE FORCE CRACKER, WITH THE HELP OF PRECOMPUTED TABLES.

FREE RAINBOW TABLES

WEB LINKS TO FREE RAINBOW TABLES:

http://www.freerainbowtables.com/index-rainbowtables-tables.html http://rainbowtables.shmoo.com/
http://wired.s6n.com/files/jathias/
http://hak5.org/wiki/Community_Rainbow_Tables

TFTP-BRUTEFORCER

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

TFTP-BRUTEFORCER IS A FAST MULTITHREADED TFTP CONFIG FILENAME BRUTEFORCER.

K0LD KNOKING 0N LDAP'S DOOR

http://www.phenoelit.de/kold/

K0LD IS A DICTIONARY ATTACK AGAINST LDAP SERVER. IT QUERIES ALL USER OUT OF THE SERVER FROM A GIVEN DN AND TRIES TO FIND THE PASSWORD.

OBIWAN

http://www.phenoelit.de/obiwan/

THE GOAL OF OBIWAN IS A BRUTE FORCE AUTHENTICATION ATTACK AGAINST WEBSERVER WITH AUTHENTICATION REQUESTS - AND IN FACT TO BREAK IN INSECURE ACCOUNTS.

WINRTGEN

http://www.oxid.it/downloads/winrtgen.zip

WINRTGEN IS A GRAPHICAL RAINBOW TABLES GENERATOR THAT SUPPORTS LM, FASTLM, NTLM, MD2, MD4, MD5, SHA1, RIPEMD160, MYSQL323, MYSQLSHA1, CISCOPIX, SHA-2 (256), SHA-2 (384) AND SHA-2 (512) HASHES.

FTS-WS-DICTOOL

http://ws.hackaholic.org/tools.html

FTS-WS-DICTOOL IS A PROGRAM TO GENERATE OR MANIPULATE SEVERAL KINDS OF WORDLISTS, TO TEST HOW STRONG ARE PASSWORDS, COOKIES, ETC.

FEATURES:

  • INCREMENTAL BRUTE FORCE (CHARACTERS).
  • THE CHARACTERS CAN BE DEFINED AS NUMERICAL, ALPHA, ALPHA-NUMERIC, ALPHA-NUMERIC + SYMBOLS.
  • START AND END NUMBER OF CHARACTERS THAT SHOULD BE USED TO GENERATE THE WORDLIST.
  • OPEN A WORDLIST AND CONVERT EACH WORD UTILIZING THE "ELITE CONVERSION".
  • OPEN A WORDLIST AND CONVERT EACH WORD TO: CAPS ON, CAPS OFF, ONLY FIRST CAPS ON, INVERTED WORD.
  • GENERATE A WORDLIST BASED IN DATE OF BIRTH.
  • GENERATE A WORDLIST FROM 2 TO 4 INCREMENTAL CHARACTERS FOLLOWED BY BIRTH.
  • GENERATE A WORDLIST OF DEFAULT PASSWORDS USED BY TERRA PROVIDER (BRAZIL).
  • OPEN A WORDLIST AND INCREMENT (BEFORE OR AFTER) CHARACTERS ON EACH WORD.
  • GENERATE A WORDLIST BASED IN PERSONAL DATA.
  • OPEN A FILE (EX.: E-MAIL, ARTICLE, INFORMATION FROM MSN, ICQ, ETC) AND GENERATE A WORDLIST.

