tag:blogger.com,1999:blog-74908175706521803122024-03-06T03:00:22.062-03:00Security HackSitio personal de Ariel M. Liguori De GottigAriel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-7490817570652180312.post-81464875717945165542009-11-12T04:00:00.001-03:002009-11-12T08:11:38.883-03:00PenTester Scripting!Aquí les voy a dejar un sitio que no tenia entre mis links (pero ya agregare!), se trata del sitio <a href="http://pentesterscripting.com/">pentesterscripting.com</a> que nos recibe con el siguiente parrafo:<br />
<br />
<span style="color: #bfe8ff; font-family: Verdana; font-size: 13px; line-height: 19px;"></span><br />
<blockquote><span style="font-size: x-small;"><span style="color: #f3f3f3;">Hello! Welcome to the site.</span></span><br />
</blockquote><blockquote><span style="font-size: x-small;"><span style="color: #f3f3f3;">Have you found yourself in the predicament of needing to exploit an application/</span></span><acronym style="border-bottom-color: rgb(191, 232, 255); border-bottom-style: dotted; border-bottom-width: 1px; cursor: help; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="Operating System"><span style="font-size: x-small;"><span style="color: #f3f3f3;">OS</span></span></acronym><span style="font-size: x-small;"><span style="color: #f3f3f3;">/web page? And you think to yourself, “I just did this last week, but I can't remember what I did”. That's the reason for this Wiki/Site. PenTesters young and old, n00b and l33t can gain access to and knowledge of useful scripts/tricks/tips (security related or not) for the purpose of pen-testing.</span></span><br />
</blockquote><blockquote><span style="font-size: x-small;"><span style="color: #f3f3f3;">A group of PenTesters/Researchers have gotten together with the purpose of posting their useful scripts. Feel free to submit your scripts, we will gladly review them, even post them crediting you. You can submit them at scripts@pentesterscripting.com</span></span><br />
</blockquote><div style="margin-bottom: 1em; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: black; font-size: x-small;"><span style="font-size: 10px;"><i><br />
</i></span></span><br />
</div><div style="margin-bottom: 1em; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="font-size: small;"><span style="color: #666666;">Site: </span><a href="http://pentesterscripting.com/">PenTesterScripting</a></span><br />
</div>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-35363792934548933242009-11-11T09:09:00.000-03:002009-11-11T09:09:25.518-03:00Lab para penetration test!Sí, esto es en lo que estoy trabajando ahora (en mis tiempos libres que son realmente escasos ), un lab para pen-test y otro de networking. En fin, buscando info de esto me encontre con una vieja página conocida por muchos!: <i><a href="http://www.securityaegis.com/">SecurityAegis</a>.</i><br />
<i><br />
</i><br />
En esta página hay detalles de labs ya preparados para la acción y solo queda la parte más emocionante que se da durante el training :)<br />
<i><br />
</i><br />
<i>Link a lab: <span class="Apple-style-span" style="font-style: normal;"><a href="http://www.securityaegis.com/network-pentest-lab/">http://www.securityaegis.com/network-pentest-lab/</a></span></i><br />
<br />
Saludos!Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-12396049692082955952009-11-05T09:58:00.002-03:002009-11-05T10:32:38.393-03:00MetaSploit: Modificando algunos exploits para "conseguir shell".-La verdad que me veo obligado a poner una referencia a estos muchachos que son 100% impresionantes! Si bien me toco resolver esto sin tener esta mágnifica explicación siempre habia sido un pendiente para formalizarlo en un papper o una entrada y aqui los chicos de Pentester.es ya lo han hecho. Se trata de modificar basicamente algunos exploits de Metasploit que son sensibles a algunos parametros (por ejemplo el idioma del S.O. de la víctima). <a href="http://www.pentester.es/2009/11/por-que-no-consigo-shell-con-mi.html">Aquí esta el link a la entrada</a>, enjoy it!<br />
