nukeitdotorg » Tools

Matriux 0.9.4 beta1 [Security Distro]

fuzion — Mon, 01 Feb 2010 19:15:23 +0000

Matriux is…

… a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

It’s slick, responsive (even under a VM with bare resources) thanks to it’s lean system requirements and comes with an ‘Arsenal’ of tools to help you get stuff done efficiently. Matriux also seems to have a lot going for it as far as an active community reachable through IRC and forums. Overall, the experience is good. It’s at the very least on par with other distros of this nature. I’m mostly impressed by its speed considering its use of KDE4 with a few sfx turned on. I’ll see how it fares on my crappy little Atom based netbook later.

Click to show a comprehensive list of security tools included in Matriux»

http://www.matriux.com/

Reconnaissance

DNS

DIG
DNSBruteForce
DNSTracer
DNSWalk

HTTrack

HTTrack
WebHTTrack Website Copier
Browse Mirrored Websites

Others

Chaosreader
Deepmagic Information Gathering Tool
dsniff password sniffer
EtherApe
tcpdump
tcpslice
tcptrace
tcptracert
Network Analyzer (Wireshark)
xtrace

Scanning

BATMAN-Tools

batping
batroute
batdump

Cisco

CDP Packet Generator
HSRP Generator

Routing-Protocols

Autonomous System Scanner
IGRP Route Injector

Web-Scanners

Nikto
Angry IP Scan
CryptCat
ettercap console
Ettercap Gui
file2cable
Web Server Fingerprinting Tool
icmpush
icmpquery
IRDP Packet Sender
IRDP Responder Packet Sender
Netcat
netenum
netmask
Nmap
Paris Traceroute
Protocol Scanner
Parallel Internet Measurement Utility
tctrace
THC-Amap
The Network Mapper Front End

Gain Access (Attack Tools)

Brute-Force

BruteSSH

Password

crunch
md5-utils

Others

Mac Changer

Framework

Fast-Track

Fast Track Console Mode
FT-Interactive Menu
Fast Track Gui

Inguma

Inguma-cli
Inguma-gui

Metasploit Framework 2

msf2-cli
msf2-console
msf2-update
msf2-web
msf2-web console v2.7.

Metasploit Framework 3

msf3-cli
msf3-console
msf3-gui
msf3-web
msf3-web console v3.2

Others

Grendel-Scan
HTTP Request Exploit Framework
WebSecurify
WSFuzzer

Radio

Bluetooth

haraldscan

Wireless 802.11

airbase-ng
aircrack-ng
airdecap-ng
airdecloak-ng
airdriver-ng
aireplay-ng
airmon-ng
airodump-ng
airolib-ng
airserv-ng
airtun-ng
buddy-ng
easside-ng
packetforge-ng
tkiptun-ng
wesside-ng
WiFi Radar

Digital-Forensics

Acquisition

Automated Image & Restore 1.28
Guymager

Analysis

Start Autopsy
Autopsy Forensics Browser
Gpart
Pasco
Vinetto
Start WarVOX
Open WarVOX Web Interface
Xplico Console Mode (Internet Traffic Decoder)
Xplico Web Interface (Internet Traffic Decoder)
Dhash

Debugger

Crash
e2dbg
efence
JavaScript Lint
valgrind

Tracer

Leak-Tracer

Leak Analyze
Leak Check
etrace
ltrace
pstack
strace

w3af 1.0-rc3 console for Windows

fuzion — Sat, 09 Jan 2010 03:57:44 +0000

Here’s w3af 1.0 RC3 CLI built for Windows. Please leave a comment if you find a bug. This is not supported software. Please don’t bother reporting bugs to the official list or tracker unless you can confirm it in the original untouched source as well.

Features:

Latest tagged release.
Python 2.6 and updated dependencies built in.
Completely portable.
Tested on Windows XP and 7
“Fixed” many deprecation warnings. Please test!
You can edit the plugins!