MDCRACK

http://c3rb3r.openwall.net/mdcrack/

MDCRACK IS A FREE, FEATURE FILLED PASSWORD CRACKER DESIGNED TO BRUTEFORCE SEVERAL COMMONLY USED HASH ALGORITHMS AT A VERY AGGRESSIVE SPEED RATE. IT CAN RETRIEVE ANY PASSWORD MADE OF UP TO 8 CHARACTERS (16 FOR PIX ALGORITHMS) AND 55 CHARACTERS WHEN SALTED. IN ORDER TO ACHIEVE THE HIGHEST POSSIBLE SPEED RATE, THIS PROGRAM USES SEVERAL CORES FOR EACH ALGORITHM IT SUPPORTS. EACH ONE OF THESE CORES PROVIDES A DIFFERENT LEVEL OF OPTIMIZATION DESIGNED TO BEST FIT WITH A SPECIFIC SET OF COMMAND LINE OPTIONS. WHATEVER COMMAND LINE CONFIGURATION IS USED, MDCRACK WILL ALWAYS ARRANGE TO USE THE BEST AVAILABLE CORE. TO DATE, THIS PROGRAM SUPPORTS BRUTEFORCE ATTACKS ON MD2, MD4, MD5, NTLMV1 AND PIX (ENABLE AND USERS) HASHES, THE LIST OF ALGORITHMS IS GROWING UP. MULTITHREADING ALLOWS FOR PARALLEL CRACKING AND LOAD SHARING BETWEEN SEVERAL CPUS AND MULTIPLIES OVERALL SPEED BY THE NUMBER OF AVAILABLE PROCESSOR(S).

MD5 AND MD4 COLLISION GENERATORS

http://www.stachliu.com/research_collisions.html

UNHASH

http://www.geocities.com/dxp2532/

UNHASH IS A PROGRAM THAT PERFORMS A BRUTE FORCE ATTACK AGAINST A GIVEN HASH. THE HASH CAN BE MD5 OR SHA1, AND THE PROGRAM WILL AUTO-DETECT WHICH ONE IS GIVEN

IKECRACK

http://ikecrack.sourceforge.net/

IKECRACK IS AN OPEN SOURCE IKE/IPSEC AUTHENTICATION CRACK TOOL. THIS TOOL IS DESIGNED TO BRUTEFORCE OR DICTIONARY ATTACK THE KEY/PASSWORD USED WITH PRE-SHARED-KEY [PSK] IKE AUTHENTICATION. THE OPEN SOURCE VERSION OF THIS TOOL IS TO DEMONSTRATE PROOF-OF-CONCEPT, AND WILL WORK WITH RFC 2409 BASED AGGRESSIVE MODE PSK AUTHENTICATION.

TXDNS

http://www.txdns.net/

TXDNS IS A WIN32 AGGRESSIVE MULTITHREADED DNS DIGGER THAT IS CAPABLE OF PLACING ON THE WIRE THOUSANDS OF DNS QUERIES PER MINUTE. TXDNS MAIN GOAL IS TO EXPOSE A DOMAIN NAMESPACE TROUGH A NUMBER OF TECHNIQUES:

TYPOS
TLD ROTATION
DICTIONARY ATTACK
BRUTE FORCE

TXDNS MAY BE USED TO:

  • FILL THE RECONNAISSANCE GAP LEFT DUE TO DNS SERVERS HARDENING, AS DNS-ZONE TRANSFERS ARE MUCH LIKE TO FAIL.
  • DIG A GIVEN DOMAIN NAME FOR POSSIBLE PHISHING VARIATIONS BASED ON COMMON WELL-KNOW TYPO ALGORITHMS AND RETURN DNS QUERIES ON BOTH USED AND NOT USED NAMES.
  • STRESS-TEST DNS SERVERS DUE IS CONFIGURABLE AGGRESSIVE BEHAVIOR. TXDNS PROVIDES SOME COOL OPTIONS, SUCH AS:
  • PERFORM QUERIES ONLY FOR A GIVEN RESOURCE RECORD TYPE: A, CNAME, HINFO, NS, TXT & SOA
  • PERFORM NON-RECURSIVE QUERIES
  • PERFORM QUERIES AGAINST A GIVEN DNS SERVER

YAHOO PASSWORD SHOW

http://www.ourgodfather.com/yahpass/index.htm

THIS PROGRAM REVEALS YAHOO PASSWORDS AND STORES THE PASSWORDS INTO A DIRECTORY THAT YOU CHOOSE AND NAMES THE FILE YAHOO PAS.TXT, HAS A LOT OF COOL FEATURES

WINDOWS MSN LIVE PASSWORD SHOW V7

http://www.ourgodfather.com/ccount/click.php?id=50

THIS PROGRAM REVEALS MSN PASSWORDS, AND STORES THE PASSWORD.