<br />
Fuente: <a href="http://www.pentester.es">PenTester.es</a>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-66335177762741132652009-05-05T04:01:00.000-03:002009-05-05T04:01:01.020-03:00Tenés un minuto libre: ¿Un Café ó Pen-Testing? - Fast-Track.Basicamente lo que les digo en el título es lo que nos ofrece <a href="http://www.thepentest.com/"><i><b>Fast-Track</b></i></a>, una herramienta desarrollada en Python por <a href="https://www.securestate.com/About-Us/Pages/Dave-Kennedy.aspx">David Kennedy</a> que se encarga de automatizar ciertas tareas que un pentester suele realizar. Recorriendo la wiki del proyecto nos encontramos con modulos de Auto Pwn!, MSSQL Injectors, MSSQL Brute Forcer, Exploits... y muchas más. Obviamente que esta herramienta ya es un exito y ha sido incluida en las distribuciones de backtrack. Algo para tener en cuenta cuando no sabemos que hacer, tomar un café o realizar un pentest ;-).<br />
<br />
Saludos,<br />
<br />
Fuente:<br />
- <a href="http://www.pentester.es/2009/04/fast-track-pentesting-la-velocidad-de.html">Pentester.es</a><br />
<br />
Más Info:<br />
- <a href="http://www.thepentest.com/">http://www.thepentest.com/</a><br />
- <a href="http://trac.thepentest.com/wiki/FastTrack_Tools">http://trac.thepentest.com/wiki/FastTrack_Tools</a>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-31982735980766417232009-04-21T18:21:00.000-03:002009-04-21T18:21:25.745-03:00Usando 0-days en penetration tests.En principio quiero aclarar que la esencia de este post surgio hace unas semanas leyendo la lista de Pen-Test de insecure.org. En este thread que no tuvo mucho exito se planteaba algo que a muchos se nos habrá pasado por la mente en algún momento ¿Usamos 0-days en nuestros Pen-tests?<br />
Dicha pregunta la delimitaría esencialmente en ¿Usamos NUESTROS 0-days en Pen-test? ya que existe en esta subdivisión otro rasgo que podrá interactuar con la respuesta. <br />
<br />
En principio la utilización de 0-days o de vulnerabilidades recientemente descubiertas es útil e inclusive necesario durante las pruebas de pen-test. Es necesario que el cliente sea testeado con toda las rigurosidades que el mercado mismo le impondrá a la hora de estar expuesto en la red.<br />
<br />
El caso que se refiere a la utilización de 0-days propios queda intimamente determinado por la filosofía/política de la companía o del pen-tester ya que la utilización de nuestro código a la vez lo hará público (no a todo el mundo, recordar que siempre hemos de firmar un NDA ;-) ) pero si será conocido por la empresa (o la misma tendrá derecho a exigir conocer con que la hemos vulnerado). Es por ésto que es necesario tener una postura formada y saber decidir que es lo que haremos cuando nos encontremos en ese momento.<br />
<br />
Esa es mi opinión acerca del tema, invito a quién desee a dejar la suya :)<br />
<br />
Saludos,Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-43211462248552694522009-03-24T01:00:00.000-03:002009-03-24T01:00:00.912-03:00OpenVAS: Open Vulnerability Assessment SystemSí, para todos aquellos que andaban buscando alternativas para el Nessus que mejor que contar con un proyecto que nació en la misma cuna y al crecer se <i>forkeó</i>, ese proyecto es <a href="http://www.openvas.org/">OpenVas</a> y realmente promete.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.openvas.org/pix/OpenVAS-logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="54" src="http://www.openvas.org/pix/OpenVAS-logo.png" style="cursor: move;" width="200" /></a></div><br />
<br />
Les recomiendo le den una mirada y lo empeicen a aprovechar.<br />
<br />
Página oficial del proyecto: <a href="http://www.openvas.org/">OpenVas</a><br />