Download:

Normal - http://rapidshare.com/files/332486992/w3af-1.0-rc3-console.7z
Slow - http://nukeit.org/pub/w3af-1.0-rc3-console.7z

Stats:

Size: 16,477,852 bytes
CRC32: 846EA1F7
MD5: 42111F575B702660457425DE7EBFA344
SHA-1: 654D70D81BF61579120D238DE2505AA9614DF753

If you’d like to know how I managed to get this built with pyinstaller and fix all the deprecation warnings, take a look at this hideous patch:»
I’ll have both GUI and console packaged versions uploaded soon.

Index: core/controllers/easy_contribution/sourceforge.py
===================================================================
--- core/controllers/easy_contribution/sourceforge.py	(revision 3264)
+++ core/controllers/easy_contribution/sourceforge.py	(working copy)
@@ -23,7 +23,7 @@
 import os
 import cgi
 import time
-import md5
+import hashlib
 import urllib2, urllib
 import cookielib
 from core.controllers.misc.get_w3af_version import get_w3af_version
@@ -102,7 +102,7 @@
         else:
             # Generate the summary, the random token is added to avoid the
             # double click protection added by sourceforge.
-            summary += md5.new( time.ctime() ).hexdigest()
+            summary += hashlib.md5( time.ctime() ).hexdigest()
 
         # Now we handle the details
         details = ''
Index: core/controllers/extrusionScanning/extrusionScanner.py
===================================================================
--- core/controllers/extrusionScanning/extrusionScanner.py	(revision 3264)
+++ core/controllers/extrusionScanning/extrusionScanner.py	(working copy)
@@ -32,7 +32,7 @@
 
 import time
 import os
-import md5
+import hashlib
 import socket
 
@@ -73,7 +73,7 @@
         r += self._exec('uname -a')
         r += self._exec('env')
         r += self._exec('net user')
-        return md5.new(r).hexdigest()
+        return hashlib.md5(r).hexdigest()
 
     def isAvailable( self, port, proto ):
         try:
Index: core/controllers/misc/homeDir.py
===================================================================
--- core/controllers/misc/homeDir.py	(revision 3264)
+++ core/controllers/misc/homeDir.py	(working copy)
@@ -61,7 +61,7 @@
     '''
     @return: The location of the w3af directory inside the home directory of the current user.
     '''
-    home_path = user.home + os.path.sep + '.w3af'
+    home_path = '.w3af'
     return home_path
 
 def home_dir_is_writable():
Index: core/data/parsers/dpCache.py
===================================================================
--- core/data/parsers/dpCache.py	(revision 3264)
+++ core/data/parsers/dpCache.py	(working copy)
@@ -26,7 +26,7 @@
 import core.data.parsers.documentParser as documentParser
 from core.controllers.misc.lru import LRU
 
-import md5
+import hashlib
 import thread
 
@@ -42,7 +42,7 @@
 
     def getDocumentParserFor( self, httpResponse, normalizeMarkup=True ):
         res = None
-        hash = md5.new( httpResponse.getBody() ).hexdigest()
+        hash = hashlib.md5( httpResponse.getBody() ).hexdigest()
 
         with self._LRULock:
             if hash in self._cache:
Index: core/data/url/handlers/keepalive.py
===================================================================
--- core/data/url/handlers/keepalive.py	(revision 3264)
+++ core/data/url/handlers/keepalive.py	(working copy)
@@ -686,7 +686,7 @@
     keepalive_handler.close_all()
 
 def continuity(url):
-    import md5
+    import hashlib
     format = '%25s: %s'
 
     # first fetch the file with the normal http handler
@@ -695,7 +695,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('normal urllib', m.hexdigest())
 
     # now install the keepalive handler and try again
@@ -705,7 +705,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive read', m.hexdigest())
 
     fo = urllib2.urlopen(url)
@@ -715,7 +715,7 @@
         if f: foo = foo + f
         else: break
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive readline', m.hexdigest())
 
 def comp(N, url):
Index: core/data/url/handlers/localCache.py
===================================================================
--- core/data/url/handlers/localCache.py	(revision 3264)
+++ core/data/url/handlers/localCache.py	(working copy)
@@ -25,7 +25,7 @@
 import urllib2
 import httplib
 import unittest
-import md5
+import hashlib
 from core.controllers.misc.homeDir import get_home_dir
 