FIREMASTER

http://securityxploded.com/firemaster.php

FIREFOX USES A MASTER PASSWORD TO PROTECT THE STORED SIGN-ON INFORMATION FOR VARIOUS WEBSITES. IF THE MASTER PASSWORD IS FORGOTTEN, THEN THERE IS NO WAY TO RECOVER THE MASTER PASSWORD AND USER HAS TO LOSE ALL THE SIGN-ON INFORMATION STORED IN IT. TO PREVENT THIS PROBLEM, I HAVE DEVELOPED FIREMASTER WHICH USES COMBINATION OF TECHNIQUES SUCH AS DICTIONARY, HYBRID AND BRUTE FORCE TO RECOVER THE MASTER PASSWORD FROM THE FIREFOX KEY DATABASE FILE.

FIREPASSWORD

http://securityxploded.com/firepassword.php

FIREPASSWORD IS THE TOOL DESIGNED TO DECRYPT THE USERNAME AND PASSWORD LIST FROM FIREFOX SIGN-ON DATABASE. FIREFOX STORES THE USERNAME AND PASSWORD INFORMATION FOR VARIOUS WEBSITES IN ITS DATABASE FILES. FIREPASSWORD WORKS ON SIMILAR LINE AS FIREFOX'S BUILT-IN PASSWORD MANAGER BUT IT CAN BE USED AS OFFLINE TOOL TO GET THE USERNAME/PASSWORD INFORMATION WITHOUT RUNNING THE FIREFOX.

VENOM

http://www.cqure.net/wp/?page_id=21

VENOM IS A TOOL TO RUN DICTIONARY PASSWORD ATTACKS AGAINST WINDOWS ACCOUNTS BY USING THE WINDOWS MANAGEMENT INSTRUMENTATION (WMI) SERVICE. THIS CAN BE USEFUL IN THOSE CASES WHERE THE SERVER SERVICE HAS BEEN DISABLED. THE TOOL IS WRITTEN IN VB6 AND MIGHT REQUIRE SOME ADDITIONAL RUNTIME LIBRARIES TO RUN. GUESSING SPEEDS VARY, BUT TEND TO BE AROUND 45-50 GUESSES/SEC. THE PASSWORD FILE SUPPORTS THE FORMATS %USERNAME% AND LC %USERNAME% WITH THE RESULT OF THE USERNAME BEING USED AS THE PASSWORD. THE PREFIX LC CONVERTS THE USERNAME TO LOWERCASE.

SSL KEY/CERT FINDER

http://www.trapkit.de/research/sslkeyfinder/index.html

(POC) EXTRACTING RSA PRIVATE KEYS AND CERTIFICATES OUT OF THE PROCESS MEMORY

VNCPWDUMP

http://www.cqure.net/wp/?page_id=7

VNCPWDUMP CAN BE USED TO DUMP AND DECRYPT THE REGISTRY KEY CONTAINING THE ENCRYPTED VNC PASSWORD IN A FEW DIFFERENT WAYS.

IT SUPPORTS DUMPING AND DECRYPTING THE PASSWORD BY:
- DUMPING THE CURRENT USERS REGISTRY KEY
- RETRIEVING IT FROM A NTUSER.DAT FILE
- DECRYPTING A COMMAND LINE SUPPLIED ENCRYPTED PASSWORD
- INJECTING THE VNC PROCESS AND DUMPING THE OWNERS PASSWORD

IPR (ID PASSWORD RECOVERY)

http://www.cqure.net/wp/?page_id=12

IPR IS A TOOL FOR RECOVERING PASSWORDS ON LOTUS NOTES ID FILES. IT DOES THIS BY GUESSING PASSWORDS YOU SUPPLY IN A DICTIONARY FILE. IT GUESSES APPROXIMATELY 400-500 PASSWORDS A SECOND ON A PIII 1GHZ. THE TOOL SHOULD BE USED BY ADMINISTRATORS FOR FINDING WEAK PASSWORDS IN USER ID FILES.