Saludos,Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-44105113193096945512009-02-27T10:47:00.002-02:002009-02-27T12:05:17.324-02:00NeoPwn: ¿Creías que tenías límites? ya no.Gracias a <a href="http://www.pentester.es/">PenTester.es</a> me enteré de la existencia de <a href="http://neopwn.com/">NeoPwn</a>. ¿Qué es? Un teléfono móvil... ahh si, además de eso esta preparado para hacer PenTest, nada mejor que el slogan que aplicaron:<br /><br /><div style="text-align: center; color: rgb(255, 0, 0);"><span style="font-weight: bold; font-style: italic;">"Shall I phone the office... or own the network?"</span><br /></div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://neopwn.com/lib/img/np1.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 248px; height: 469px;" src="http://neopwn.com/lib/img/np1.jpg" alt="" border="0" /></a><br /><br />Fuente: <a href="http://www.pentester.es/2009/02/neopwn-pentesting-movil.html">NeoPwn - PenTesting móvil (PenTester.es)</a><br />Mas Info: <a href="http://neopwn.com/">NeoPwn Mobile Pentesting</a>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-39963550961987623922009-01-30T08:13:00.005-02:002009-01-30T09:02:06.520-02:00Penetration Test Frameworks: AS/400 & WirelessHoy les traigo algo que puede llegar a resultar muy interesante a la hora de la realización de pen testing, sí, más frameworks ;-).<br />La gente de <a href="http://www.security-database.com">Security Database</a> ha desarrollado un Framework para pen-test de sistemas AS/400, si bien aún esta en fase "Beta" podemos acceder a ella y a más información aquí: <a href="http://www.security-database.com/toolswatch/AS-400-Auditing-Framework-Beta.html">AS 400 Auditing Framework Tool</a>.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.security-database.com/toolswatch/IMG/png/AS400_Auditing.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 120px; height: 120px;" src="http://www.security-database.com/toolswatch/IMG/png/AS400_Auditing.png" border="0" alt="" /></a><br /><br />Por otra parte también agrego información de un framework ya existente para el pen-testing de Redes wireless: <a href="http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html">Wireless Penetration</a>.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html_files/image.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 120px; height: 120px;" src="http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html_files/image.png" border="0" alt="" /></a><br /><br /><br />Espero que les sirva tanto como a mi.<br />Saludos,Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-76177178935655909432009-01-26T14:28:00.002-02:002009-01-26T14:29:27.906-02:00Penetration Test FrameworkLes dejo un link a un EXCELENTE material sobre todos los aspectos a evaluar durante un penetration test:<br /><br /><span style="font-weight:bold;"><a href="http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html#">http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html#</a></span><br /><br />Enjoy it, realmente es muy bueno.<br /><br />Saludos,Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-86850370405460042122009-01-10T01:00:00.001-02:002009-01-10T01:00:00.851-02:00PenTest de Oracle DataBasesComo prometí...<br />El Penetration Testing suele involucrar diversas áreas, entre ellas podemos destacar las bases de datos. En este post les mostraré las _no_tan_ conocidas herramientas para realizar PenTesting de bases de datos Oracle.<br /><span style="font-weight: bold;"><br /><a href="http://www.cqure.net/wp/oscanner/">OScanner</a></span>: <span style="font-style: italic;">Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do:<br /><br />- Sid Enumeration<br />- Passwords tests (common & dictionary)<br />- Enumerate Oracle version<br />- Enumerate account roles<br />- Enumerate account privileges<br />- Enumerate account hashes<br />- Enumerate audit information<br />- Enumerate password policies<br />- Enumerate database links<br /><br />The results are given in a graphical java tree.</span><br /><br /><span style="font-weight: bold;"><a href="http://www.cqure.net/wp/test/">Oracle Auditing Tools (OAT)</a></span>: <span style="font-style: italic;">The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.</span><br /><br /><span style="font-weight: bold;"><a href="http://www.cqure.net/wp/dbpwaudit/">DBPwAudit</a></span>: <span style="font-style: italic;">DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.