Jump to content

Search the Community

Showing results for tags 'tool'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

  1. o Sensepost Footprint Tools o Big Brother o BiLE Suite o Alchemy Network Tool o Advanced Administrative Tool o My IP Suite o Wikto Footprinting Tool o Whois Lookup o Whois o SmartWhois o ActiveWhois o LanWhois o CountryWhois o WhereIsIP o Ip2country o CallerIP o Web Data Extractor Tool o Online Whois Tools o What is MyIP o DNS Enumerator o SpiderFoot o Nslookup o Extract DNS Information • Types of DNS Records • Necrosoft Advanced DIG o Expired Domains o DomainKing o Domain Name Analyzer o DomainInspect o MSR Strider URL Tracer o Mozzle Domain Name Pro o Domain Research Tool (DRT) o Domain Status Reporter o Reggie o Locate the Network Range • ARIN • Traceroute • 3D Traceroute • NeoTrace • VisualRoute Trace • Path Analyzer Pro • Maltego • Layer Four Traceroute • Prefi x WhoIs widget • Touchgraph • VisualRoute Mail Tracker • eMailTrackerPro o 1st E-mail Address Spider o Power E-mail Collector Tool o GEOSpider o Geowhere Footprinting Tool o Google Earth o Kartoo Search Engine o Dogpile (Meta Search Engine) o Tool: WebFerret o robots.txt o WTR - Web The Ripper o Website Watcher SCANNING • Angry IP • HPing2 • Ping Sweep • Firewalk Tool • Firewalk Commands • Firewalk Output • Nmap • Nmap: Scan Methods • NMAP Scan Options • NMAP Output Format • TCP Communication Flags • Three Way Handshake o Syn Stealth/Half Open Scan o Stealth Scan o Xmas Scan o Fin Scan o Null Scan o Idle Scan o ICMP Echo Scanning/List Scan o TCP Connect/Full Open Scan o FTP Bounce Scan • Ftp Bounce Attack o SYN/FIN Scanning Using IP Fragments o UDP Scanning o Reverse Ident Scanning o RPC Scan o Window Scan o Blaster Scan o Portscan Plus, Strobe o IPSec Scan o Netscan Tools Pro o WUPS – UDP Scanner o Superscan o IPScanner o Global Network Inventory Scanner o Net Tools Suite Pack o Atelier Web Ports Traffi c Analyzer (AWPTA) o Atelier Web Security Port Scanner (AWSPS) o IPEye o ike-scan o Infi ltrator Network Security Scanner o YAPS: Yet Another Port Scanner o Advanced Port Scanner o NetworkActiv Scanner o NetGadgets o P-Ping Tools o MegaPing o LanSpy o HoverIP o LANView o NetBruteScanner o SolarWinds Engineer’s Toolset o AUTAPF o OstroSoft Internet Tools o Advanced IP Scanner o Active Network Monitor o Advanced Serial Data Logger o Advanced Serial Port Monitor o WotWeb o Antiy Ports o Port Detective Enumeration Overview of System Hacking Cycle Techniques for Enumeration NetBIOS Null Sessions o So What’s the Big Deal o DumpSec Tool o NetBIOS Enumeration Using Netview • Nbtstat Enumeration Tool • SuperScan • Enum Tool o Enumerating User Accounts • GetAcct o Null Session Countermeasure PS Tools o PsExec o PsFile o PsGetSid o PsKill o PsInfo o PsList o PsLogged On o PsLogList o PsPasswd o PsService o PsShutdown o PsSuspend o Management Information Base (MIB) o SNMPutil Example o SolarWinds o SNScan o Getif SNMP MIB Browser o UNIX Enumeration o SNMP UNIX Enumeration o SNMP Enumeration Countermeasures o LDAP enumeration o JXplorer o LdapMiner o Softerra LDAP Browser o NTP enumeration o SMTP enumeration o Smtpscan o Web enumeration o Asnumber o Lynx o Windows Active Directory Attack Tool o How To Enumerate Web Application Directories in IIS Using DirectoryServices IP Tools Scanner Enumerate Systems Using Default Password Tools: o NBTScan o NetViewX o FREENETENUMERATOR o Terminal Service Agent o TXNDS o Unicornscan o Amap o Netenum System Hacking Part 1- Cracking Password o Password Types o Types of Password Attack • Passive Online Attack: Wire Sniffi ng • Passive Online Attack: Man-in-the-middle and replay attacks • Active Online Attack: Password Guessing • Offl ine Attacks Brute force Attack Pre-computed Hashes Syllable Attack/Rule-based Attack/ Hybrid attacks Distributed network Attack Rainbow Attack • Non-Technical Attacks o PDF Password Cracker o Abcom PDF Password Cracker o Password Mitigation o Permanent Account Lockout-Employee Privilege Abuse o Administrator Password Guessing • Manual Password cracking Algorithm • Automatic Password Cracking Algorithm o Performing Automated Password Guessing • Tool: NAT • Smbbf (SMB Passive Brute Force Tool) • SmbCrack Tool: Legion • Hacking Tool: LOphtcrack o Microsoft Authentication • LM, NTLMv1, and NTLMv2 • NTLM And LM Authentication On The Wire • Kerberos Authentication • What is LAN Manager Hash? LM “Hash” Generation LM Hash • Salting • PWdump2 and Pwdump3 • Tool: Rainbowcrack • Hacking Tool: KerbCrack • Hacking Tool: NBTDeputy • NetBIOS DoS Attack • Hacking Tool: John the Ripper o Password Sniffi ng o How to Sniff SMB Credentials? o SMB Replay Attacks o Replay Attack Tool: SMBProxy o SMB Signing o Tool: LCP o Tool: SID&User o Tool: Ophcrack 2 o Tool: Crack o Tool: Access PassView o Tool: Asterisk Logger o Tool: CHAOS Generator o Tool: Asterisk Key o Password Recovery Tool: MS Access Database Password Decoder o Password Cracking Countermeasures o Do Not Store LAN Manager Hash in SAM Database o LM Hash Backward Compatibility o How to Disable LM HASH o Password Brute-Force Estimate Tool o Syskey Utility o AccountAudit Part2-Escalating Privileges o Privilege Escalation o Cracking NT/2000 passwords o Active@ Password Changer • Change Recovery Console Password - Method 1 • Change Recovery Console Password - Method 2 o Privilege Escalation Tool: x.exe Part3-Executing applications o Tool: psexec o Tool: remoexec o Ras N Map o Tool: Alchemy Remote Executor o Emsa FlexInfo Pro o Keystroke Loggers o E-mail Keylogger o Revealer Keylogger Pro o Handy Keylogger o Ardamax Keylogger o Powered Keylogger o Quick Keylogger o Spy-Keylogger o Perfect Keylogger o Invisible Keylogger o Actual Spy o SpyToctor FTP Keylogger o IKS Software Keylogger o Ghost Keylogger o Hacking Tool: Hardware Key Logger o What is Spyware? o Spyware: Spector o Remote Spy o Spy Tech Spy Agent o 007 Spy Software o Spy Buddy o Ace Spy o Keystroke Spy o Activity Monitor o Hacking Tool: eBlaster o Stealth Voice Recorder o Stealth Keylogger o Stealth Website Logger o Digi Watcher Video Surveillance o Desktop Spy Screen Capture Program o Telephone Spy o Print Monitor Spy Tool o Stealth E-Mail Redirector o Spy Software: Wiretap Professional o Spy Software: FlexiSpy o PC PhoneHome o Keylogger Countermeasures o Anti Keylogger Trojans and Backdoors Effect on Business What is a Trojan? o Overt and Covert Channels o Working of Trojans o Different Types of Trojans Remote Access Trojans Data-Sending Trojans Destructive Trojans Denial-of-Service (DoS) Attack Trojans Proxy Trojans FTP Trojans Security Software Disablers o What do Trojan Creators Look for? o Different Ways a Trojan can Get into a System Indications of a Trojan Attack Ports Used by Trojans o How to Determine which Ports are Listening Trojans o Trojan: iCmd o MoSucker Trojan o Proxy Server Trojan o SARS Trojan Notifi cation o Wrappers o Wrapper Covert Program o Wrapping Tools o One Exe Maker / YAB / Pretator Wrappers o Packaging Tool: WordPad o RemoteByMail o Tool: Icon Plus o Defacing Application: Restorator o Tetris o HTTP Trojans o Trojan Attack through Http o HTTP Trojan (HTTP RAT) o Shttpd Trojan - HTTP Server o Reverse Connecting Trojans o Nuclear RAT Trojan (Reverse Connecting) o Tool: BadLuck Destructive Trojan o ICMP Tunneling o ICMP Backdoor Trojan o Microsoft Network Hacked by QAZ Trojan o Backdoor.Theef (AVP) o T2W (TrojanToWorm) o Biorante RAT o DownTroj o Turkojan o Trojan.Satellite-RAT o Yakoza o DarkLabel B4 o Trojan.Hav-Rat o Poison Ivy o Rapid Hacker o SharK o HackerzRat o TYO o 1337 Fun Trojan o Criminal Rat Beta o VicSpy o Optix PRO o ProAgent o OD Client o AceRat o Mhacker-PS o RubyRAT Public o SINner o ConsoleDevil o ZombieRat o FTP Trojan - TinyFTPD o VNC Trojan o Webcam Trojan o DJI RAT o Skiddie Rat o Biohazard RAT o Troya o ProRat o Dark Girl o DaCryptic o Net-Devil Classic Trojans Found in the Wild o Trojan: Tini o Trojan: NetBus o Trojan: Netcat o Netcat Client/Server o Netcat Commands o Trojan: Beast o Trojan: Phatbot o Trojan: Amitis o Trojan: Senna Spy o Trojan: QAZ o Trojan: Back Orifi ce o Trojan: Back Oriffi ce 2000 o Back Oriffi ce Plug-ins o Trojan: SubSeven o Trojan: CyberSpy Telnet Trojan o Trojan: Subroot Telnet Trojan o Trojan: Let Me Rule! 2.0 BETA 9 o Trojan: Donald Dick o Trojan: RECUB Hacking Tool: Loki Loki Countermeasures Atelier Web Remote Commander Trojan Horse Construction Kit How to Detect Trojans? o Netstat o fPort o TCPView Viruses and Worms Virus History Characteristics of Virus Working of Virus o Infection Phase o Attack Phase Why people create Computer Viruses Symptoms of a Virus-like Attack Virus Hoaxes Chain Letters How is a Worm Different from a Virus Indications of a Virus Attack Hardware Threats Software Threats Virus Damage Mode of Virus Infection Stages of Virus Life Virus Classifi cation How Does a Virus Infect? Storage Patterns of Virus o System Sector virus o Stealth Virus o Bootable CD-Rom Virus • Self -Modifi cation • Encryption with a Variable Key o Polymorphic Code o Metamorphic Virus o Cavity Virus o Sparse Infector Virus o Companion Virus o File Extension Virus Famous Virus/Worms – I Love You Virus Famous Virus/Worms – Melissa Famous Virus/Worms – JS/Spth Klez Virus Analysis Latest Viruses Top 10 Viruses- 2008 o Virus: Win32.AutoRun.ah o Virus:W32/Virut o Virus:W32/Divvi o Worm.SymbOS.Lasco.a o Disk Killer o Bad Boy o HappyBox o Java.StrangeBrew o MonteCarlo Family o PHP.Neworld o W32/WBoy.a o ExeBug.d o W32/Voterai.worm.e o W32/Lecivio.worm o W32/Lurka.a o W32/Vora.worm!p2p Writing a Simple Virus Program Virus Construction Kits Virus Detection Methods Virus Incident Response What is Sheep Dip? Virus Analysis – IDA Pro Tool Prevention is better than Cure Anti-Virus Software o AVG Antivirus o Norton Antivirus o McAfee o Socketsheild o BitDefender o ESET Nod32 o CA Anti-Virus o F-Secure Anti-Virus o Kaspersky Anti-Virus o F-Prot Antivirus o Panda Antivirus Platinum o avast! Virus Cleaner o ClamWin o Norman Virus Control Popular Anti-Virus Packages Virus Databases Sniffers Defi nition - Sniffi ng Protocols Vulnerable to Sniffi ng Tool: Network View – Scans the Network for Devices The Dude Sniffer Wireshark Display Filters in Wireshark Following the TCP Stream in Wireshark Cain and Abel Tcpdump Tcpdump Commands Types of Sniffi ng o Passive Sniffi ng o Active Sniffi ng What is ARP o ARP Spoofi ng Attack o How does ARP Spoofi ng Work o ARP Poising o MAC Duplicating o MAC Duplicating Attack o Tools for ARP Spoofi ng • Ettercap • ArpSpyX o MAC Flooding • Tools for MAC Flooding Linux Tool: Macof Windows Tool: Etherfl ood o Threats of ARP Poisoning o Irs-Arp Attack Tool o ARPWorks Tool o Tool: Nemesis o IP-based sniffi ng Linux Sniffi ng Tools (dsniff package) o Linux tool: Arpspoof o Linux Tool: Dnssppoof o Linux Tool: Dsniff o Linux Tool: Filesnarf o Linux Tool: Mailsnarf o Linux Tool: Msgsnarf o Linux Tool: Sshmitm o Linux Tool: Tcpkill o Linux Tool: Tcpnice o Linux Tool: Urlsnarf o Linux Tool: Webspy o Linux Tool: Webmitm DNS Poisoning Techniques o Intranet DNS Spoofi ng (Local Network) o Internet DNS Spoofi ng (Remote Network) o Proxy Server DNS Poisoning o DNS Cache Poisoning Interactive TCP Relay Interactive Replay Attacks Raw Sniffi ng Tools Features of Raw Sniffi ng Tools o HTTP Sniffer: EffeTech o Ace Password Sniffer o Win Sniffer o MSN Sniffer o SmartSniff o Session Capture Sniffer: NetWitness o Session Capture Sniffer: NWreader o Packet Crafter Craft Custom TCP/IP Packets o SMAC o NetSetMan Tool o Ntop o EtherApe o Network Probe o Maa Tec Network Analyzer o Tool: Snort o Tool: