Saturday, August 18, 2007
Tool - Nessus
Ok. Here is another tool that the penetration community should already know very well. Nessus is basically a tool to scan and inform about vulnerabilities in open ports. It will report back to you about what it found and why some open ports may be a problem. (a lot more info than nmap) There is also a safe mode and a not-so-safe mode. The un-safe mode will try a larger variety of checks against the node including DoS. So, if you are using it against a work machine... do it after hours or create a clone and do it in a lab. If you were to run it against Windows 98, it would bring it down. ha (i've done it in a lab) ha
Friday, August 17, 2007
Tool - Brutus
This is a Windows tool similar to Hydra. Its simple with only one window. It won't do quite as much as Hydra will do (Hydra is available for Windows too). But, Brutus is still a nice tool. I'll have to check into it again but I am not so sure Hydra can go against web authentication (including forms). Brutus will go against web authentication and web forms.
Tool - Hydra / Hydra GTK
Please visit the start of the mini-series here:
http://securitynotes.blogspot.com/2008/11/hydra-hydra-gtk-basic-cracking-hacking.html
Ok, so this is a tool thats WELL KNOWN by the penetration community (no, not a condom! ha). Hydra is a freaking fast tool that you can use to brute force, dictionary, etc. a target. Normal Hydra is used via the command line and Hydra GTK is a UI version. For learning how to use it I recommend the UI as it will get you going quickly. You will be loosing some CPU cycles to the GUI environment but I will leave it up to you to decide if really makes a difference. At the base of Hydra GTK is the command to run Hydra from the command line. So if you are using a password file against one username, it will display how to run what your running in the UI, from the CLI.
Here is the site:
http://www.thc.org/thc-hydra/
Thursday, August 16, 2007
Shell Script - rdesktop.sh
This script hasn't been perfected yet but I almost lost it once. So, here it is so I don't almost loose it again. I know it would be semi-easy to re-create but hey, why re-create when you can just go back and find it again!
I use this so I can automatically pull up computers at work after hours and do maintenance. You can either leave the password field blank or put it in the script to auto-login for you. IF you put the password into the script, be careful. Someone may be able to read your script and get your password!
I do need to update this script. For some reason if it doesn't find port 3389 open on a remote host in the list it will spit out the results from 'nmap --help'. This is ok as it will just move onto the next IP but if you know how to fix it I would love to know how. Keep checking back for updates.
rdesktop.sh
#! /bin/bash
clear
echo "Enter First 3 Octets (x.x.x):"
read ipthree
echo "Enter 4th Octet FIRST IP:"
read ipfirst
echo "Enter 4th Octet ENDING IP:"
read iplast
iprange=`echo $ipthree | cut -d. -f1-3`
# Use If First IP Range Is Giving Trouble - CAUTION, May Give Unwanted Results If 'ipthree' Is Fatfingered
#iprange=`echo $ipthree`
for (( i = $ipfirst ; i <= $iplast ; i++ ))
do
nmaplist=`nmap -P0 -p3389 $iprange.$i | grep -B2 open | grep Interesting | cut -d" " -f4 | cut -d: -f1`
rdesktop -k en-us -a 16 -u Administrator -p "" $nmaplist
done
I use this so I can automatically pull up computers at work after hours and do maintenance. You can either leave the password field blank or put it in the script to auto-login for you. IF you put the password into the script, be careful. Someone may be able to read your script and get your password!
I do need to update this script. For some reason if it doesn't find port 3389 open on a remote host in the list it will spit out the results from 'nmap --help'. This is ok as it will just move onto the next IP but if you know how to fix it I would love to know how. Keep checking back for updates.
rdesktop.sh
#! /bin/bash
clear
echo "Enter First 3 Octets (x.x.x):"
read ipthree
echo "Enter 4th Octet FIRST IP:"
read ipfirst
echo "Enter 4th Octet ENDING IP:"
read iplast
iprange=`echo $ipthree | cut -d. -f1-3`
# Use If First IP Range Is Giving Trouble - CAUTION, May Give Unwanted Results If 'ipthree' Is Fatfingered
#iprange=`echo $ipthree`
for (( i = $ipfirst ; i <= $iplast ; i++ ))
do
nmaplist=`nmap -P0 -p3389 $iprange.$i | grep -B2 open | grep Interesting | cut -d" " -f4 | cut -d: -f1`
rdesktop -k en-us -a 16 -u Administrator -p "" $nmaplist
done
Note - Shell Scripting
Ok, so I love to shell script. I am no programmer.... wait.... I love to shell script. Does that count toward being a programmer? ha I am going to post some of my shell scripts, that will probably be updated with new features anyway so you may see the same script a few times (each time with new features... or maybe I will just update old posts... who knows).
DISCLAIMER
I take NO responsibility for what you do with these scripts. They are intended for educational purposes ONLY. I use these for making my life at work easier. If you choose to use them another way you will most likely get caught and go to jail.
I will try to remember to put some sort of disclaimer on my code when I post but if I forget, consider this your warning. If you like the code or have suggestions, please let me know. I am always interested in cool ways to make my shell scripts better.
Now, for you programmers. You may see something I am doing and say ''You could do that a lot easier in ___ language instead of shell.'' Well DUH. Again, I am not a programmer. Consider this too... You are logged onto a remote system and want to run the uber-cool script you wrote to make your life a whole lot easier. Whats faster? Copying shell script or having to make sure you have ___ compiler on the remote system and then somehow getting it to work? I will go for a shell script I can copy off the machine I am typing on and have it running in a matter of a few minutes instead of a lot longer.
DISCLAIMER
I take NO responsibility for what you do with these scripts. They are intended for educational purposes ONLY. I use these for making my life at work easier. If you choose to use them another way you will most likely get caught and go to jail.
I will try to remember to put some sort of disclaimer on my code when I post but if I forget, consider this your warning. If you like the code or have suggestions, please let me know. I am always interested in cool ways to make my shell scripts better.
Now, for you programmers. You may see something I am doing and say ''You could do that a lot easier in ___ language instead of shell.'' Well DUH. Again, I am not a programmer. Consider this too... You are logged onto a remote system and want to run the uber-cool script you wrote to make your life a whole lot easier. Whats faster? Copying shell script or having to make sure you have ___ compiler on the remote system and then somehow getting it to work? I will go for a shell script I can copy off the machine I am typing on and have it running in a matter of a few minutes instead of a lot longer.
A Place For Notes
Ok, so I am new to the security field but I am excited about it! This is just a place for me to put my notes of cool tools, neat ideas, random notes, and all sorts of stuff. Why? Because I hate it when I can't remember something. Ever have a command that you just can't remember? Yeah. Thats why I made this. I can put my notes of cool stuff and cool tools, etc. so I can always come back to find what I forgot. So, if your reading along good for you. Hopefully I can help you too. Post a comment on my notes, tools, and more so we can gain from each others knowledge. :D
Subscribe to:
Posts (Atom)