</span><br /><br /><span style="font-weight: bold;"><a href="http://www.cqure.net/wp/sidguesser/">SidGuesser</a></span>: <span style="font-style: italic;">Guesses sids/instances against an Oracle database according to a predefined dictionary file.</span><br /><br /><br /><span style="font-style: italic;">Links de interes:</span><br /><ul><li><a href="http://www.securityfocus.com/infocus/1689">Introduction to Simple Oracle Auditing</a></li><li><a href="http://www.petefinnigan.com/papers/audit.sql">Peter Finnigan - Audit.sql</a></li><li><a href="https://metalink.oracle.com/">Oracle Metalink</a></li><li><a href="http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=whitepapers">Pappers de PenTest en Oracle DBs</a></li></ul>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com0tag:blogger.com,1999:blog-7490817570652180312.post-63048621450731261972009-01-08T10:27:00.003-02:002009-01-08T10:38:05.445-02:00Penetration Testing Tools<span style="font-weight: bold;"><span style="font-weight: bold;">Una lista muy completa de herramientas para PenTesting, toda la info fue extraída de <a href="http://www.forinsect.de/pentest/pentest-tools.html">forinsect.</a></span><br /><br />Packet Shaper:</span><br />• Nemesis: a command line packet shaper<br />• Packit: The Packet Toolkit - A network packet shaper.<br />• Hping by Antirez: a command line TCP/IP packet shaper<br />• Sing: stands for 'Send ICMP Nasty Garbage'; sends fully customizeable ICMP packets<br />• Scapy: a new python-based packet generator<br /><br /><span style="font-weight: bold;">Password Cracker/Login Hacker:</span><br />• John the Ripper: a well-known password cracker for Windows and *nix Systems<br />• Djohn: a distributed password cracker based on "John the Ripper"<br />• Cain & Abel: an advanced password recovery tool for windows systems. It sniffs the network packets an cracks authentication brute-force or with dictionary attacks.<br />• Project RainbowCrack: Advanced instant NT password cracker<br />• Rainbowtables: The shmoo group provides pre-generated rainbow tables for bittorrent download. The tables are generated with RainbowCrack (see above).<br />• Windows NT password recovery tool by Peter Nordahl<br />• THC-Dialup Login Hacker by THC. It tries to guess username and password against the modem carrier. As far as I know the only available dialup password guesser for *NIX.<br />• Hydra by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus.<br />• Medusa: parallel network login auditor<br />• THC imap bruter: a very fast imap password brute forcer<br />• x25bru: a login/password bruteforcer for x25 pad<br />• Crowbar: a generic web brute force tool (Windows only; requires .NET Framework)<br />• MDCrack-NG: a very fast MD4/MD5/NTLMv1 hash cracker; works optionally with precomputed hash tables<br /><span id="fullpost"><br /><span style="font-weight: bold;">Advanced Sniffers:</span><br />• Wireshark (formerly known as Ethereal): an open source network protocol analyzer<br />• Dsniff by Dug Song: a combination of very useful sniffer and man-in-the-middle attack tools<br />• Ettercap: a multipurpose sniffer/interceptor/logger for switched LAN environments<br />• aimsniffer: monitors AOL instant messager communication on the network<br />• 4G8: a tool ,similar to ettercap, to capture network traffic in switched environments<br />• cdpsniffer: Cisco discovery protocol (CDP) decoding sniffer<br /><br /><span style="font-weight: bold;">Port Scanner / Information Gathering:</span><br />• nmap: the currently most well-known port scanner. Since version 3.45 it supports version scans. Have a look at PBNJ for diffing different nmap scans.<br />• ISECOM released their nmap wrapper NWRAP, which shows all known protocols for the discovered ports form the Open Protocol Resource Database<br />• Nmap::Scanner: Perl output parser for nmap<br />• Amap by THC: An advanced portscanner which determines the application behind a network port by its application handshake. Thus it detects well-known applications on non-standard ports or unknown applications on well-known ports.