Windump o Tool: Etherpeek o NetIntercept o Colasoft EtherLook o AW Ports Traffi c Analyzer o Colasoft Capsa Network Analyzer o CommView o Sniffem o NetResident o IP Sniffer o Sniphere o IE HTTP Analyzer o BillSniff o URL Snooper o EtherDetect Packet Sniffer o EffeTech HTTP Sniffer o AnalogX Packetmon o Colasoft MSN Monitor o IPgrab o EtherScan Analyzer Social Engineering What is Social Engineering? Human Weakness “Rebecca” and “Jessica” Offi ce Workers Types of Social Engineering o Human-Based Social Engineering • Technical Support Example • More Social Engineering Examples • Human-Based Social Engineering: Eavesdropping • Human-Based Social Engineering: Shoulder Surfi ng • Human-Based Social Engineering: Dumpster Diving • Dumpster Diving Example • Oracle Snoops Microsoft’s Trash Bins • Movies to Watch for Reverse Engineering o Computer Based Social Engineering o Insider Attack o Disgruntled Employee o Preventing Insider Threat o Common Targets of Social Engineering Social Engineering Threats o Online o Telephone o Personal approaches o Defenses Against Social Engineering Threats Factors that make Companies Vulnerable to Attacks Why is Social Engineering Effective Warning Signs of an Attack Tool : Netcraft Anti-Phishing Toolbar Phases in a Social Engineering Attack Behaviors Vulnerable to Attacks Impact on the Organization Countermeasures Policies and Procedures Security Policies - Checklist Denial-of-Service Real World Scenario of DoS Attacks What are Denial-of-Service Attacks Goal of DoS Impact and the Modes of Attack Types of Attacks DoS Attack Classifi cation o Smurf Attack o Buffer Overfl ow Attack o Ping of Death Attack o Teardrop Attack o SYN Attack o SYN Flooding o DoS Attack Tools o DoS Tool: Jolt2 o DoS Tool: Bubonic.c o DoS Tool: Land and LaTierra o DoS Tool: Targa o DoS Tool: Blast o DoS Tool: Nemesy o DoS Tool: Panther2 o DoS Tool: Crazy Pinger o DoS Tool: SomeTrouble o DoS Tool: UDP Flood o DoS Tool: FSMax Bot (Derived from the Word RoBOT) Botnets Uses of Botnets How Do They Infect? Analysis Of Agabot How Do They Infect Tool: Nuclear Bot What is DDoS Attack Characteristics of DDoS Attacks DDOS Unstoppable Agent Handler Model DDoS IRC based Model DDoS Attack Taxonomy Amplifi cation Attack Refl ective DNS Attacks Refl ective DNS Attacks Tool: ihateperl.pl DDoS Tools o DDoS Tool: Trinoo o DDoS Tool: Tribal Flood Network o DDoS Tool: TFN2K o DDoS Tool: Stacheldraht o DDoS Tool: Shaft o DDoS Tool: Trinity o DDoS Tool: Knight and Kaiten o DDoS Tool: Mstream Worms Slammer Worm Spread of Slammer Worm – 30 min MyDoom.B SCO Against MyDoom Worm How to Conduct a DDoS Attack The Refl ected DoS Attacks Refl ection of the Exploit Countermeasures for Refl ected DoS DDoS Countermeasures Taxonomy of DDoS Countermeasures Preventing Secondary Victims Detect and Neutralize Handlers Detect Potential Attacks Session Hijacking What is Session Hijacking? Spoofi ng v Hijacking Steps in Session Hijacking Types of Session Hijacking Session Hijacking Levels Network Level Hijacking The 3-Way Handshake TCP Concepts 3-Way Handshake Sequence Numbers Sequence Number Prediction TCP/IP hijacking IP Spoofi ng: Source Routed Packets RST Hijacking o RST Hijacking Tool: hijack_rst.sh Blind Hijacking Man in the Middle: Packet Sniffer UDP Hijacking Application Level Hijacking Programs that Performs Session Hacking o Juggernaut o Hunt o TTY-Watcher o IP watcher o Session Hijacking Tool: T-Sight o Remote TCP Session Reset Utility (SOLARWINDS) o Paros HTTP Session Hijacking Tool o Dnshijacker Tool o Hjksuite Tool Dangers that hijacking Pose Protecting against Session Hijacking Countermeasures: IPSec Hacking Web Servers How Web Servers Work How are Web Servers Compromised Web Server Defacement o How are Servers Defaced Apache Vulnerability Attacks against IIS o IIS Components o IIS Directory Traversal (Unicode) Attack Unicode o Unicode Directory Traversal Vulnerability Hacking Tool o Hacking Tool: IISxploit.exe o Msw3prt IPP Vulnerability o RPC DCOM Vulnerability o ASP Trojan o Network Tool: Log Analyzer o Hacking Tool: CleanIISLog o ServerMask ip100 o Tool: CacheRight o Tool: CustomError o Tool: HttpZip o Tool: LinkDeny o Tool: ServerDefender AI o Tool: ZipEnable o Tool: w3compiler o Yersinia Tool: MPack Tool: Neosploit Hotfi xes and Patches What is Patch Management Patch Management Checklist o Solution: UpdateExpert o Patch Management Tool: qfecheck o Patch Management Tool: HFNetChk o cacls.exe utility o Shavlik NetChk Protect o Kaseya Patch Management o IBM Tivoli Confi guration Manager o LANDesk Patch Manager o BMC Patch Manager o Confi gureSoft Enterprise Confi guration Manager (ECM) o BladeLogic Confi guration Manager o Opsware Server Automation System (SAS) o Best Practices for Patch Management Vulnerability Scanners Online Vulnerability Search Engine Network Tool: Whisker Network Tool: N-Stealth HTTP Vulnerability Scanner Hacking Tool: WebInspect Network Tool: Shadow Security Scanner Secure IIS o ServersCheck Monitoring o GFI Network Server Monitor o Servers Alive o Webserver Stress Tool Web-Based Password Cracking Techniques Authentication - Defi nition Authentication Mechanisms o HTTP Authentication • Basic Authentication • Digest Authentication o Integrated Windows (NTLM) Authentication o Negotiate Authentication o Certifi cate-based Authentication o Forms-based Authentication o RSA SecurID Token o Biometrics Authentication • Types of Biometrics Authentication Fingerprint-based Identifi cation Hand Geometry- based Identifi cation Retina Scanning Face Recognition Face Code: WebCam Based Biometrics Authentication System Bill Gates at the RSA Conference 2006 How to Select a Good Password Things to Avoid in Passwords Changing Your Password Protecting Your Password Examples of Bad Passwords The “Mary Had A Little Lamb” Formula How Hackers Get Hold of Passwords Windows XP: Remove Saved Passwords What is a Password Cracker Modus Operandi of an Attacker Using a Password Cracker How Does a Password Cracker Work Attacks - Classifi cation o Password Guessing o Query String o Cookies o Dictionary Maker Password Crackers Available o L0phtCrack (LC4) o John the Ripper o Brutus o ObiWaN o Authforce o Hydra o Cain & Abel o RAR o Gammaprog o WebCracker o Munga Bunga o PassList o SnadBoy o MessenPass o Wireless WEP Key Password Spy o RockXP o Password Spectator Pro o Passwordstate o Atomic Mailbox Password Cracker o Advanced Mailbox Password Recovery (AMBPR) o Tool: Network Password Recovery o Tool: Mail PassView o Tool: Messenger Key o Tool: SniffPass o WebPassword o Password Administrator o Password Safe o Easy Web Password o PassReminder o My Password Manager SQL Injection What is SQL Injection Exploiting Web Applications Steps for performing SQL injection What You Should Look For What If It Doesn’t Take Input OLE DB Errors Input Validation Attack SQL injection Techniques How to Test for SQL Injection Vulnerability How Does It Work BadLogin.aspx.cs BadProductList.aspx.cs Executing Operating System Commands Getting Output of SQL Query Getting Data from the Database Using ODBC Error Message How to Mine all Column Names of a Table How to Retrieve any Data How to Update/Insert Data into Database SQL Injection in Oracle SQL Injection in MySql Database Attacking Against SQL Servers SQL Server Resolution Service (SSRS) Osql -L Probing SQL Injection Automated Tools Automated SQL Injection Tool: AutoMagic SQL Absinthe Automated SQL Injection Tool o Hacking Tool: SQLDict o Hacking Tool: SQLExec o SQL Server Password Auditing Tool: sqlbf o Hacking Tool: SQLSmack o Hacking Tool: SQL2.exe o sqlmap o sqlninja o SQLIer o Automagic SQL Injector Blind SQL Injection o Blind SQL Injection: Countermeasure o Blind SQL Injection Schema SQL Injection Countermeasures Preventing SQL Injection Attacks GoodLogin.aspx.cs SQL Injection Blocking Tool: SQL Block Acunetix Web Vulnerability Scanner Hacking Wireless Networks Introduction to Wireless o Introduction to Wireless Networking o Wired Network vs. Wireless Network o Effects of Wireless Attacks on Business o Types of Wireless Network o Advantages and Disadvantages of a Wireless Network Wireless Standards o Wireless Standard: 802.11a o Wireless Standard: 802.11b – “WiFi” o Wireless Standard: 802.11g o Wireless Standard: 802.11i o Wireless Standard: 802.11n Wireless Concepts and Devices o Related Technology and Carrier Networks o Antennas o Wireless Access Points o SSID o Beacon Frames o Is the SSID a Secret o Setting up a WLAN o Authentication and Association o Authentication Modes o The 802.1X Authentication Process WEP and WPA o Wired Equivalent Privacy (WEP) o WEP Issues o WEP - Authentication Phase o WEP - Shared Key Authentication o WEP - Association Phase o WEP Flaws o What is WPA o WPA Vulnerabilities o WEP, WPA, and WPA2 o WPA2 Wi-Fi Protected Access 2 Attacks and Hacking Tools o Terminologies o WarChalking o Authentication and (Dis) Association Attacks o WEP Attack o Cracking WEP o Weak Keys (a.k.a. Weak IVs) o Problems with WEP’s Key Stream and Reuse o Automated WEP Crackers o Pad-Collection Attacks o XOR Encryption o Stream Cipher o WEP Tool: Aircrack o Aircrack-ng o WEP Tool: AirSnort o WEP Tool: WEPCrack o WEP Tool: WepLab o Attacking WPA Encrypted Networks o Attacking WEP with WEPCrack on Windows using Cygwin o Attacking WEP with WEPCrack on Windows using PERL Interpreter o Tool: Wepdecrypt o WPA-PSK Cracking Tool: CowPatty o 802.11 Specifi c Vulnerabilities o Evil Twin: Attack o Rogue Access Points o Tools to Generate Rogue Access Points: Fake AP o Tools to Detect Rogue Access Points: Netstumbler o Tools to Detect Rogue Access Points: MiniStumbler o ClassicStumbler o AirFart o AP Radar o Hotspotter o Cloaked Access Point o WarDriving Tool: shtumble o Temporal Key Integrity Protocol (TKIP) o LEAP: The Lightweight Extensible Authentication Protocol o LEAP Attacks o LEAP Attack Tool: ASLEAP o Working of ASLEAP o MAC Sniffi ng and AP Spoofi ng o Defeating MAC Address Filtering in Windows o Manually Changing the MAC Address in Windows XP and 2000 o Tool to Detect MAC Address Spoofi ng: Wellenreiter o Man-in-the-Middle Attack (MITM) o Denial-of-Service Attacks o DoS Attack Tool: Fatajack o Hijacking and Modifying a Wireless Network o Phone Jammers o Phone Jammer: Mobile Blocker o Pocket Cellular Style Cell Phone Jammer o 2.4Ghz Wi-Fi & Wireless Camera Jammer o 3 Watt Digital Cell Phone Jammer o 3 Watt Quad Band Digital Cellular Mobile Phone Jammer o 20W Quad Band Digital Cellular Mobile Phone Jammer o 40W Digital Cellular Mobile Phone Jammer o Detecting a Wireless Network Scanning Tools o Scanning Tool: Kismet o Scanning Tool: Prismstumbler o Scanning Tool: MacStumbler o Scanning Tool: Mognet V1.16 o Scanning Tool: WaveStumbler o Scanning Tool: Netchaser V1.0 for Palm Tops o Scanning Tool: AP Scanner o Scanning Tool: Wavemon o Scanning Tool: Wireless Security Auditor (WSA) o Scanning Tool: AirTraf o Scanning Tool: WiFi Finder o Scanning Tool: Wifi Scanner o eEye Retina WiFI o Simple Wireless Scanner o wlanScanner Sniffi ng Tools o Sniffi ng Tool: AiroPeek o Sniffi ng Tool: NAI Wireless Sniffer o MAC Sniffi ng Tool: WireShark o Sniffi ng Tool: vxSniffer o Sniffi ng Tool: Etherpeg o Sniffi ng Tool: Drifnet o Sniffi ng Tool: AirMagnet o Sniffi ng Tool: WinDump o Sniffi ng Tool: Ssidsniff o Multiuse Tool: THC-RUT o Tool: WinPcap o Tool: AirPcap o AirPcap: Example Program from the Developer’s Pack Hacking Wireless Networks o Steps for Hacking Wireless Networks o Step 1: Find Networks to Attack o Step 2: Choose the Network to Attack o Step 3: Analyzing the Network o Step 4: Cracking the