 import StringIO
@@ -47,7 +47,7 @@
     id += request.get_full_url()
     for h in request.headers.keys():
         id += h + request.headers[h]
-    return md5.new(id).hexdigest()
+    return hashlib.md5(id).hexdigest()
 
 class CacheHandler(urllib2.BaseHandler):
     '''
Index: core/data/url/handlers/MultipartPostHandler.py
===================================================================
--- core/data/url/handlers/MultipartPostHandler.py	(revision 3264)
+++ core/data/url/handlers/MultipartPostHandler.py	(working copy)
@@ -42,7 +42,7 @@
 import urllib
 import urllib2
 import mimetools, mimetypes
-import os, stat, md5
+import os, stat, hashlib
 from core.data.fuzzer.fuzzer import string_file
 
 class Callable:
@@ -102,7 +102,7 @@
             # '127.0.0.1.1000.6267.1173556103.828.1'
             # This contains my IP address, I dont like that...
             # Now:
-            boundary = md5.new(mimetools.choose_boundary()).hexdigest()
+            boundary = hashlib.md5(mimetools.choose_boundary()).hexdigest()
         if buffer is None:
             buffer = ''
 
Index: extlib/pyPdf/pyPdf/pdf.py
===================================================================
--- extlib/pyPdf/pyPdf/pdf.py	(revision 3264)
+++ extlib/pyPdf/pyPdf/pdf.py	(working copy)
@@ -46,8 +46,8 @@
 import utils
 from generic import *
 from utils import readNonWhitespace, readUntilWhitespace, ConvertFunctionsToVirtualList
-from sets import ImmutableSet
-
+#from sets import ImmutableSet
+ImmutableSet = frozenset
 ##
 # This class supports writing PDF files out, given pages produced by another
 # class (typically {@link #PdfFileReader PdfFileReader}).
@@ -115,7 +115,7 @@
     # encryption.  When false, 40bit encryption will be used.  By default, this
     # flag is on.
     def encrypt(self, user_pwd, owner_pwd = None, use_128bit = True):
-        import md5, time, random
+        import hashlib, time, random
         if owner_pwd == None:
             owner_pwd = user_pwd
         if use_128bit:
@@ -129,8 +129,8 @@
         # permit everything:
         P = -1
         O = StringObject(_alg33(owner_pwd, user_pwd, rev, keylen))
-        ID_1 = md5.new(repr(time.time())).digest()
-        ID_2 = md5.new(repr(random.random())).digest()
+        ID_1 = hashlib.md5(repr(time.time())).digest()
+        ID_2 = hashlib.md5(repr(random.random())).digest()
         self._ID = ArrayObject((StringObject(ID_1), StringObject(ID_2)))
         if rev == 2:
             U, key = _alg34(user_pwd, O, P, ID_1)
@@ -156,7 +156,7 @@
     # @param stream An object to write the file to.  The object must support
     # the write method, and the tell method, similar to a file object.
     def write(self, stream):
-        import struct, md5
+        import struct, hashlib
 
         externalReferenceMap = {}
         self.stack = []
@@ -177,7 +177,7 @@
                 pack2 = struct.pack("= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash[:keylen]).digest()
+            md5_hash = hashlib.md5(md5_hash[:keylen]).digest()
     return md5_hash[:keylen]
 
 def _alg33(owner_pwd, user_pwd, rev, keylen):
@@ -1114,14 +1114,14 @@
     return val
 
 def _alg33_1(password, rev, keylen):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     password = (password + _encryption_padding)[:32]
     m.update(password)
     md5_hash = m.digest()
     if rev >= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash).digest()
+            md5_hash = hashlib.md5(md5_hash).digest()
     key = md5_hash[:keylen]
     return key
 
@@ -1131,8 +1131,8 @@
     return U, key
 
 def _alg35(password, rev, keylen, owner_entry, p_entry, id1_entry, metadata_encrypt):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     m.update(_encryption_padding)
     m.update(id1_entry)
     md5_hash = m.digest()
Index: extlib/scapy/scapy.py
===================================================================
--- extlib/scapy/scapy.py	(revision 3264)
+++ extlib/scapy/scapy.py	(working copy)
@@ -3111,9 +3111,9 @@
             if loctrace:
                 trt[trace_id] = loctrace
 
