Sponsor

Security Videos

Entries in tektip (15)

Monday
Sep032012

TekTip ep6 - Passive Information Gathering with TheHarvester

The Harvester: Created by Edge-Security
Default BT Location: /pentest/enumeration/theharvester
theharvester is a great passive information gathering tool that is immensly helpful in blind pentests.  
Notable options
-d: for the domain
-f: export to html/xml
-c: DNS bruteforce
-n: Reverse DNS query
-l: limit the number of results
-b: Where to search
** "-b all" does not actually include all sources.
examples:
./theharvester.py -d tekdefense.com -l 100 -n -b all
./theharvester.py -d securitytube.net -l 100 -n -b linkedin
Tekdefense.com
1aN0rmus@tekdefense.com

 

Sunday
Aug262012

TekTip ep5 - Backtrack5 R3 Tool Update Demo

In this episode of TekTip we take a look at the recent Backtrack release BT5 R3.  While we list all of the new tools and updates, we look specifically at and demo inundator, cutycapt, rainbowcrack, twofi, uber harvest, jigsaw, and urlcrazy.

Full Fupdate List

inundator - intrusion detection false positives generator

cutycapt - batch screenshots to be taken of web pages

rainbowcrack - crack hashes with rainbowtables

twofi - take multiple search terms and return a word list sorted by most common first

uberharvest -  crawl through the website (and all the links within that website) searching for valid email addresses

jigsaw - enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing

urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

_________________________________

libcrafter -  It is able to craft or decode packets of most common networks protocols, send them on the wire, capture them and match requests and replies

blueranger -  locate Bluetooth device radios

dbd - Updated and much-improved Netcat clone

intersect - post-exploitation framework

mercury - Android Assessment Framework

trixd00r - TCP/IP based backdoor for UNIX systems

artemisa - VoIP/SIP-specific honeypot

rifiuti2 - Analysis of Windows Recycle Bin

netgear-telnetenable - opens up the telnet port in most Netgear brand routers

jboss-autopwn - deploys a JSP shell on the target JBoss AS server

deblaze - enumeration and interrogation against flash remoting end points

sakis3g - connection with a variety of USB 3G modems with operators parameters already configured and available in a simple ncurses interface.

voip honey - honeywall and honeypot emulating VoIP environments

apache-users -  enumerate the usernames on any system that uses Apache with the UserDir module

phrasendrescher -  modular and multi-processing pass phrase cracking tool

kautilya - various payloads for Teensy device

manglefizz - Manglefizz is designed to generate username combinations quickly

rainbowcrack-mt - for use with using and managing rainbow tables from freerainbowtables.com

lynis-audit - Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

spooftooph - automate spoofing or cloning Bluetooth device Name, Class, and Address

wifihoney - creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng

truecrack - TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files.

acccheck - password dictionary attack tool that targets windows authentication via the SMB protocol

statsprocessor - high-performance word-generator based on per-position markov-attack packed into a single stand-alone binary.

iphoneanalyzer - Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh.

jad - Java decompiler

javasnoop - ntercept methods, alter data and otherwise test the security of Java applications on your computer

mitmproxy - mitmproxy is an SSL-capable man-in-the-middle proxy, extensible with Python

ewizard - simple, strong, Java file and folder encryptor for protection of sensitive information

multimac - emulate and use multiple virtual interfaces (with different MAC addresses) on a LAN using a single network adapter

netsniff-ng - Linux network analyzer and networking toolkit

smbexec - psexec style attack with samba tools

websploit - WebSploit is an open source project for scan and analysis remote system vulnerability

dnmap - distribute nmap scans among several clients

johnny - Johnny is a GUI for John the Ripper written in C++ using the Qt framework

unix-privesc-check - Privileges Escalation Check for linux and windows

sslcaudit - Automate testing SSL/TLS clients for resistance against MITM attacks

dhcpig - advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any in use IPs, then for good measure send gratuitous ARP and knock all windows hosts offline.

intercepter-ng - Multifunctional sniffing tool.

u3-pwn - designed to automate injecting executables to Sandisk smart usb devices with default U3 software install

binwalk - binary analysis tool, helpful for detecting binary files in network streams, compressed images, etc

laudanum - Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.

wifite - WiFite is an automated wireless attack tool.

tnscmd10g - prod the oracle tnslsnr process

bluepot - A Bluetooth honeypot written in Java for Linux operating systems.

dotdotpwn -  flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.

subterfuge - Automated Man-in-the-Middle Attack Framework

creddump - creddump is a python tool to extract various credentials and secrets from Windows registry hives.

android-sdk - official android sdk.

apktool - reverse engineering 3rd party, closed, binary Android apps

ded - retargets Android applications in .dex format to traditional .class files.

dex2jar - Android reverse engineering tool

droidbox - dynamic analysis of Android applications

smali - assembler/disassembler for the dex format

termineter -  test smart meters for vulnerabilities

bbqsql - blind SQL injection framework written in Python

htexploit - exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process

smartphone-pentest-framework - open source security tool, designed to aid in assessing the security posture of smartphones in an environment

fern-wifi-cracker - wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts

powersploit - PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.

webhandler - WebHandler tries to simulate a 'Linux bash prompt' to handle and process: - PHP program execution functions

*Tool descriptions were found at http://redmine.backtrack-linux.org:8080

-1aN0rmus (1aN0rmus@tekdefense.com)

Sunday
Aug052012

TekTip ep3 - The Sticky Keys Trick

In this episode of TekTip we take a break from Malware Analysis and play with an old sys admin trick commonly known as the Sticky Keys trick.  I cannot tell you how many times I have used this to log into lockedout machines from family, friends, co-workers, and clients.  This will work on XP, server 2003, Vista, Windows 7, and probably the rest of them as well.  A quick summarry of the steps involved are:

 

  1. Boot to a live linux distro (BT5 will work fine)
  2. Mount the windows drive 
  3. Replace sethc.exe with cmd.exe
  4. Reboot to Windows
  5. Press shift 5 times to bring up command prompt.
  6. Command prompt aquired, mission accomplished.

 

Sunday
Jul222012

TekTip ep2 - Basic Dynamic Malware Analysis (continued)

Welcome to TekTip episode 2. In this episode we will continue our discussions on basic dynamic malware analysis. We will be focusing on FakeNet. If you would like to follow along at home you can download one of the samples i have been using.

Malware Sample

***This is live malware, do not download unless you have a safe environment setup first.***

Unzip pass is malware

Don't forget to checkout and download FakeNet.

Sunday
Jul152012

TekTip ep1 - Basic Dynamic Malware Analysis

Alright everyone, checkout our first TekTip tutorial.  Please excuse the poor resolution on the video.  For a better view select 720p and fullscreen.

In this episode we talk about and demo basic dynamic malware analysis. Tools we leveraged here include VMWare Workstation, Sysinternal Suite, Netcat, ApateDNS, Wireshark, Regshot.

 -1aN0rmus

Page 1 2 3