WEP Key o Step 5: Sniffi ng the Network Wireless Security o WIDZ: Wireless Intrusion Detection System o Radius: Used as Additional Layer in Security o Securing Wireless Networks o Wireless Network Security Checklist o WLAN Security: Passphrase o Don’ts in Wireless Security Wireless Security Tools o WLAN Diagnostic Tool: CommView for WiFi PPC o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer Linux Hacking Why Linux Linux Distributions Linux Live CD-ROMs Basic Commands of Linux: Files & Directories Linux Basic o Linux File Structure o Linux Networking Commands Directories in Linux Installing, Confi guring, and Compiling Linux Kernel How to Install a Kernel Patch Compiling Programs in Linux GCC Commands Make Files Make Install Command Linux Vulnerabilities Chrooting Why is Linux Hacked How to Apply Patches to Vulnerable Programs Scanning Networks Nmap in Linux Scanning Tool: Nessus Port Scan Detection Tools Password Cracking in Linux: Xcrack Firewall in Linux: IPTables IPTables Command Basic Linux Operating System Defense SARA (Security Auditor's Research Assistant) Linux Tool: Netcat Linux Tool: tcpdump Linux Tool: Snort Linux Tool: SAINT Linux Tool: Wireshark Linux Tool: Abacus Port Sentry Linux Tool: DSniff Collection Linux Tool: Hping2 Linux Tool: Sniffi t Linux Tool: Nemesis Linux Tool: LSOF Linux Tool: IPTraf Linux Tool: LIDS Hacking Tool: Hunt Tool: TCP Wrappers Linux Loadable Kernel Modules Hacking Tool: Linux Rootkits Rootkits: Knark & Torn Rootkits: Tuxit, Adore, Ramen Rootkit: Beastkit Rootkit Countermeasures ‘chkrootkit’ detects the following Rootkits Evading IDS, Firewalls and Detecting Honey Pots Introduction to Intrusion Detection System Terminologies Intrusion Detection System (IDS) o IDS Placement o Ways to Detect an Intrusion o Types of Instruction Detection Systems o System Integrity Verifi ers (SIVS) o Tripwire o Cisco Security Agent (CSA) o True/False, Positive/Negative o Signature Analysis o General Indication of Intrusion: System Indications o General Indication of Intrusion: File System Indications o General Indication of Intrusion: Network Indications o Intrusion Detection Tools • Snort • Running Snort on Windows 2003 • Snort Console • Testing Snort • Confi guring Snort (snort.conf ) • Snort Rules • Set up Snort to Log to the Event Logs and to Run as a Service • Using EventTriggers.exe for Eventlog Notifi cations • SnortSam o Steps to Perform after an IDS detects an attack o Evading IDS Systems • Ways to Evade IDS • Tools to Evade IDS IDS Evading Tool: ADMutate Packet Generators What is a Firewall? o What Does a Firewall Do o Packet Filtering o What can’t a fi rewall do o How does a Firewall work o Firewall Operations o Hardware Firewall o Software Firewall o Types of Firewall • Packet Filtering Firewall • IP Packet Filtering Firewall • Circuit-Level Gateway • TCP Packet Filtering Firewall • Application Level Firewall • Application Packet Filtering Firewall • Stateful Multilayer Inspection Firewall o Packet Filtering Firewall o Firewall Identifi cation o Firewalking o Banner Grabbing o Breaching Firewalls o Bypassing a Firewall using HTTPTunnel o Placing Backdoors through Firewalls o Hiding Behind a Covert Channel: LOKI o Tool: NCovert o ACK Tunneling Common Tool for Testing Firewall and IDS o IDS testing tool: IDS Informer o IDS Testing Tool: Evasion Gateway o IDS Tool: Event Monitoring Enabling Responses to Anomalous Live Disturbances (Emerald) o IDS Tool: BlackICE o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES) o IDS Tool: SecureHost o IDS Tool: Snare o IDS Testing Tool: Traffi c IQ Professional o IDS Testing Tool: TCPOpera o IDS testing tool: Firewall Informer o Atelier Web Firewall Tester What is Honeypot? o The Honeynet Project o Types of Honeypots Low-interaction honeypot Medium-interaction honeypot High-interaction honeypot o Advantages and Disadvantages of a Honeypot o Where to place Honeypots o Honeypots • Honeypot-SPECTER • Honeypot - honeyd • Honeypot – KFSensor • Sebek o Physical and Virtual Honeypots Tools to Detect Honeypots What to do when hacked Buffer Overflows Why are Programs/Applications Vulnerable Buffer Overfl ows Reasons for Buffer Overfl ow Attacks Knowledge Required to Program Buffer Overfl ow Exploits Understanding Stacks Understanding Heaps Types of Buffer Overfl ows: Stack-based Buffer Overfl ow o A Simple Uncontrolled Overfl ow of the Stack o Stack Based Buffer Overfl ows Types of Buffer Overfl ows: Heap-based Buffer Overfl ow o Heap Memory Buffer Overfl ow Bug o Heap-based Buffer Overfl ow Understanding Assembly Language o Shellcode How to Detect Buffer Overfl ows in a Program o Attacking a Real Program NOPs How to Mutate a Buffer Overfl ow Exploit Once the Stack is Smashed Defense Against Buffer Overfl ows o Tool to Defend Buffer Overfl ow: Return Address Defender (RAD) o Tool to Defend Buffer Overfl ow: StackGuard o Tool to Defend Buffer Overfl ow: Immunix System o Vulnerability Search: NIST o Valgrind o Insure++ Buffer Overfl ow Protection Solution: Libsafe o Comparing Functions of libc and Libsafe Simple Buffer Overfl ow in C o Code Analysis Cryptography Introduction to Cryptography Classical Cryptographic Techniques o Encryption o Decryption Cryptographic Algorithms RSA (Rivest Shamir Adleman) o Example of RSA Algorithm o RSA Attacks o RSA Challenge Data Encryption Standard (DES) o DES Overview RC4, RC5, RC6, Blowfi sh o RC5 Message Digest Functions o One-way Bash Functions o MD5 SHA (Secure Hash Algorithm) SSL (Secure Sockets Layer) What is SSH? o SSH (Secure Shell) Algorithms and Security Disk Encryption Government Access to Keys (GAK) Digital Signature o Components of a Digital Signature o Method of Digital Signature Technology o Digital Signature Applications o Digital Signature Standard o Digital Signature Algorithm: Signature Generation/Verifi cation o Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme o Challenges and Opportunities Digital Certifi cates CypherCalc Command Line Scriptor CryptoHeaven Hacking Tool: PGP Crack Magic Lantern Advanced File Encryptor Encryption Engine Encrypt Files Encrypt PDF Encrypt Easy Encrypt my Folder Advanced HTML Encrypt and Password Protect Encrypt HTML source Alive File Encryption Omziff ABC CHAOS EncryptOnClick CryptoForge SafeCryptor CrypTool Microsoft Cryptography Tools Polar Crypto Light CryptoSafe Crypt Edit CrypSecure Cryptlib Crypto++ Library Code Breaking: Methodologies Cryptanalysis Cryptography Attacks Brute-Force Attack Penetration Testing Introduction to Penetration Testing (PT) Vulnerability Assessment Limitations of Vulnerability Assessment Penetration Testing Types of Penetration Testing Risk Management Do-It-Yourself Testing Outsourcing Penetration Testing Services Terms of Engagement Project Scope Pentest Service Level Agreements Testing points Testing Locations Automated Testing Manual Testing Using DNS Domain Name and IP Address Information Enumerating Information about Hosts on Publicly Available Networks Testing Network-fi ltering Devices Enumerating Devices Denial-of-Service Emulation Pentest using Appscan HackerShield Pen-Test Using Cerberus Internet Scanner Pen-Test Using Cybercop Scanner Pen-Test Using FoundScan Hardware Appliances Pen-Test Using Nessus Pen-Test Using NetRecon Pen-Test Using SAINT Pen-Test Using SecureNet Pro Pen-Test Using SecureScan Pen-Test Using SATAN, SARA and Security Analyzer Pen-Test Using STAT Analyzer Pentest Using VigilENT Pentest Using WebInspect Pentest Using CredDigger Pentest Using Nsauditor Evaluating Different Types of Pen-Test Tools Asset Audit Fault Tree and Attack Trees Business Impact of Threat Internal Metrics Threat External Metrics Threat Calculating Relative Criticality Test Dependencies Defect Tracking Tools: Bug Tracker Server Disk Replication Tools DNS Zone Transfer Testing Tools Network Auditing Tools Trace Route Tools and Services Network Sniffi ng Tools Denial of Service Emulation Tools Traditional Load Testing Tools System Software Assessment Tools Operating System Protection Tools Fingerprinting Tools Port Scanning Tools Directory and File Access Control Tools File Share Scanning Tools Password Directories Password Guessing Tools Link Checking Tools Web-Testing Based Scripting tools Buffer Overfl ow protection Tools File Encryption Tools Database Assessment Tools Keyboard Logging and Screen Reordering Tools System Event Logging and Reviewing Tools Hacking Routers, cable Modems and Firewalls Network Devices Identifying a Router o SING: Tool for Identifying the Router HTTP Confi guration Arbitrary Administrative Access Vulnerability ADMsnmp Solarwinds MIB Browser Brute-Forcing Login Services Hydra Analyzing the Router Confi g Cracking the Enable Password Tool: Cain and Abel Implications of a Router Attack Types of Router Attacks Router Attack Topology Denial of Service (DoS) Attacks Packet “Mistreating” Attacks Routing Table Poisoning Hit-and-run Attacks vs. Persistent Attacks Cisco Router o Finding a Cisco Router o How to Get into Cisco Router o Breaking the Password o Is Anyone Here o Covering Tracks o Looking Around Eigrp-tool Tool: Zebra Tool: Yersinia for HSRP, CDP, and other layer 2 attacks Tool: Cisco Torch Monitoring SMTP(port25) Using SLcheck Monitoring HTTP(port 80) Cable Modem Hacking
  2. Repo-ul e pe private for now.
  3. BSQL Hacker BSQL hacker is a nice SQL injection tool that helps you perform a SQL injection attack against web applications. This tool is for those who want an automatic SQL injection tool. It is especially made for Blind SQL injection. This tool is fast and performs a multi-threaded attack for better and faster results. It supports 4 different kinds of SQL injection attacks: Blind SQL Injection Time Based Blind SQL Injection Deep Blind (based on advanced time delays) SQL Injection Error Based SQL Injection This tool works in automatic mode and can extract most of the information from the database. It comes in both GUI and console support. You can try any of the given UI modes. From GUI mode, you can also save or load saved attack data. It supports multiple injection points including query string, HTTP headers, POST, and cookies. It supports a proxy to perform the attack. It can also use the default authentication details to login into web accounts and perform the attack from the given account. It supports SSL protected URLs, and can also be used on SSL URLs with invalid certificates. BSQL Hacker SQL injection tool supports MSSQL, ORACLE and MySQL. But MySQL support is experimental and is not as effective on this database server as it is for other two. Download BSQL Hacker here: Download SQLmap SQLMap is the open source SQL injection tool and most popular among all SQL injection tools available. This tool makes it easy to exploit the SQL injection vulnerability of a web application and take over the database server. It comes with a powerful detection engine which can easily detect most of the SQL injection related vulnerabilities. It supports a wide range of database servers, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB. Most of the popular database servers are already included. It also supports various kind of SQL injection attacks, including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. One good feature of the tool is that it comes with a built-in password hash recognition system. It helps in identifying the password hash and then cracking the password by performing a dictionary attack. This tool allows you to download or upload any file from the database server when the db server is MySQL, PostgreSQL or Microsoft SQL Server. And only for