-        tr = map(lambda x: Gnuplot.Data(x,with="lines"), trt.values())
+        tr = map(lambda x: Gnuplot.Data(x,with_="lines"), trt.values())
         g = Gnuplot.Gnuplot()
-        world = Gnuplot.File(conf.gnuplot_world,with="lines")
+        world = Gnuplot.File(conf.gnuplot_world,with_="lines")
         g.plot(world,*tr)
         return g
 
Index: plugins/attack/db/dbDriverFunctions.py
===================================================================
--- plugins/attack/db/dbDriverFunctions.py	(revision 3264)
+++ plugins/attack/db/dbDriverFunctions.py	(working copy)
@@ -13,7 +13,7 @@
 
 import urllib
 import time
-import md5
+import hashlib
 import os
 import random
 
Index: plugins/discovery/favicon_identification.py
===================================================================
--- plugins/discovery/favicon_identification.py	(revision 3264)
+++ plugins/discovery/favicon_identification.py	(working copy)
@@ -43,7 +43,7 @@
 from core.controllers.w3afException import w3afException, w3afRunOnce
 
 import re
-import md5
+import hashlib
 import os.path
 
@@ -86,7 +86,7 @@
             response = self._urlOpener.GET( def_favicon_url, useCache=True )
 
             if not is_404( response ):
-                favmd5=md5.new(response.getBody()).hexdigest()
+                favmd5=hashlib.md5(response.getBody()).hexdigest()
 
                 try:
                     # read MD5 database.
Index: plugins/discovery/findCaptchas.py
===================================================================
--- plugins/discovery/findCaptchas.py	(revision 3264)
+++ plugins/discovery/findCaptchas.py	(working copy)
@@ -33,7 +33,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import sha
+import hashlib
 import mimetypes
 import core.data.parsers.documentParser as documentParser
 
@@ -121,7 +121,7 @@
                     except:
                         om.out.debug('Failed to retrieve the image for finding captchas.')
                     else:
-                        res[ img_src ] = sha.new(image_response.getBody()).hexdigest()
+                        res[ img_src ] = hashlib.sha1(image_response.getBody()).hexdigest()
 
         return res
 
Index: plugins/discovery/phpEggs.py
===================================================================
--- plugins/discovery/phpEggs.py	(revision 3264)
+++ plugins/discovery/phpEggs.py	(working copy)
@@ -36,7 +36,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import md5
+import hashlib
 
 class phpEggs(baseDiscoveryPlugin):
@@ -274,7 +274,7 @@
         else:
             cmp_list = []
             for r in response:
-                cmp_list.append( (md5.new(r[0].getBody()).hexdigest(), r[1] ) )
+                cmp_list.append( (hashlib.md5(r[0].getBody()).hexdigest(), r[1] ) )
             cmp_set = set( cmp_list )
 
             found = False
Index: scripts/script-all.w3af
===================================================================
--- scripts/script-all.w3af	(revision 3264)
+++ scripts/script-all.w3af	(working copy)
@@ -10,7 +10,7 @@
 output config console
 set verbose False
 back
-discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan
+discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan !detectReverseProxy
 discovery
 grep all
 grep
@@ -20,6 +20,6 @@
 bruteforce
 back
 target
-set target http://localhost/w3af/
+set target http://localhost/
 back
 start
Index: scripts/script-find_captcha.w3af
===================================================================
--- scripts/script-find_captcha.w3af	(revision 3264)
+++ scripts/script-find_captcha.w3af	(working copy)
@@ -13,7 +13,7 @@
 
 back
 target
-set target http://localhost/w3af/discovery/find_captcha/index.php
+set target http://localhost/
 back
 
 start
Index: w3af_console
===================================================================
--- w3af_console	(revision 3264)
+++ w3af_console	(working copy)
@@ -2,7 +2,76 @@
 