REQUIREMENTS:

LOTUS NOTES R5 CLIENT (NEEDS TO BE IN THE PATH)

USAGE:

IPR –H

PASSLOC PASSWORD LOCATOR

http://www.imperva.com/downloads/PassLoc.zip

BASED ON ADI SHAMIR'S "PLAYING HIDE AND SEEK WITH ENCRYPTION KEYS" ARTICLE, WHICH SUGGESTS A WAY FOR LOCATING KEYS WITHIN A BUFFER (MEMORY, LARGE FILE, ETC.). THE PASSLOC TOOL ACCEPTS A FILE AS INPUT AND RETURNS A GRAPHICAL PLOT OF ITS CONTENT WHERE THE MOST RANDOM PART OF THE FILE IS COLORED. THE ARTICLE SUGGESTS THAT DUE TO THE RANDOM NATURE OF LONG KEYS PUT IN NON-RANDOM FILES, THE HUMAN EYE CAN EASILY DISTINGUISH THE KEY GIVEN A SUFFICIENTLY LONG FILE.

THE A5 CRACKING PROJECT

http://wiki.thc.org/cracking_a5

WINDOWS XP AND VISTA PRODUCT KEY RECOVERY

http://www.dagondesign.com/articles/windows-xp-product-key-recovery/

CISCO Security Auditing Tools

PACKETSTORM’S LISTING OF CISCO ANALYSIS TOOLS

http://packetstormsecurity.org/cisco/

BENCHMARK & AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS

http://www.cisecurity.org/bench_cisco.html

CIS LEVEL-1 / LEVEL-2 BENCHMARKS AND AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS.

  • ABILITY TO SCORE CISCO ROUTER IOS.
  • ABILITY TO SCORE CISCO PIX FIREWALLS.
  • INCLUDES BENCHMARK DOCUMENTS(PDF) FOR BOTH CISCO IOS AND CISCO PIX SECURITY SETTINGS

CISCO TORCH

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

CISCO TORCH MASS SCANNING, FINGERPRINTING, AND EXPLOITATION TOOL WAS WRITTEN WHILE WORKING ON THE NEXT EDITION OF THE "HACKING EXPOSED CISCO NETWORKS", SINCE THE TOOLS AVAILABLE ON THE MARKET COULD NOT MEET OUR NEEDS. THE MAIN FEATURE THAT MAKES CISCO-TORCH DIFFERENT FROM SIMILAR TOOLS IS THE EXTENSIVE USE OF FORKING TO LAUNCH MULTIPLE SCANNING PROCESSES ON THE BACKGROUND FOR MAXIMUM SCANNING EFFICIENCY. ALSO, IT USES SEVERAL METHODS OF APPLICATION LAYER FINGERPRINTING SIMULTANEOUSLY, IF NEEDED. WE WANTED SOMETHING FAST TO DISCOVER REMOTE CISCO HOSTS RUNNING TELNET, SSH, WEB, NTP AND SNMP SERVICES AND LAUNCH DICTIONARY ATTACKS AGAINST THE SERVICES DISCOVERED.

EIGRP TOOLS

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS A CUSTOM EIGRP PACKET GENERATOR AND SNIFFER DEVELOPED TO TEST THE SECURITY AND OVERALL OPERATION QUALITY OF THIS BRILLIANT CISCO ROUTING PROTOCOL. USING THIS TOOL REQUIRES A DECENT LEVEL OF KNOWLEDGE OF EIGRP OPERATIONS, PACKETS STRUCTURE AND TYPES, AS WELL AS THE LAYER 3 TOPOLOGY OF AN AUDITED NETWORK.

CISCOPACK

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS THE IOS BINARY IMAGE PACKING AND UNPACKING PROGRAM CAPABLE OF CALCULATING A CORRECT CHECKSUM FOR THESE IMAGES.