these three database servers, it also allows you to execute arbitrary commands and retrieve their standard output on the database server. After connecting to a database server, this tool also lets you search for specific database name, specific tables or for specific columns in the whole database server. This is a very useful feature when you want to search for a specific column but the database server is huge and contains too many databases and tables. Download SQL Map from the link given below: https://github.com/sqlmapproject/sqlmap SQLninja SQLninja is a SQL injection tool that exploits web applications that use a SQL server as a database server. This tool may not find the injection place at first. But if it is discovered, it can easily automate the exploitation process and extract the information from the database server. This tool can add remote shots in the registry of the database server OS to disable data execution prevention. The overall aim of the tool is to allow the attacker to gain remote access to a SQL database server. It can also be integrated with Metasploit to get GUI access to the remote database. It also supports direct and reverse bindshell, both TCP and UDP. This tool is not available for Windows platforms. It is only available for Linux, FreeBSD, Mac OS X and iOS operating systems. Download SQLninja from the link given below: http://sqlninja.sourceforge.net/ Safe3 SQL Injector Safe3 SQL injector is another powerful but easy to use SQL injection tool. Like other SQL injection tools, it also makes the SQL injection process automatic and helps attackers in gaining the access to a remote SQL server by exploiting the SQL injection vulnerability. It has a powerful AI system which easily recognizes the database server, injection type and best way to exploit the vulnerability. It supports both HTTP and HTTPS websites. You can perform SQL injection via GET, POST or cookies. It also supports authentication (Basic, Digest, NTLM HTTP authentications) to perform a SQL injection attack. The tool supports wide range of database servers including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems. For MYSQL and MS SQL, it also supports read, list or write any file from the database server. It also lets attackers execute arbitrary commands and retrieve their output on a database server in Oracle and Microsoft SQL server. It also support web path guess, MD5 crack, domain query and full SQL injection scan. Download Safe3 SQL injector tool from the link given below: http://sourceforge.net/projects/safe3si/ SQLSus SQLSus is another open source SQL injection tool and is basically a MySQL injection and takeover tool. This tool is written in Perl and you can extend the functions by adding your own codes. This tool offers a command interface which lets you inject your own SQL queries and perform SQL injection attacks. This tool claims to be fast and efficient. It claims to use a powerful blind injection attack algorithm to maximize the data gathered. For better results, it also uses stacked subqueries. To make the process even faster, it has multi-threading to perform attacks in multiple threads. Like other available SQL injection tools, it also supports HTTPS. It can perform attacks via both GET and POST. It also supports, cookies, socks proxy, HTTP authentication, and binary data retrieving. If the access to information_schema is not possible or table does not exist, it can perform a bruteforce attack to guess the name of the table. With this tool, you can also clone a database, table, or column into a local SQLite database, and continue over different sessions. If you want to use a SQL injection tool against a MySQL attack, you will prefer this tool because it is specialized for this specific database server. Download SQLsus from the link given below: http://sqlsus.sourceforge.net/ Mole Mole or (The Mole) is an automatic SQL injection tool available for free. This is an open source project hosted on Sourceforge. You only need to find the vulnerable URL and then pass it in the tool. This tool can detect the vulnerability from the given URL by using Union based or Boolean based query techniques. This tool offers a command line interface, but the interface is easy to use. It also offers auto-completion on both commands and command arguments. So, you can easily use this tool. Mole supports MySQL, MsSQL and Postgres database servers. So, you can only perform SQL injection attacks against these databases. This tool was written in Python and requires only Python3 and Python3-lxml. This tool also supports GET, POST and cookie based attacks. But you need to learn commands to operate this tool. Commands are not typical but you need to have them. List those commands or learn, it is your personal choice. Download Mole SQL injection tool from the link below: http://sourceforge.net/projects/themole/files/ Source
  4. scan file https://www.virustotal.com/en/file/91f706225cb3a430f379b778b5cd114ef9acf553d1755d363828d652d545e5b2/analysis/ clean download Dox Tool : http://up.media1fire.com/bfxcbo4w71hg
  5. README.rst ========================================= Static Code Analysis for Smali ========================================= If you ever have looked at Android applications you know to appreciate the ability of analyzing your target at the most advanced level. Dynamic programm analysis will give you a pretty good overview of your applications activities and general behaviour. However sometimes you'll want to just analyze your application **without** running it. You'll want to have a look at its components, analyze how they interact and how data is tainted from one point to another. This is was the major factor driving the development of *smalisca*. There are indeed some good reasons for a *static code analysis* before the *dynamic* one. Before interacting with the application I like to know how the application has been build, if there is any API and generate all sort of *call flow graphs*. In fact graphs have been very important to me since they *visualize* things. Instead of jumping from file to file, from class to class, I just look at the graphs. While graph building has been an important reason for me to code such a tool, *smalisca* has some other neat **features** you should read about. Features ======== At the moment there are some few major functionalities like: * **parsing** You can parse a whole directory of **Smali** files and **extract**: * class information * class properties * class methods * calls between methods of different classes You can then **export** the results as **JSON** or **SQLite**. Have a loot at the `parsing page <http://smalisca.readthedocs.org/en/latest/parsing.html>`_ for more information. * **analyzing** After exporting the results you'll get an **interactive prompt** to take a closer look at your parsed data. You can **search** for classes, properties, methods and even method calls. You can then apply several **filters** to your search criterias like:: smalisca> sc -c class_name -p test -r 10 -x path -s class_type This command will search for *10* (-r 10) classes which contain the pattern *test* (-p) in their *class name* (-c). Afterwards the command will exclude the column *path* (-x path) from the results and sort them by the *class type* (-s). Let's have a look at another example:: smalisca> scl -fc com/android -fm init -r 10 This will search for all **method calls** whose *calling* class name contains the pattern *com/android* (-fc). Additionally we can look for calls originating from methods whose name contain the pattern *init* (-fm). You can of course read your commands from a file and analyze your results in a *batch*- like manner:: $ cat cmd.txt sc -c class_name -p com/gmail/xlibs -r 10 -x path quit $ ./smalisca.py analyzer -i results.sqlite -f sqlite -c cmd.txt ... Have a loot at the `analysis page <http://smalisca.readthedocs.org/en/latest/analysis.html>`_ for more information. * **visualizing** I think this the **most** valuable feature of *smalisca*. The ability to visualize your results in a structured way makes your life more comfortable. Depending on what you're interested in, this tool has several graph drawing features I'd like to promote. At first you can draw your packages including their classes, properties and methods:: smalisca> dc -c class_name -p test -f dot -o /tmp/classes.dot :: INFO Wrote results to /tmp/classes.dot smalisca> This will first search classes whose class name contains *test* and then export the results in the **Graphviz DOT** language. You can then manually generate a graph using *dot*, *neato*, *circo* etc. Or you do that using the interactive prompt:: smalisca> dc -c class_name -p test -f pdf -o /tmp/classes.pdf --prog neato :: INFO Wrote results to /tmp/classes.pdf smalisca> Have a loot at the `drawing page <http://smalisca.readthedocs.org/en/latest/drawing.html>`_ for more information. Screenshots =========== .. figure:: http://smalisca.readthedocs.org/en/latest/_images/smalisca_search_classes.png :scale: 99% :alt: Basic usage Output results as table. .. figure:: http://smalisca.readthedocs.org/en/latest/_images/smalisca_dxcl_dot_0.png :scale: 99% :alt: Cross calls Basic relationships between classes and modules. Have a look at the `screenshots page <http://smalisca.readthedocs.org/en/latest/screenshots.html>`_. Installation ============ Refer to the `installation page <http://smalisca.readthedocs.org/en/latest/installation.html>`_. Requirements: * Python (2.x / 3.x) * `cement <http://builtoncement.com/>`_ * Graphviz * SQLAlchemy How to use it ============= After installing the tool, you may want to first pick up an Android application (APK) to play with. Use `apktool <https://code.google.com/p/android-apktool/>`_ or my own tool `ADUS <https://github.com/dorneanu/adus>`_ to dump the APKs content. For the sake of simplicity I'll be using **FakeBanker** which I've analyzed in a previous `blog post <http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/>`_. First touch ----------- But first let's have a look at the tools main options:: $ smalisca --help ___ /\_ \ __ ____ ___ ___ __ \//\ \ /\_\ ____ ___ __ /',__\ /' __` __`\ /'__`\ \ \ \ \/\ \ /',__\ /'___\ /'__`\ /\__, `\/\ \/\ \/\ \/\ \L\.\_ \_\ \_\ \ \/\__, `\/\ \__//\ \L\.\_ \/\____/\ \_\ \_\ \_\ \__/.\_\/\____\\ \_\/\____/\ \____\ \__/.\_\ \/___/ \/_/\/_/\/_/\/__/\/_/\/____/ \/_/\/___/ \/____/\/__/\/_/ -------------------------------------------------------------------------------- :: Author: Victor <Cyneox> Dorneanu :: Desc: Static Code Analysis tool for Smali files :: URL: http://nullsecurity.net, http://{blog,www}.dornea.nu :: Version: 1.0 -------------------------------------------------------------------------------- usage: smalisca.py (sub-commands ...) [options ...] {arguments ...