 import getopt, sys, os
 import gettext
-
+import hashlib
+import csv
+import Cookie
+import core.controllers.outputManager as om
+import core.data.constants.browsers as browsers
+import core.data.constants.dbms as dbms
+import core.data.constants.httpConstants as httpConstants
+import core.data.constants.httpConstants as http_constants
+import core.data.constants.severity as severity
+import core.data.constants.w3afPorts as w3afPorts
+import core.data.dc.form as form
+import core.data.kb.config as cf
+import core.data.kb.info as info
+import core.data.kb.info as infokb
+import core.data.kb.knowledgeBase as kb
+import core.data.kb.vuln as vuln
+import core.data.parsers.documentParser as documentParser
+import core.data.parsers.dpCache as dpCache
+import core.data.parsers.urlParser as urlParser
+import core.data.request.httpPostDataRequest as httpPostDataRequest
+import core.data.request.httpQsRequest as httpQsRequest
+import core.data.url.httpResponse as httpResponse
+from core.controllers.basePlugin.baseAttackPlugin import *
+from core.controllers.basePlugin.baseAuditPlugin import *
+from core.controllers.basePlugin.baseBruteforcePlugin import *
+from core.controllers.basePlugin.baseDiscoveryPlugin import *
+from core.controllers.basePlugin.baseEvasionPlugin import *
+from core.controllers.basePlugin.baseGrepPlugin import *
+from core.controllers.basePlugin.baseManglePlugin import *
+from core.controllers.basePlugin.baseOutputPlugin import *
+from core.controllers.basePlugin.basePlugin import *
+from core.controllers.coreHelpers.fingerprint_404 import *
+from core.controllers.daemons.proxy import *
+from core.controllers.daemons.webserver import *
+from core.controllers.misc.factory import *
+from core.controllers.misc.get_local_ip import *
+from core.controllers.misc.groupbyMinKey import *
+from core.controllers.misc.homeDir import *
+from core.controllers.misc.is_private_site import *
+from core.controllers.misc.levenshtein import *
+from core.controllers.misc.temp_dir import *
+from core.controllers.misc.webroot import *
+from core.controllers.sql_tools.blind_sqli_response_diff import *
+from core.controllers.sql_tools.blind_sqli_time_delay import *
+from core.controllers.threads.threadManager import *
+from core.controllers.threads.w3afThread import *
+from core.controllers.w3afException import *
+from core.data.constants.common_directories import *
+from core.data.db.db import *
+from core.data.db.history import *
+from core.data.db.temp_persist import *
+from core.data.dc.form import *
+from core.data.exchangableMethods import *
+from core.data.fuzzer.formFiller import *
+from core.data.fuzzer.fuzzer import *
+from core.data.fuzzer.mutant import *
+from core.data.getResponseType import *
+from core.data.kb.shell import *
+from core.data.options.option import *
+from core.data.options.optionList import *
+from core.data.parsers.dpCache import *
+from core.data.parsers.urlParser import *
+from core.data.request.frFactory import *
+from core.data.request.httpQsRequest import *
+from core.data.searchEngines.googleSearchEngine import *
+from core.data.searchEngines.msn import *
+from core.data.searchEngines.pks import *
+from core.data.searchEngines.yahooSiteExplorer import *
+from core.data.url.xUrllib import *
+
 # First of all, we need to change the working directory to the directory of w3af.
 currentDir = os.getcwd()
 scriptDir = os.path.dirname(sys.argv[0]) or '.'

DECAF – Detect and Eliminate Computer Assisted Forensics [COFEE]

fuzion — Mon, 14 Dec 2009 18:21:10 +0000

Worried about Microsoft’s COFEE? Now there is DECAF, a tiny application which will monitor Windows boxes and detect the presence of COFEE. There are lots of neat little features already enabled with this version. Check out their description:

DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.
DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity.
DECAF is highly configurable giving the user complete control to on-the-fly scenarios. In a moments notice, almost every piece of hardware can be disabled and pre-defined files can be deleted in the background. DECAF also gives the user an opportunity to simulate COFEE’s presence by sending the application into a ‘Spill the cofee’ type mode. Simulation gives the user an opportunity to test his or her configuration before going live.

