In this episode of TekTip we take a look at the recent Backtrack release BT5 R3. While we list all of the new tools and updates, we look specifically at and demo inundator, cutycapt, rainbowcrack, twofi, uber harvest, jigsaw, and urlcrazy.
cutycapt - batch screenshots to be taken of web pages
rainbowcrack - crack hashes with rainbowtables
twofi - take multiple search terms and return a word list sorted by most common first
uberharvest - crawl through the website (and all the links within that website) searching for valid email addresses
jigsaw - enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing
urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
_________________________________
libcrafter - It is able to craft or decode packets of most common networks protocols, send them on the wire, capture them and match requests and replies
blueranger - locate Bluetooth device radios
dbd - Updated and much-improved Netcat clone
intersect - post-exploitation framework
mercury - Android Assessment Framework
trixd00r - TCP/IP based backdoor for UNIX systems
artemisa - VoIP/SIP-specific honeypot
rifiuti2 - Analysis of Windows Recycle Bin
netgear-telnetenable - opens up the telnet port in most Netgear brand routers
jboss-autopwn - deploys a JSP shell on the target JBoss AS server
deblaze - enumeration and interrogation against flash remoting end points
sakis3g - connection with a variety of USB 3G modems with operators parameters already configured and available in a simple ncurses interface.
voip honey - honeywall and honeypot emulating VoIP environments
apache-users - enumerate the usernames on any system that uses Apache with the UserDir module
phrasendrescher - modular and multi-processing pass phrase cracking tool
kautilya - various payloads for Teensy device
manglefizz - Manglefizz is designed to generate username combinations quickly
rainbowcrack-mt - for use with using and managing rainbow tables from freerainbowtables.com
lynis-audit - Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.
spooftooph - automate spoofing or cloning Bluetooth device Name, Class, and Address
wifihoney - creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng
truecrack - TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files.
acccheck - password dictionary attack tool that targets windows authentication via the SMB protocol
statsprocessor - high-performance word-generator based on per-position markov-attack packed into a single stand-alone binary.
iphoneanalyzer - Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh.
jad - Java decompiler
javasnoop - ntercept methods, alter data and otherwise test the security of Java applications on your computer
mitmproxy - mitmproxy is an SSL-capable man-in-the-middle proxy, extensible with Python
ewizard - simple, strong, Java file and folder encryptor for protection of sensitive information
multimac - emulate and use multiple virtual interfaces (with different MAC addresses) on a LAN using a single network adapter
netsniff-ng - Linux network analyzer and networking toolkit
smbexec - psexec style attack with samba tools
websploit - WebSploit is an open source project for scan and analysis remote system vulnerability
dnmap - distribute nmap scans among several clients
johnny - Johnny is a GUI for John the Ripper written in C++ using the Qt framework
unix-privesc-check - Privileges Escalation Check for linux and windows
sslcaudit - Automate testing SSL/TLS clients for resistance against MITM attacks
dhcpig - advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any in use IPs, then for good measure send gratuitous ARP and knock all windows hosts offline.
intercepter-ng - Multifunctional sniffing tool.
u3-pwn - designed to automate injecting executables to Sandisk smart usb devices with default U3 software install
binwalk - binary analysis tool, helpful for detecting binary files in network streams, compressed images, etc
laudanum - Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.
wifite - WiFite is an automated wireless attack tool.
tnscmd10g - prod the oracle tnslsnr process
bluepot - A Bluetooth honeypot written in Java for Linux operating systems.
dotdotpwn - flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.
ded - retargets Android applications in .dex format to traditional .class files.
dex2jar - Android reverse engineering tool
droidbox - dynamic analysis of Android applications
smali - assembler/disassembler for the dex format
termineter - test smart meters for vulnerabilities
bbqsql - blind SQL injection framework written in Python
htexploit - exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process
smartphone-pentest-framework - open source security tool, designed to aid in assessing the security posture of smartphones in an environment
fern-wifi-cracker - wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts
powersploit - PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.
webhandler - WebHandler tries to simulate a 'Linux bash prompt' to handle and process: - PHP program execution functions
In this episode of TekTip we take a break from Malware Analysis and play with an old sys admin trick commonly known as the Sticky Keys trick. I cannot tell you how many times I have used this to log into lockedout machines from family, friends, co-workers, and clients. This will work on XP, server 2003, Vista, Windows 7, and probably the rest of them as well. A quick summarry of the steps involved are:
Welcome to TekTip episode 2. In this episode we will continue our discussions on basic dynamic malware analysis. We will be focusing on FakeNet. If you would like to follow along at home you can download one of the samples i have been using.
Alright everyone, checkout our first TekTip tutorial. Please excuse the poor resolution on the video. For a better view select 720p and fullscreen.
In this episode we talk about and demo basic dynamic malware analysis. Tools we leveraged here include VMWare Workstation, Sysinternal Suite, Netcat, ApateDNS, Wireshark, Regshot.