} [--] Static Code Analysis (SCA) tool for Baskmali (Smali) files. commands: analyzer [--] Analyze results using an interactive prompt or on the command line. parser [--] Parse files and extract data based on Smali syntax. optional arguments: -h, --help show this help message and exit --debug toggle debug output --quiet suppress all output --log-level {debug,info,warn,error,critical} Change logging level (Default: info) -v, --version show program's version number and exit Parsing ------- I'll first **parse** some directory for **Smali** files before doing the analysis stuff:: $ smalisca parser -l ~/tmp/FakeBanker2/dumped/smali -s java -f sqlite -o fakebanker.sqlite ... :: INFO Parsing .java files in /home/victor/tmp/FakeBanker2/dumped/smali ... :: INFO Finished parsing! :: INFO Exporting results to SQLite :: INFO Extract classes ... :: INFO Extract class properties ... :: INFO Extract class methods ... :: INFO Extract calls ... :: INFO Commit changes to SQLite DB :: INFO Wrote results to fakebanker.sqlite :: INFO Finished scanning Also have a look at the `parsing page <http://smalisca.readthedocs.org/en/latest/parsing.html>`_ for further information. Analyzing ---------- Now you're free to do whatever you want with your generated exports. You can inspect the **SQLite DB** directly or use *smaliscas* **analysis** features:: $ smalisca analyzer -f sqlite -i fakebanker.sqlite ... smalisca>sc -x path -r 10 +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ | id | class_name | class_type | class_package | depth | +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ | 1 | Landroid/support/v4/net/ConnectivityManagerCompat | public | Landroid.support.v4.net | 5 | | 2 | Landroid/support/v4/view/AccessibilityDelegateCompat$AccessibilityDelegateJellyBeanImpl | | Landroid.support.v4.view | 5 | | 3 | Landroid/support/v4/view/ViewCompat$ViewCompatImpl | interface abstract | Landroid.support.v4.view | 5 | | 4 | Landroid/support/v4/app/ActivityCompatHoneycomb | | Landroid.support.v4.app | 5 | | 5 | Landroid/support/v4/app/NoSaveStateFrameLayout | | Landroid.support.v4.app | 5 | | 6 | Landroid/support/v4/net/ConnectivityManagerCompatHoneycombMR2 | | Landroid.support.v4.net | 5 | | 7 | Lcom/gmail/xpack/BuildConfig | public final | Lcom.gmail.xpack | 4 | | 8 | Landroid/support/v4/app/BackStackRecord$Op | final | Landroid.support.v4.app | 5 | | 9 | Landroid/support/v4/app/FragmentManagerImpl | final | Landroid.support.v4.app | 5 | | 10 | Landroid/support/v4/app/ShareCompat$ShareCompatImpl | interface abstract | Landroid.support.v4.app | 5 | +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ Also refer to the `analysis page <http://smalisca.readthedocs.org/en/latest/analysis.html>`_ for more available **commands** and options. Drawing ------- Please refer to the `drawing page <http://smalisca.readthedocs.org/en/latest/drawing.html>`_ for full examples. License ======== *smalisca* has been released under the **MIT** license. Have a look at the **LICENSE.rst** file. Credits ======= This tool is dedicated to **Lic?**. Many thanks also go to: * `Stephen McAllister <https://de.linkedin.com/pub/stephen-mcallister/13/843/71a>`_ * Many thanks for all those hours full of APK debugging and great ideas * My gf * Thank you very much for your patience and understanding! * `nullsecurity.net <http://nullsecurity.net>`_ * Hack the planet! Download: smalisca-0.1.tar.gz Description: Static Code Analysis tool for Smali files. MD5: 943930dbd144c52635f3d5b874482d3a Author: Cyneox
  6. __ ___ ___ ___ ___ ___ ___ /\_\ __ _ /'___\ / __`\ /' __` __`\ /' __` __`\/\ \ /\ \/'\ /\ \__//\ \L\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \\/> </ \ \____\ \____/\ \_\ \_\ \_\ \_\ \_\ \_\ \_\/\_/\_\ \/____/\/___/ \/_/\/_/\/_/\/_/\/_/\/_/\/_/\//\/_/ { v0.1b } +-- Automated All-in-One OS Command Injection and Exploitation Tool Copyright © 2015 Anastasios Stasinopoulos (@ancst) +-- General Information Commix (short for [comm]and njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language. Disclaimer The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!! Requirements Python version 2.6.x or 2.7.x is required for running this program. Installation Download commix by cloning the Git repository: git clone https://github.com/stasinopoulos/commix.git commix Usage Usage: python commix.py [options] Options -h, --help Show help and exit. --verbose Enable the verbose mode. --install Install 'commix' to your system. --version Show version number and exit. --update Check for updates (apply if any) and exit. Target This options has to be provided, to define the target URL. --url=URL Target URL. --url-reload Reload target URL after command execution. Request These options can be used, to specify how to connect to the target URL. --host=HOST HTTP Host header. --referer=REFERER HTTP Referer header. --user-agent=AGENT HTTP User-Agent header. --cookie=COOKIE HTTP Cookie header. --headers=HEADERS Extra headers (e.g. 'Header1:Value1\nHeader2:Value2'). --proxy=PROXY Use a HTTP proxy (e.g. '127.0.0.1:8080'). --auth-url=AUTH_.. Login panel URL. --auth-data=AUTH.. Login parameters and data. --auth-cred=AUTH.. HTTP Basic Authentication credentials (e.g. 'admin:admin'). Injection These options can be used, to specify which parameters to inject and to provide custom injection payloads. --data=DATA POST data to inject (use 'INJECT_HERE' tag). --suffix=SUFFIX Injection payload suffix string. --prefix=PREFIX Injection payload prefix string. --technique=TECH Specify a certain injection technique : 'classic', 'eval-based', 'time-based' or 'file-based'. --maxlen=MAXLEN The length of the output on time-based technique (Default: 10000 chars). --delay=DELAY Set Time-delay for time-based and file-based techniques (Default: 1 sec). --base64 Use Base64 (enc)/(de)code trick to prevent false- positive results. --tmp-path=TMP_P.. Set remote absolute path of temporary files directory. --icmp-exfil=IP_.. Use the ICMP exfiltration technique (e.g. 'ip_src=192.168.178.1,ip_dst=192.168.178.3'). --alter-shell Use an alternative os-shell (Python). Usage Examples Exploiting Damn Vulnerable Web App python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=INJECT_HERE&submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4" Exploiting php-Charts 1.0 using injection payload suffix & prefix string: python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=INJECT_HERE" --prefix="//" --suffix="'" Exploiting OWASP Mutillidae using Extra headers and HTTP proxy: python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=INJECT_HERE" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081" Exploiting Persistence using ICMP exfiltration technique : su -c "python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5 Sursa: https://github.com/stasinopoulos/commix
  7. EvilAP_Defender is an application that helps wireless network administrator to discover and prevent Evil Access Points (AP) from attacking wireless users. The application can be run in regular intervals to protect your wireless network from Evil Twin like attacks. By configuring the tool you can get notifications sent to your email whenever an evil access point is discovered. Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react. However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network. The tool is able to discover evil APs using one of the following characteristics: * Evil AP with a different BSSID address * Evil AP with the same BSSID as the legitimate AP but a different attribute (including: channel, cipher, privacy protocol, and authentication) * Evil AP with the same BSSID and attributes as the legitimate AP but different tagged parameter - mainly different OUI (tagged parameters are additional values sent along with the beacon frame. Currently no software based AP gives the ability to change these values. Generally software based APs are so poor in this area). Whenever an Evil AP is discovered the tool will alert the admin through email (SMS will be supported soon). Additionally the tool will enter into preventive mode in which the tool will DoS the discovered Evil AP. The tool can be configured easily by starting in what we call “Learning Mode”. In this mode you can whitelist your legitimate network. This can be done by following the wizards during the Learning Mode. You can also configure the preventive mode and admin notification from there as well. Finally, you need to change into Normal Mode or re-run the tool in this mode in order to start discovering Evil APs. Requirements: - Aircrack-ng suite - Your wireless card must be supported by Aircrack-ng. Check the following URL: compatibility_drivers [Aircrack-ng] - MySQL - Python Learning Mode: This Mode can be invoked with the “-L” switch. When running the tool in this mode the tool will start by scanning for the available wireless networks. Then it lists all the found wireless networks with whitelisted APs colored with green. It also lists the whitelist APs and OUIs (tagged parameters). The tool also provides several options which allow you to add/remove SSIDs into/from whitelist. You need to whitelist your SSID first before running the tool in the Normal Mode. Moreover, you can configure Preventive Mode from “Update options -> Configure Preventive Mode”. First you need to set the Deauthentication time (in seconds) into a number bigger than 0 (setting the value to 0 will disable this mode). Then you need to set the number of time to repeat the attack. This is so important for attacking more than Evil AP because the tool cannot attack all of them in the same time (how can you attack several APs on different channels? Later on we will improve the tool and allow it to attack (in the same time) several APs in the same channel). The tool will attack the first Evil AP for specified deauthentication time then it will stop and attack the second one and so on. Be careful from increasing the Deatuth time so much because this may attack only one AP and leaving the others running. My recommendation is to set the Deauth time to something suitable such as 10 seconds and increasing the repeat time. Finally, you can configure admin notification by setting admin email, SMPT server address, SMTP username (complete email address) for authentication purpose, and SMTP password. You can use any account on Gmail or your internal SMTP server account. Normal Mode: This is the mode in which the tool starts to discover Evil APs and notify the administrator whenever one is discovered. This mode can be invoked by “-N” switch. Feedback: Feedback is always welcomed on the tool git or through my email: moha99sa at yahoo dot com. Download Source
  8. Mohamed Idris has created a tool to help network administrators discover and DoS rogue access points. The EvilAP Defender open source tool published to GitHub can be run by admins at intervals to determine if attackers are attempting to get their users to connect to malicious networks. Those evil twin attack networks are powerful copycats of legitimate access points that attempt to get users to connect in a bid to harvest subsequent traffic. Idris says the tool will send email alerts to admins when evil twins are detected, and launch denial of service attacks to buy time. "Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react," Idris says. "However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network." More features are being added including on the back of Reddit network security discussion, including SMS notification. It presently paints access points as evil based on BSSIDs and attributes including channels, ciphers, protocols, Organizationally Unique Identifiers, and authentication. Admins can put the tool in learning mode so that it can identify friendly networks. Users are invited to email Idris about the tool at moha99sa via yahoo.com. Bootnote: Launching denial of service attacks against something you don't own, even a very obvious Evil Twin, could be illegal. Effective, clever, but illegal. Source