Download DECAF, view more screenshots, and read more about it here:

http://decafme.org/

Pentoo i686 and x86_64 2009.0 final

fuzion — Sat, 05 Dec 2009 05:04:10 +0000

Pentoo i686 and x86_64 2009.0 final are out now. Check out some of the features in the well made gentoo-based penetration testing live linux distro:

It features the following :

Changes saving
Enhanced cracking software
- NTLM/MD4/MD5 cuda bruteforcer
- WPA PSK rainbowtables generation accelerated through CUDA, STREAM or PADLOCK
- John The Ripper with MPI support allowing you to run it on all your local or remote cores
Kernel 2.6.31.6 and wifi 2.6.32_rc7 with all the patches from Zero, including the freq patches for ath5k
A slight and sexy UI, Enlightenment DR17, built from SVN

Enabled Firefox Extensions:

Add N Edit Cookies 0.2.1.3
Firebug 1.4.5
FoxyProxy Standard 2.15
HackBar 1.4.2
HttpFox 0.8.4
Live HTTP headers 0.15
Multiproxy Switch 1.32
No-Referer 1.3.1
ShowIP 0.8.17
SQL Inject Me 0.4.4
SQL Injection! 1.3
Tamper Data 10.1.0
User Agent Switcher 0.7.2
XSS Me 0.4.3

Get it here:


http://www.pentoo.ch/download/

pentoo-i686-2009.0.iso
pentoo-x86_64-2009.0.iso

Pentoo i686 2009.0 Final Screenshots:

CFIR and REAPER Security and Forensics Live CDs

fuzion — Mon, 30 Nov 2009 02:00:42 +0000

Linux Computer Forensics & Incident Response LIVECD or CFIR is a pretty straightforward forensics distro.


http://sourceforge.net/projects/cfirproject/

Azril Azam on Facebook


http://www.facebook.com/people/Azril-Azam/1128729650

REAPER is an interesting forensics distro that aims to automate the gathering of documents from a host machine.

Rapid Evidence Acquisition Project for Event Reconstruction (REAPER) – Open Source forensic environment for the complete automation of the digital investigation process. At its core is Debian Live and the Open Computer Forensics Architecture (OCFA).


http://sourceforge.net/projects/reaperforensics/

http://cybercrimetech.com/projects/reaper/reaper.php

Here are a few screens I took from a VM.

New Nmap Beta Released [Nmap 5.10]

fuzion — Mon, 23 Nov 2009 20:05:47 +0000

Changes include:
    14 new NSE scripts, bringing the total to 72!

    A brand new (much faster and more efficient) --traceroute system

    The Zenmap host filter (Ctrl-L) for drilling down to the exact
    systems you want to see in a big scan based on the criteria you
    specify.  For example, type "apache" to see all the hosts running a
    version of the Apache web server.

    UDP protocol-specific payloads make UDP scanning and host discovery
    much more effective.

    And more than 100 other significant changes!

Download Nmap 5.10BETA1 for Windows


http://nmap.org/dist/nmap-5.10BETA1-win32.zip

Cain & Abel 4.9.32 released

fuzion — Sat, 26 Sep 2009 02:33:34 +0000

Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Changes in this version:

Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
Fixed a bug of RSA SecurID Calculator within XML import function.
Executables rebuilt with Visual Studio 2008.

via Cain & Abel 4.9.32 released.

VIPER Lab VAST

fuzion — Fri, 25 Sep 2009 22:46:52 +0000

Back in June, Mike Jones posted about a new distro customized for use in VoIP security testing:

I have been working on a Linux distribution that penetration testers can utilize in their VoIP testing and have come up with VAST (VIPER Assessment Security Tools).
VIPER tools included:
UCSniff
VideoJak
ACE
VoipHopper
This distribution will be a vital part of any VoIP penetration tester’s arsenal. The tools included on the dvd are an important part of VIPER assessments. Along with the VoIP tools, it will also include basic penetration testing tools such as NMAP and the password brute force application, Hydra. VIPER will be constantly adding more features such as an open source PBX, sipXecs, and other network penetration tools and vulnerability scanners. VIPER is also providing a class which will cover VoIP assessment methodology and tool usage. There will also be a lab portion of the training where students will have the chance to use the tools in a simulated corporate environment just as they would encounter in a VoIP vulnerability assessment.
VAST is built on Ubuntu 9.04 framework and has the option to install to a hard drive or USB.