PIX CHECKSUM DOS

http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

THIS IS A PROOF OF CONCEPT PROGRAM THAT DEMONSTRATES THE VULNERABILITY OF CISCO PIX DEVICES TO A DENIAL OF SERVICE ATTACK USING A SPOOFED BAD CHECKSUM PACKET.

CPFPC

http://www.oxid.it/cpfpc.html

CISCO PIX FIREWALL PASSWORD CALCULATOR) PRODUCES THE ENCRYPTED FORM OF CISCO PIX ENABLE MODE PASSWORDS WITHOUT THE NEED TO ACCESS THE DEVICE.

ULTIMA RATIO

http://www.phenoelit.de/ultimaratio/index.html

A REMOTE CISCO IOS EXPLOIT

NIPPER

http://sourceforge.net/projects/nipper

NIPPER IS A NETWORK INFRASTRUCTURE CONFIGURATION PARSER. NIPPER TAKES A NETWORK INFRASTRUCTURE DEVICE CONFIGURATION, PROCESSES THE FILE AND DETAILS SECURITY-RELATED ISSUES WITH THE CONFIGURATION TOGETHER WITH DETAILED RECOMMENDATIONS. NIPPER WAS PREVIOUS KNOWN AS CISCOPARSE. NIPPER CURRENTLY SUPPORTS CISCO SWITCHES (IOS), CISCO ROUTERS (IOS), CISCO FIREWALLS (PIX/ASA/FWSM) AND JUNIPER NETSCREEN (SCREENOS). OUTPUT IS IN HTML, LATEX, XML AND TEXT. ENCRYPTED PASSWORDS CAN BE OUTPUT TO A JOHN-THE-RIPPER FILE FOR STRENGTH TESTING.

VOMIT

http://vomit.xtdnet.nl/

THE VOMIT UTILITY CONVERTS A CISCO IP PHONE CONVERSATION INTO A WAVE FILE THAT CAN BE PLAYED WITH ORDINARY SOUND PLAYERS. VOMIT REQUIRES A TCPDUMP OUTPUT FILE.

CISCO GLOBAL EXPLOITER

http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz

CISCO GLOBAL EXPLOITER IS A TOOL THAT DEMONSTRATES EXPLOITATION OF THE CISCO 677/678 TELNET BUFFER OVERFLOW VULNERABILITY, IOS ROUTER DENIAL OF SERVICE VULNERABILITY, IOS HTTP AUTH VULNERABILITY AND CISCO IOS HTTP CONFIGURATION ARBITRARY ADMINISTRATIVE ACCESS VULNERABILITY, CISCO CATALYST SSH PROTOCOL MISMATCH DENIAL OF SERVICE VULNERABILITY, CISCO 675 WEB ADMINISTRATION DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST 3500 XL REMOTE ARBITRARY COMMAND VULNERABILITY, CISCO IOS SOFTWARE HTTP REQUEST DENIAL OF SERVICE VULNERABILITY, CISCOSECURE ACS FOR WINDOWS NT SERVER DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST MEMORY LEAK VULNERABILITY, CISCO CATOS CISCOVIEW HTTP SERVER BUFFER OVERFLOW VULNERABILITY, %U ENCODING IDS BYPASS VULNERABILITY (UTF), AND CISCO IOS HTTP DENIAL OF SERVICE VULNERABILITY.

CISTO

http://sourceforge.net/projects/cisto/

CISTO (CISCO SCRIPT TOOL) TOOL FOR MANAGING CISCO DEVICES (IOS, CATOS). ALLOWS TO GET CONFIGS, DO CONFIGURATION, INSTALL NEW IMAGES, CHANGE PASSWORDS, DO SINGLE OR LIST OF SHOW COMMANDS AND LOTS MORE FOR A GIVEN LIST OF DEVICES (RUNNING PARALLEL PROZ.)