  9. Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they’re put into production. Some software development lifecycles, however, don’t include threat modeling as part of the code-building process because they’ve either never heard of it, or the process is too difficult. Students at St. Mary’s University in Nova Scotia, Canada, participating in Mozilla’s Winter of Security 2014 project, built a browser-based threat modeling tool that simplifies visualization of systems and data flows, and where soft spots might be introduced during design. The tool, called Seasponge, has been made available on Github and its developers are hoping to not only get feedback and feature suggestions, but also hope to encourage developers to introduce threat modeling into SDLs in order to fix bugs while in design when it’s cheap to do so. “We hope now that it’s out there that people collaborate, build threats for it, collaborate and share files and grow a threat modeling community around Seasponge,” said Glavin Wiechert, one of the students behind the tool along with Joel Kuntz, Sarah MacDonald and Mathew Kallada. “We hope this tool is easy to start out with and will ultimately accelerate the usage of threat modeling and the number of people using threat modeling for projects.” Wiechert, a full-time student at St. Mary’s who also runs his own analytics company, came into this project without much of a security background, other than an interest in the discipline. He and his colleagues, as well as Mozilla, hope that Seasponge ultimately has a place alongside Microsoft’s free SDL threat modeling tool, the most popular tool among developers today. “The original idea came from Mozilla to have a tool like this,” Wiechert said. “There was a heavy demand from their users within Mozilla to use something like the Microsoft threat modeling tool, but have it be more open source and Web-based, and not be forced to be just on the Windows platform.” Being a Web-based alternative to the Microsoft tool, the developers hope that with it now being open source, contributions can be made to help them reach their goals of adding more collaboration features, cloud-based storage for projects, encapsulation of entire systems, and more. “One of the big eye openers for me was the lack of development in terms of the only competition was the Microsoft tool,” Wiechert said. “No one dove into a web platform for threat modeling. I wasn’t very experienced in the field, but it is an important one. I expected more competition and a community, and we hoped to be part of it, but it was really Microsoft-centric.” Wiechert said Mozilla is among the early beta testers and is putting Seasponge through its paces. “It’s functional and you can make new threats in the tool, open, download and save files, visualize them; all the attributes work,” he said. “It’s also functional from a visualization standpoint. I’m hoping Mozilla is using it right now and soon anyone else in the community. We’re hoping to get feedback from the threat modeling community and we’re interested to hear any ideas.” Source
  10. A trio of university undergraduates have worked with Mozilla to create an online threat modelling tool designed to help system administrators better understand the threats they face. The open source SeaSponge tool, developed under Mozilla's Winter of Security initiative, sports a graphical flow its designers say could be a replacement for Microsoft's free Threat Modelling Tool. Saint Mary's University students Sarah MacDonald, Joel Kuntz, and Glavin Wiechert built the tool. "SeaSponge allows you to model a system so that potential threats and risks can be identified," MacDonald says."It supports multiple diagrams to model logical sections of your system in separate locations. "Each diagram contains data flows and hardware and logical components" The trio says they developed the HTML5 tool because threat modelling, while important, is often missed in the software development lifecycle. The tool is built in part on Angularjs; jsPlumb; Bootstrap; CoffeeScript; Grunt; Bower, and Compass, and works on all browsers and operating systems. Developers focused on making SeaSponge easy to use and aesthetically pleasing to bring the "pizzazz" back into threat modeling. MacDonald says SeaSponge is still infancy and called on interested developers to contribute to its code. The Winter of Code project announcement follows the development of the Masche forensics tool which the browser giant had considered integrating into its architecture. Admins can play with a live demo of SeaSponge or download it from GitHub. Source+Video
  11. Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. Masche runs on Linux, OS X and Windows and Mozilla has posted the code on GitHub. “Masche provides basic primitives for scanning the memory of processes without disrupting the normal operations of a system. Compared with frameworks like Volatility or Rekall, Masche does not provide the same level of advanced forensics features. Instead, it focuses on searching for regexes and byte strings in the processes of large pools of systems, and does so live and very fast,” Julien Vehent wrote in a blog post. “The effort needed to implement a complex scanning solution across three operating systems, and complete this work in just a few months, was no easy feat.” The new forensics library is the work of a group of students at the University of Buenos Aires, and can be seen as a kind of companion tool to Mozilla’s InvestiGator. The MIG is more of a platform than a discrete tool, and it’s meant for investigating issues remotely. “MIG is composed of agents installed on all systems of an infrastructure. The agents can be queried in real-time using a messenging protocol implemented in the MIG Scheduler. MIG has an API, a database, RabbitMQ relays, a terminal console and command line clients. It allows investigators to send actions to pools of agents, and check for indicator of compromise, verify the state of a configuration, block an account, create a firewall rule, update a blacklist and so on,” the InvestiGator documentation says. Masche is meant to be a module on the MIG platform and Mozilla is now integrating the forensics tool into that platform. Source
  12. "Signup or Login with Facebook" ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage 'Login with Facebook' feature. The vulnerability doesn't grant hackers access to your actual Facebook password, but it does allow them to access your accounts using Facebook application developed by third-party websites such as Bit.ly, Mashable, Vimeo, About.me, Stumbleupon, Angel.co and possibly many more. FLAW EXPLOITS THREE CSRFs PROTECTION Egor Homakov, a researcher with pentesting company Sakurity, made the social network giant aware of the bug a year ago, but the company refused to fix the vulnerability because doing so would have ruined compatibility of Facebook with a vast number of websites over the Internet. The critical flaw abuses the lack of CSRF (Cross-Site Request Forgery) protection for three different processes — Facebook log in Facebook log out Third-party account connection The first two issues "can be fixed by Facebook," Homakov said, but have not done yet. However, the third one needs to be fixed by the website owners those who have integrate "Login with Facebook" feature into their websites. TOOL TO HACK FACEBOOK ACCOUNTS Therefore, blaming Facebook for dismal security in 'Login with Facebook' feature, the researcher publicly released a tool, dubbed RECONNECT, that exploits the bug and lets hackers to generate URLs that can be used to hijack accounts on third-party websites that use 'Login with Facebook' button. "Go blackhats, don’t be shy!" Homakov wrote on his Twitter, allegedly encouraging hackers and cyber criminals to take benefit from his ready to use tool. Homakov also published a blog post which gives hackers a step-by-step process for setting up rogue Facebook accounts that victims are redirected to when they tricked into clicking on malicious URLs provided by the attackers. RECONNECT Facebook hacking tool can generate malicious URLs to hijack Facebook accounts on third-party website including Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable and Vimeo. However, any website that supports 'Login with Facebook' can be hacked by manually inserting its link into the tool that generates Facebook login requests on behalf of its users. HOW TO PROTECT YOURSELF ? One could realize the dangerous consequences of RECONNECT Facebook hacking tool by calculating how many number of websites over Internet use that blue color ' f ' button of Facebook login. And once a hacker makes a way to get into you account, they could access your private information and use them to hack into your other online accounts. So, in order to prevent your accounts from malicious hackers, Do Not click on any suspicious URLs provided to you via online messages, emails or social media accounts. And always be careful while surfing over the Internet. FACEBOOK RESPONDS TO THE ISSUE Facebook says it has been aware of the issue for some time now and that third-party sites can protect their users by utilizing Facebook's best practices when using the Facebook sign-in feature. The company also added that they have also made various changes in order to help prevent login CSRF and are evaluating others while "aiming to preserve necessary functionality for a large number of sites that rely upon Facebook Login." Source
  13. OpenDNS has gone public with a new tool that uses a blend of analytics principles found outside information security to create a threat model for detecting domains used in criminal and state-sponsored hacking campaigns. NLPRank is not ready for production, said OpenDNS director of security research Andrew Hay, but the threat model has been proven out and false positives kept in check to the point where Hay and NLPRank’s developer Jeremiah O’Connor were satisfied that it could be shared publicly. What separates NLPRank from other analytics software that searches, for example, for typo-squatting domains used in phishing attacks, is that the OpenDNS tool also relies on natural language processing, ASN mappings, WHOIS domain registration information, and HTML tag analysis to weed out legitimate domains from the bad ones. The data comes from OpenDNS’ massive storehouses of DNS traffic (70 billion DNS queries daily), as well as from other sources provided by researchers investigating APT campaigns, for example. The spark for NLPRank’s development was a repeating pattern of evidence from a number of phishing attacks used to gain a foothold for APT groups. Certain themes such as fraudulent social media accounts or password reset requests purporting to be from popular services such as Facebook or PayPal were used to add urgency for the potential victim, enticing them to follow the link to trouble. “Using this malicious language and applying analysis to the domains, we can start picking them off prior to a campaign launching,” Hay said. O’Connor shared details in a blog post on the science behind the analytics, including algorithms used in bioinformatics and data mining, natural language processing techniques that allow him to develop a dictionary of malicious language used in these campaigns that helps the tool predict malicious domain activity. “NLPRank is designed to detect these fraudulent branded domains that often serve as C2 domains for targeted attacks,” O’Connor wrote, adding that the tool uses a minimum edit-distance algorithm used in spell-checkers and other applications to whittle down words used for typo-squatting domains and legitimate domains. “The intuition behind using this algorithm is that essentially we’re trying to define a language used by malicious domains vs. a language of benign domains in DNS traffic,” O’Connor said. Hay added that the domains used in the recently unveiled Carbanak APT bank heist, with losses anywhere between $300 million and $1 billion, were identified as malicious by NLPRank prior to the campaign going public during the recent Security Analyst Summit. Data from Carbanak, DarkHotel and other APT groups uncovered by Kaspersky Lab are among the data sets used to put NLPRank through its paces. “This has been incredibly successful in looking at phishing kits that, at face value, are identical to the parent company’s site,” Hay said, stressing that the tool looks at various low-level code, JavaScript hosted on the site, redirects and more in its analysis. “The model picks them off and starts analyzing the data, making sure it’s associated with the parent company, that it was registered by someone associated with the parent domain through the WHOIS information, looking at how embedded HTML may be different versus the parent company and determining how much it deviates from the parent site.” Eventually the tool will be folded into OpenDNS offerings, but Hay said more analysis capabilities, such expanded HTML and embedded script analysis, need to be added to further keep false positives at bay. “The false positive rate is low, but it’s not at point where we are comfortable putting it into production or turning on automated blocking,” Hay said. “We want additional inputs to the model, but so far it’s looking great.” Source