I found it on sourceforge and took a few screens in VirtualBox:

Homepage:

http://www.viperlab.net

SF:

http://sourceforge.net/projects/vipervast/

Nmap 5 out now

fuzion — Thu, 16 Jul 2009 19:05:07 +0000

Fyodor just announced the release of Nmap 5. This version is considered a major milestone, and it is advised to upgrade now.

Hello everyone. I’m delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.

Top 5 Changes

1) The new Ncat tool aims to be your Swiss Army Knife for data
transfer, redirection, and debugging. We released a whole users’
guide (http://nmap.org/ncat/guide/index.html) detailing security
testing and network administration tasks it made easy with Ncat.
Details: http://nmap.org/5/#changes-ncat
2) The addition of the Ndiff scan comparison tool completes Nmap’s
growth into a whole suite of applications which work together to
serve network administrators and security practitioners. Ndiff
makes it easy to automatically scan your network daily and report
on any changes (systems coming up or going down or changes to the
software services they are running). The other two tools now
packaged with Nmap itself are Ncat and the much improved Zenmap GUI
and results viewer. Details: http://nmap.org/5/#changes-ndiff
3) Nmap performance has improved dramatically. We spent last summer
scanning much of the Internet and merging that data with internal
enterprise scan logs to determine the most commonly open
ports. This allows Nmap to scan fewer ports by default while
finding more open ports. We also added a fixed-rate scan engine so
you can bypass Nmap’s congestion control algorithms and scan at
exactly the rate (packets per second) you specify. Details:
http://nmap.org/5/#changes-performance
4) We released Nmap Network Scanning, the official Nmap guide to
network discovery and security scanning. From explaining port
scanning basics for novices to detailing low-level packet crafting
methods used by advanced hackers, this book suits all levels of
security and networking professionals. A 42-page reference guide
documents every Nmap feature and option, while the rest of the book
demonstrates how to apply those features to quickly solve
real-world tasks. More than half the book is available in the free
online edition at http://nmap.org/book/toc.html. Details:
http://nmap.org/5/#changes-book
5) The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and
flexible features. It allows users to write (and share) simple
scripts to automate a wide variety of networking tasks. Those
scripts are then executed in parallel with the speed and efficiency
you expect from Nmap. All existing scripts have been improved, and
32 new ones added. New scripts include a whole bunch of
MSRPC/NetBIOS attacks, queries, and vulnerability probes; open
proxy detection; whois and AS number lookup queries; brute force
attack scripts against the SNMP and POP3 protocols; and many
more. All NSE scripts and modules are described in the new NSE
documentation portal. Details: http://nmap.org/5/#changes-nse

Learn more here http://nmap.org/5/
Windows users download here http://nmap.org/dist/nmap-5.00-setup.exe

Stupid Bash Scripts – Batch redirect resolving with curl

fuzion — Sun, 12 Jul 2009 02:34:38 +0000

I had a bunch of lists of redirects that I needed to get the targets for so I wrote this simple script to do it with curl. I’m sure you can do a lot more with this as a template so I decided to share.

#!/bin/bash
#
#
#                      |         _)  |        |        |
#            \   |  |  | /   -_)  |   _|   _` |   _ \   _|   _ \   _| _` |
#         _| _| \_,_| _\_\ \___| _| \__| \__,_| \___/ \__| \___/ _| \__, |
#                                                                   ____/
#                              http://nukeit.org
#
#
#Use curl to grab the headers from a list of redirects with grep and awk thrown in for fun.
#
#
#set this to your directory of txt lists containing one redirect per line
DIR="./unresolved/"
#make a directory for the output files and put the name here
OUTDIR="./resolved/"
#Connect timeout in seconds
CTIME="15"
#Max timeout in seconds
MTIME="30"
#set proxy (untested)
#http_proxy=""
#
cd $DIR
for i in $( ls -1 ); do curl --connect-timeout $CTIME -m $MTIME -I $(cat $i) | grep Location | awk '{print $2}' >> ../resolved/$i; done