SWITCHMAP

http://sourceforge.net/projects/switchmap/

EXAMPLE CAPTURES ARE LOCATED HERE:
http://switchmap.sourceforge.net/portlists/

SWITCHMAP IS A PERL PROGRAM THAT CREATES HTML PAGES THAT SHOW INFORMATION ABOUT A SET OF CISCO ETHERNET SWITCHES. THIS PROGRAM USES SNMP TO GATHER DATA FROM THE SWITCHES.

RANCID

http://www.shrubbery.net/rancid/

RANCID MONITORS A ROUTER'S (OR MORE GENERALLY A DEVICE'S) CONFIGURATION, INCLUDING SOFTWARE AND HARDWARE (CARDS, SERIAL NUMBERS, ETC) AND USES CVS (CONCURRENT VERSION SYSTEM) OR SUBVERSION TO MAINTAIN HISTORY OF CHANGES.

RANCID DOES THIS BY THE VERY SIMPLE PROCESS SUMMARIZED HERE:

  • LOGIN TO EACH DEVICE IN THE ROUTER TABLE (ROUTER.DB),
  • RUN VARIOUS COMMANDS TO GET THE INFORMATION THAT WILL BE SAVED,
  • COOK THE OUTPUT; RE-FORMAT, REMOVE OSCILLATING OR INCREMENTING DATA,
  • EMAIL ANY DIFFERENCES (SAMPLE) FROM THE PREVIOUS COLLECTION TO A MAIL LIST,
  • AND FINALLY COMMIT THOSE CHANGES TO THE REVISION CONTROL SYSTEM

RANCID ALSO INCLUDES LOOKING GLASS SOFTWARE. IT IS BASED ON ED KERN'S LOOKING GLASS WHICH WAS ONCE USED FOR HTTP://NITROUS.DIGEX.NET/, FOR THE OLD-SCHOOL FOLKS WHO REMEMBER IT. OUR VERSION HAS ADDED FUNCTIONS, SUPPORTS CISCO, JUNIPER, AND FOUNDRY AND USES THE LOGIN SCRIPTS THAT COME WITH RANCID; SO IT CAN USE TELNET OR SSH TO CONNECT TO YOUR DEVICES(S).

RANCID CURRENTLY SUPPORTS CISCO ROUTERS, JUNIPER ROUTERS, CATALYST SWITCHES, FOUNDRY SWITCHES, REDBACK NASS, ADC EZT3 MUXES, MRTD (AND THUS LIKELY IRRD), ALTEON SWITCHES, AND HP PROCURVE SWITCHES AND A HOST OF OTHERS.
RANCID IS KNOWN TO BE USED AT: AOL, GLOBAL CROSSING, MFN, NTT AMERICA, CERTAINTY SOLUTIONS INC.

SIPTIGER

http://www.vovida.org/applications/downloads/siptiger/

SIPTIGER IS A WEB-BASED PROVISIONING UTILITY FOR CISCO'S LINE OF 7960 AND 7940 SESSION INITIATION PROTOCOL (SIP) IP PHONES AND CISCO SIP PROXY SERVERS (CSPS). THIS UTILITY IS USEFUL FOR ANYONE DEPLOYING CISCO 7960/7940 SIP IP PHONES.

IOSTACK.PL

http://www.phenoelit-us.org/ultimaratio/IOStack2.tgz

IOSTACK.PL IS A SCRIPT TO READ OUT IOS STACK RETURN ADDRESS LOCATIONS.

CISCO ROUTER PASSWORD DECODER

http://www.loud-fat-bloke.co.uk/tools/ciscopass.txt

Simple little perl script to decode router passwords.

Monday, November 12, 2007

Links

Here are some of the links for the security(hacking) related websites

http://www.security-freak.net

http://darknet.org.uk

http://sectools.org

http://www.secureroot.com

http://cracktohack.blogspot.com

E-books
http://elearncomputer.blogspot.com

http://jas-books.blogspot.com

Saturday, November 10, 2007

Hi all....

Hello Everyone,

I will start posting soon