  14. Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also use wireless in their home network to connect all devices. Every person can see the neighborhood wi-fi networks in the system, and they want to use it for free. But most these networks are secured with a password key. You need to know this security key to access the network. When your own network is down, you will desperately want to connect to these neighborhood networks. For this, people generally search for wi-fi password cracking tools to get unauthorized access to those wireless networks. Sometimes when you are on a network, you also want to check what is happening on the network. This happens mostly in big organizations, when an employer wants to check who is doing what in the network. For these things, there are a few network hacking tools available that let users analyze packets and see what other users are doing. In this article, I am going to discuss wireless security and best wi-fi password cracking or recovery tools. I will explain the kind of encryption wireless networks use and how these tools can crack the networks to get access. We will also see what tools let users monitor networks. Wireless Networks and Hacking Wireless networks are based on IEEE 802.11 standards defined by IEEE(Institute of Electrical and Electronics Engineers) for ad hoc networks or infrastructure networks. Infrastructure networks have one or more access points which coordinate the traffic between the nodes. But in ad hoc networks, there is no access point; each node connects in a peer-to-peer way. Basically there are two types of vulnerabilities which can be found in the Wireless LAN. One is poor configuration and the other is poor encryption. Poor configuration is caused by the network admin who manages the network. It may include the weak password, no security settings, use of default configurations, and other user related things. Poor encryption is related to security keys used to protect the wireless network. It is there because of issues in WEP or WPA. WEP and WPA WEP and WPA are the two main security protocols used in Wi-Fi LAN. WEP is known as Wired Equivalent Privacy (WEP). It is a deprecated security protocol which was introduced back in 1997 as a part of original 802.11 standards. But it was weak, and several serious weakness were found in the protocol. Now, this can be cracked within minutes. So, a new kind of security protocol was introduced in 2003. This new protocol was Wi-Fi Protected Access (WPA). It has mainly two versions, 1 and 2 (WPA and WPA2). Now it is the current security protocol used in wireless networks. To get unauthorized access to a network, one needs to crack these security protocols. There are many tools which can crack Wi-Fi encryption. These tools can either take advantage of WEP weaknesses or use bruteforce attacks on WPA/WPA2. I am sure now you know that you should never use WEP security. Basically wireless hacking tools are of two types. One of which can be used to sniff the network and monitor what is happening in the network. And other kinds of tools are used to hack WEP/WPA keys. These are the popular tools used for wireless password cracking and network troubleshooting. 1. Aircrack Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses the best algorithms to recover wireless passwords by capturing packets. Once enough packets have been gathered, it tries to recover the password. To make the attack faster, it implements a standard FMS attack with some optimizations. The company behind the tool also offers an online tutorial where you can learn how to install and use this tool to crack wireless passwords. It comes as Linux distribution, Live CD and VMware image options. You can use any of these. It supports most of the wireless adapters and is almost guaranteed to work. If you are using a Linux distribution, the only drawback of the tool is that it requires deeper knowledge of Linux. If you are not comfortable with Linux, you will find it hard to use this tool. In this case, try Live CD or VMWare image. VMWare Image needs less knowledge, but it only works with a limited set of host OS, and only USB devices are supported. Before you start using this too, confirm that the wireless card can inject packets. Then start WEP cracking. Read the online tutorial on the website to know more about the tool. If you will follow steps properly, you will end up getting success with this tool. Download: http://www.aircrack-ng.org/ 2. AirSnort AirSnort is another popular tool for decrypting WEP encryption on a wi-fi 802.11b network. It is a free tool and comes with Linux and Windows platforms. This tool is no longer maintained, but it is still available to download from Sourceforge. AirSnort works by passively monitoring transmissions and computing encryption keys once it has enough packets received. This tool is simple to use. If you are interested, you can try this tool to crack WEP passwords. Download: http://sourceforge.net/projects/airsnort/ 3. Cain & Able Cain & Able is a popular password cracking tool. This tool is developed to intercept network traffic and then discover passwords by bruteforcing the password using cryptanalysis attack methods. It can also recover wireless network keys by analyzing routing protocols. It you are trying to learn wireless security and password cracking, you should once try this tool. Download: http://www.oxid.it/cain.html 4. Kismet Kismet is the wi-fi 802.11 a/b/g/n layer2 wireless network sniffer and IDS. It works with any wi-fi card which supports rfmon mode. It passively collects packets to identify networks and detect hidden networks. It is built on client/server modular architecture. It is available for Linux, OSX, Windows and BSD platforms. Download: http://www.kismetwireless.net/ 5. NetStumbler NetStumbler is a popular Windows tool to find open wireless access points. This tool is free and is available for Windows. A trimmed down version of the tool is also available. It is called MiniStumbler. Basically NetStumblet is used for wardriving, verifying network configurations, finding locations with a poor network, detecting unauthorized access points, and more. But the tool also has a big disadvantage. It can be easily detected by most of the wireless intrusion detection systems available. This is because it actively probes a network to collect useful information. Another disadvantage of the tool is that it does not work properly with the latest 64 bit Windows OS. This is because the tool was last updated back in April 2004. It has been around 11 years since the last stable release of the tool. Download Netstumbler: http://www.stumbler.net/ 6. inSSIDer inSSIDer is a popular Wi-Fi scanner for Microsoft Windows and OS X operating systems. Initially the tool was opensource. Later it became premium and now costs $19.99. It was also awarded as “Best Opensource Software in Networking”. The inSSIDer wi-fi scanner can do various tasks, including finding open wi-fi access points, tracking signal strength, and saving logs with GPS records. Download inSSIDer: http://www.inssider.com/ 7. WireShark WireShark is the network protocol analyzer. It lets you check what is happening in your network. You can live capture packets and analyze them. It captures packets and lets you check data at the micro-level. It runs on Windows, Linux, OS X, Solaries, FreeBSD and others. WireShark requires good knowledge of network protocols to analyze the data obtained with the tool. If you do not have good knowledge of that, you may not find this tool interesting. So, try only if you are sure about your protocol knowledge. Download Wireshark: https://www.wireshark.org/ 8. CoWPAtty CoWPAtty is an automated dictionary attack tool for WPA-PSK. It runs on Linux OS. This program has a command line interface and runs on a word-list that contains the password to use in the attack. Using the tool is really simple, but it is slow. That’s because the hash uses SHA1 with a seed of SSID. It means the same password will have a different SSIM. So, you cannot simply use the rainbow table against all access points. So, the tool uses the password dictionary and generates the hack for each word contained in the dictionary by using the SSID. The new version of the tool tried to improve the speed by using a pre-computed hash file. This pre-computed file contains around 172000 dictionary file for around 1000 most popular SSIs. But if your SSID is not in those 1000, you are unlucky. Download CoWPAtty: http://sourceforge.net/projects/cowpatty/ 9. Airjack Airjack is a Wi-Fi 802.11 packet injection tool. