Description: Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Security Onion is THE distro for Network Monitoring in the same way that Backtrack is for pentesting.
Uses: Malware analysis, signature developement, honeynet/lab, home or small office.
1. Download iso and install.
*Need a GB of RAM per interface you are monitoring
**Installation is quick. Less then 10 minutes
***Currently based off of 10.04. Roadmap shows 64 bit based on 12.04 should be out soon.
2. If using Quick Mode installaion, TSO will monitor all interfaces
In this episode of TekTip we use socat to facilitate hacking with tools that don't normally support ipv6. While this demo uses nikto as the attacking tool, this methodology will work with most other tools as well.
TCP-Listen: Select the port the listener will be stood up on.
reuseaddr: Allows other sockets to bind to an address even if parts of it (e.g. the local port) are already in use by socat.
fork: After establishing a connection, handles its channel in a child process and keeps the parent process attempting to produce more connections, either by listening or by connecting in a loop
Nikto
./nikto.pl -host 127.0.0.1 -port 8080
Host: Target ip. In our case we will use 127.0.0.1 as socat is lstening and forwarding that traffic to the IPv6 target.
Port: Port of the target. We will use 8080 as this is the port we configured socat to listen on. This is not the port of the target webserver. Socat will forward to port 80.
SET includes many modules: Spear-Phishing Attack Vectors, Website Attack Vectors, Infectious Media Generator, Create a Payload and Listener, Mass Mailer Attack, Arduino-Based Attack Vector, SMS Spoofing Attack Vector, Wireless Access Point Attack Vector, QRCode Generator Attack Vector, Powershell Attack Vectors, Third Party Modules.
In this video we focus on "Website Attack Vectors" and particularly "Credential Harvester". For this demo we clone the securitytube.net login page and watch as users (in our lab) attempt to connect and login, giving us their passwords.
Keep in mind that this by itself is not a very strong tool. You must combine with information gathering techniques and trickery to get the most out of this tool in a pentest.
In this episode of TekTip we take a look at the recent Backtrack release BT5 R3. While we list all of the new tools and updates, we look specifically at and demo inundator, cutycapt, rainbowcrack, twofi, uber harvest, jigsaw, and urlcrazy.
cutycapt - batch screenshots to be taken of web pages
rainbowcrack - crack hashes with rainbowtables
twofi - take multiple search terms and return a word list sorted by most common first
uberharvest - crawl through the website (and all the links within that website) searching for valid email addresses
jigsaw - enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing
urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
_________________________________
libcrafter - It is able to craft or decode packets of most common networks protocols, send them on the wire, capture them and match requests and replies
blueranger - locate Bluetooth device radios
dbd - Updated and much-improved Netcat clone
intersect - post-exploitation framework
mercury - Android Assessment Framework
trixd00r - TCP/IP based backdoor for UNIX systems
artemisa - VoIP/SIP-specific honeypot
rifiuti2 - Analysis of Windows Recycle Bin
netgear-telnetenable - opens up the telnet port in most Netgear brand routers
jboss-autopwn - deploys a JSP shell on the target JBoss AS server
deblaze - enumeration and interrogation against flash remoting end points
sakis3g - connection with a variety of USB 3G modems with operators parameters already configured and available in a simple ncurses interface.
voip honey - honeywall and honeypot emulating VoIP environments
apache-users - enumerate the usernames on any system that uses Apache with the UserDir module
phrasendrescher - modular and multi-processing pass phrase cracking tool
kautilya - various payloads for Teensy device
manglefizz - Manglefizz is designed to generate username combinations quickly
rainbowcrack-mt - for use with using and managing rainbow tables from freerainbowtables.com
lynis-audit - Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.
spooftooph - automate spoofing or cloning Bluetooth device Name, Class, and Address
wifihoney - creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng
truecrack - TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files.
acccheck - password dictionary attack tool that targets windows authentication via the SMB protocol
statsprocessor - high-performance word-generator based on per-position markov-attack packed into a single stand-alone binary.
iphoneanalyzer - Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh.
jad - Java decompiler
javasnoop - ntercept methods, alter data and otherwise test the security of Java applications on your computer
mitmproxy - mitmproxy is an SSL-capable man-in-the-middle proxy, extensible with Python
ewizard - simple, strong, Java file and folder encryptor for protection of sensitive information
multimac - emulate and use multiple virtual interfaces (with different MAC addresses) on a LAN using a single network adapter
netsniff-ng - Linux network analyzer and networking toolkit
smbexec - psexec style attack with samba tools
websploit - WebSploit is an open source project for scan and analysis remote system vulnerability
dnmap - distribute nmap scans among several clients
johnny - Johnny is a GUI for John the Ripper written in C++ using the Qt framework
unix-privesc-check - Privileges Escalation Check for linux and windows
sslcaudit - Automate testing SSL/TLS clients for resistance against MITM attacks
dhcpig - advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any in use IPs, then for good measure send gratuitous ARP and knock all windows hosts offline.
intercepter-ng - Multifunctional sniffing tool.
u3-pwn - designed to automate injecting executables to Sandisk smart usb devices with default U3 software install
binwalk - binary analysis tool, helpful for detecting binary files in network streams, compressed images, etc
laudanum - Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.
wifite - WiFite is an automated wireless attack tool.
tnscmd10g - prod the oracle tnslsnr process
bluepot - A Bluetooth honeypot written in Java for Linux operating systems.
dotdotpwn - flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.
ded - retargets Android applications in .dex format to traditional .class files.
dex2jar - Android reverse engineering tool
droidbox - dynamic analysis of Android applications
smali - assembler/disassembler for the dex format
termineter - test smart meters for vulnerabilities
bbqsql - blind SQL injection framework written in Python
htexploit - exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process
smartphone-pentest-framework - open source security tool, designed to aid in assessing the security posture of smartphones in an environment
fern-wifi-cracker - wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts
powersploit - PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.
webhandler - WebHandler tries to simulate a 'Linux bash prompt' to handle and process: - PHP program execution functions
Sunday, September 23, 2012 at 12:30PM