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network. Download AirJack: http://sourceforge.net/projects/airjack/ 10. WepAttack WepAttack is an open source Linux tool for breaking 802.11 WEP keys. This tool performs an active dictionary attack by testing millions of words to find the working key. Only a working WLAN card is required to work with WepAttack. Download WebAttack: http://wepattack.sourceforge.net/ 11. OmniPeek OmniPeek is another nice packet sniffer and network analyzer tool. This tool is commercial and supports only Windows operating systems. This tool is used to capture and analyze wireless traffic. But it requires you to have good knowledge of protocols to properly understand things. A good thing is that the tool works with most of the network interface cards available in market. This tool is used for network troubleshooting. This tool also supports plugins, and 40 plugins are already available to extend the features of the tool. Download: http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer 12. CommView for WiFi CommView for WiFi is another popular wireless monitor and packet analyzer tool. It comes with an easy to understand GUI. It works fine with 802.11 a/b/g/n/ac networks. It captures every packet and displays useful information as a list. You can get useful information like access points, stations, signal strength, network connections and protocol distribution. Captured packets can be decrypted by user-defined WEP or WPA keys. This tool is basically for wi-fi network admins, security professionals, and home users who want to monitor their wi-fi traffic and programmers working on software for wireless networks. Download CommView: http://www.tamos.com/products/commwifi/ 13. CloudCracker CloudCracker is the online password cracking tool for cracking WPA protected wi-fi networks. This tool can also be used to crack different password hashes. Just upload the handshake file, enter the network name and start the tool. This tool has a huge dictionary of around 300 million words to perform attacks. Try Cloudcracker: https://www.cloudcracker.com/ Conclusion In this post, I discussed 13 wireless hacking tools. A few wireless hacking tools are for cracking the password to get unauthorized access, and a few are for monitoring and troubleshooting the network. But most of the people really interested in tools to crack wireless hotspots just want to get free Internet access. The above collection also contains those tools which try a dictionary attack to crack wi-fi passwords to allow you to get free Internet access. But be sure not to use these tools in a risky place. Hacking wireless networks to get unauthorized access may be a crime in your country. You may get into trouble for using these tools. So, please do not use these tools for illegal works. As I already mentioned, you should never use the WEP encryption key in your home or wireless network. With available tools, it is child’s play to crack the WEP keys and access your wi-fi network. Wireless monitoring and troubleshooting tools are basically for network admins and programmers working on wi-fi based software. These tools really help when some of your systems face problems in connecting to the network. I hope you enjoyed this article and got relevant information about popular wireless hacking and password cracking tools. I tried my best to compile this list of password hacking tools, but as a human error, I may miss something. If I forgot any important tool in this, please let me know in the comments. Source
  15. I. Description The OWASP ASVS Assessment Tool (OWAAT) has been developed by Mahmoud Ghorbanzadeh (mdgh (a) aut.ac.ir) at Amirkabir University of Technology's Computer Emergency Response Team (APA). OWAAT is a tool, used to verify Web applications security conformance to the OWASP Application Security Verification Standard (ASVS). OWAAT is a Web-based tool and provides team work capabilities. It allows to create multiple assessment projects and assign assessment tasks to different users. II. Installation Please follow installation wizard: http://YourWebSite/asvs/install/ III. Programs have been used (In alphabetical order) Chosen: Chosen: A jQuery Plugin by Harvest to Tame Unwieldy Select Boxes iCheck: Checkboxes and radio buttons customization (jQuery and Zepto) plugin intro: https://github.com/usablica/intro.js jQuery File Upload: https://github.com/blueimp/jQuery-File-Upload jQuery Notify: http://www.erichynds.com/blog/a-jquery-ui-growl-ubuntu-notification-widget jTable: http://www.jtable.org/ TCPDF: http://www.tcpdf.org/ (Unnecessary program files have been deleted) The OWASP ASVS Report Generator: http://ibuildingsnl.github.io/owasp-asvs-report-generator/index.html Download: https://github.com/ghorbanzadeh/OWAAT
  16. Salut, Imi poate recomanda si mie cineva un tool de coletare de adrese de email si un tool pentru trimiterea de mailuri in masa? Mersi
  17. CapTipper: Omri Herscovici: CapTipper - Malicious HTTP traffic explorer tool CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations found. The tool provides the security researcher with easy access to the files and the understanding of the network flow, and is useful when trying to research exploits, pre-conditions, versions, obfuscations, plugins and shellcodes. Feeding CapTipper with a drive-by traffic capture (e.g of an exploit kit) displays the user with the requests URI's that were sent and responses meta-data. The user can at this point browse to Romanian Security Team - Homepage[uRI] and receive the response back to the browser. In addition, an interactive shell is launched for deeper investigation using various commands such as: hosts, hexdump, info, ungzip, body, client, dump and more... Download: https://github.com/omriher/CapTipper
  18. Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. Download: https://github.com/carmaa/inception
  19. Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Download: https://github.com/tomac/yersinia
  20. Automater is a tool that I originally created to automate the OSINT analysis of IP addresses. It quickly grew and became a tool to do analysis of IP Addresses, URLs, and Hashes. Unfortunately though, this was my first python project and I made a lot of mistakes, and as the project grew it bacame VERY hard for me to maintain. Download: https://github.com/1aN0rmus/TekDefense-Automater
  21. Spotlight is name of Apple OSX’s desktop search functionality. It indexes all the files on a volume storing metadata about filesystem object (e.g. file, directory) in an effort to provide fast and extensive file searching capabilities. The metadata stored includes familiar filesystem metadata, as in MAC times as well as file-internal metadata like image dimensions and color model. Spotlight allows users to search for documents with the Author tag “Snowden,” for example. These databases are created by OSX on each volume the machine can access, including flash drives. They can be found at the path: /.Spotlight-V100/Store-V2/<SomeHash>/store.db for each volume; we have also provided access to some sample databases with the tool download. 504ensics is proud to introduce our newest forensic tool, Spotlight Inspector (SI). This is a brand new tool we’re developing for the analysis of OSX Spotlight databases. It parses Spotlight metadata databases and provides functionality to work with the internal data in a clean and useful way. On to some features! Download: Spotlight Inspector Digital Forensics Tool Announced | 504ENSICS Labs
  22. Rainbow Maker is a python based tool for Cracking hash signatures & Creating Rainbow Table. Introduction OWASP Rainbow Maker is a tool aimed to break hash signatures. It allows testers to insert a hash value and possible keywords and values that might used by the application to create it, then it tried multiple combinations to find the format used to generate the hash value. Description give it a hash value, and a possible words that might led to create this value - the tool has a delimiter list (){} ;,'[]"~, etc. and it goes over all the words inserted and tries all possible combinations... for example: if you entered: password, pass, Pass, Password, secret123 it will try all kind of combinations such as: [password:secret123] "Pass";"secret12" {Password,secret123} etc. etc. Its other use is to produce a Rainbow Table out of the given word-list. Download: https://www.owasp.org/index.php/OWASP_Rainbow_Maker_Project
  23. SkypeFreak A Cross Platform Forensic Framework for Skype Fully Open Source Written in Python 2.7 Supports Windows, Linux and OS X Will be ported to Ruby and PHP soon Won't work with alternative accounts using Microsoft and Facebook What is this all about? This is a small idea of mine. A full open source forensic framework for Skype. I love to analyze applications and explore how things work behind the scenes. The main goal of this application is to aid in forensic investigations. What is so special in this? Actually there are many other tools which could the same thing, but I thought writing a open source tool to help people understand what is really going on and anyone can customize this according their needs. Will there be a big Forensic framework? Yes me, Hood3dRob1n and Nick Knight are planning a full fledged forensic framework including most famous applications such as Firefox, Google Chrome, Safari, Opera, etc. This will be available in Python, Ruby and PHP. Conclusion None of the application you use today are safe. They often log what all you do. Do not use this application without any kind of permissions because it would result in violation of privacy. The author takes no responsibility of any kind of damage you cause. Please use this for educational purposes only. Download: .zip | .tar.gz Author: https://twitter.com/OsandaMalith SkypeFreak by OsandaMalith
  24. MOSCRACK Multifarious On-demand Systems Cracker Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin. Some of Moscrack's features: Basic API allows remote monitoring Automatic and dynamic configuration of nodes Live CD/USB enables boot and forget dynamic node configuration Can be extended by use of plugins Uses aircrack-ng (including 1.2 Beta) by default CUDA/OpenCL support via Pyrit plugin CUDA support via aircrack-ng-cuda (untested) Does not require an agent/daemon on nodes Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin Checkpoint and resume Easily supports a large number of nodes Desgined to run for long periods of time Doesn't exit on errors/failures when possible Supports mixed OS/protocol configurations Supports SSH, RSH, Mosix for node connectivity Effectively handles mixed fast and slow nodes or links Architecture independent Supports Mosix clustering software Supports all popular operating systems as processing nodes Node prioritization based on speed Nodes can be added/removed/modified while Moscrack is running Failed/bad node throttling Hung node detection Reprocessing of data on error Automatic performance analysis and tuning Intercepts INT and TERM signals for clean handling Very verbose, doesn't hide anything, logs agressively Includes a "top" like status viewer Includes CGI web status viewer Includes an optional basic X11 GUI Compatibility Moscrack itself should work with any Un*x variant, but it is developed and tested on Linux. Tested platforms for SSH based end nodes: Moscrack Live CD (SUSE) Ubuntu Linux 12.10 x86 64bit Ubuntu Linux 12.04.2 x86 64bit Ubuntu Linux 10.10 x86 64bit Ubuntu Linux 10.10 x86 32bit CentOS Linux 5.5 x86 32bit FreeBSD 8.1 x86 64bit Windows Vista Business 64bit w/Cygwin 1.7.7-1 Windows Vista Business 64bit w/Cygwin 1.7.9 Mac OS X 10.5.6 (iPC OSx86) Solaris Express 11 x64 iPhone 3g iOS 3.2.1 (Jailbroken) Samsung Galaxy S2 SGH-I727R (Cyanogenmod 10 + Linux chroot) Tested platforms for RSH based end nodes: Ubuntu Linux 10.10 x86 64bit Windows Vista Business 64bit w/Cygwin 1.7.7-1 Windows Vista Business 64bit w/Cygwin 1.7.9 Tested platforms for Mosix end nodes: Ubuntu Linux 10.10 x86 64bit Ubuntu Linux 10.10 x86 32bit Tested platforms for Moscrack server: Ubuntu Linux 13.10 x86 64bit Ubuntu Linux 12.10 x86 64bit Ubuntu Linux 10.10 x86 64bit Download: moscrack-2.08b.tar.gz Sources: moscrack | Free Security & Utilities software downloads at SourceForge.net Moscrack
  25. Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access, and whatever would look dodgy under an AV scan. It uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. Shellter will launch and trace the target, while at the same time will log the execution flow of the application. Also supports encoded/self-decrypting payloads by taking advantage of the Imports Table of the application. It will look for specific imported APIs that can be used on runtime to execute a self-decrypting payload without doing any modifications in the section’s characteristics from inside the PE Header. At the moment 7 methods are supported for loading encoded payloads: 0. VirtualAlloc 1. VirtualAllocEx 2. VirtualProtect 3. VirtualProtectEx 4. HeapCreate/HeapAlloc 5. LoadLibrary/GetProcAddress 6. CreateFileMapping/MapViewOfFile Read more... Download Password: _Sh3llt3r_ Source
×
×
  • Create New...