<br />• vmap by THC: version mapper to determine the version (sic!) of scanned daemons<br />• Unicornscan: a information gathering and correlation engine<br />• DMitry (Deepmagic Information Gathering Tool): a host information gathering tool for *nix systems<br />• Athena: a search engine query tool for passive information gathering<br /><br /><span style="font-weight: bold;">Security Scanner:</span><br />• Nessus - In version 2 an OpenSource network scanner. Version 3 is only available in binary form and under a proprietary license.<br />• OpenVAS: a fork of Nessus 2.2.5 (formerly known as GNessUs)<br />• Nessj: a java based nessus (and compatibles) client (formerly known as Reason)<br />• Paul Clip from @stake released AUSTIN, a security scanner for Palm OS 3.5+.<br /><br /><span style="font-weight: bold;">Webserver:</span><br />• Nikto: a web server scanner with anti IDS features. Based on Rain Forest Puppies libwhisker library.<br />• Wikto: a webserver assessment tool (Windows only; requires .NET framework)<br />• WSDigger: a black box web pen testing tool from Foundstone (Windows based)<br />• Metis: a java based information gathering tool for web sites<br /><br /><span style="font-weight: bold;">Fingerprinting:</span><br />• SinFP: a fingerprinting tool which requires only an open tcp port and sends maximum 3 packets<br />• Winfingerprint: much more than a simple fingerprinting tool.It scans for Windows shares, enumerates usernames, groups, sids and much more.<br />• p0f 2: Michal Zalewski announced his new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a completely rewrite of the old p0f code.<br />• xprobe2: a remote active operating system fingerprinting tool from Ofir Arkin and the xprobe2 team<br />• Cron-OS: an active OS fingerprinting tool based on TCP timeout behavior. This project was formerly known as "RING" and is now published as a nmap addon.<br />Proxy Server:<br />• Burp proxy: an interactive HTTP/S proxy server for attacking and debugging web-enabled applications<br />• Screen-scraper: a http/https-proxy server with a scripting engine for data manipulation and searching<br />• Paros: a man-in-the-middle proxy and application vulnerability scanner<br />• WebScarab: a framework for analyzing web applications. One of it's basic functionality is the usage as intercepting proxy.<br /><br /><span style="font-weight: bold;">War Dialers:</span><br />• IWar: a classic war dialer, now also with VOIP (IAX2) support. One of a few wardialers for *nix operation systems, and the only with VOIP functionality (to my knowledge)<br />• THC-Scan: a war dialer for DOS, Windows and DOS emulators<br />Malware / Exploit Collections:<br />• packetstormsecurity.org: Huge collections of tools and exploits<br />• ElseNot Project: The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.<br />• Offensive Computing: Another malware collection site<br />• Securityforest: try the ExploitTree to get a collection of exploit code; have a look at the ToolTree for a huge list of pentest stuff<br /><br /><span style="font-weight: bold;">Databases / SQL:</span><br />• sqlninja: a tool to exploit sql injection vulnerabilities in web applications with MS SQL Servers (alpha stage)<br />• CIS Oracle Database Scoring Tool: scans Oracle 8i for compliance with the CIS Oracle Database Benchmark<br />• SQLRecon: an active and passive scanner for MSSQL server. Works on Windows 2000, XP and 2003.<br />• absinthe: a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection (see here and here).<br />• SQL Power Injector: a GUI based SQL injector for web pages (Windows, .Net Framework 1.1 required, Internet Explorer 5.0+ required)<br />Voice over IP (VOIP):<br />• vomit (voice over misconfigured internet telephones): converts Cisco IP phone conversations into wave files<br />• SiVuS: a VOIP vulnerability scanner - SIP protocol (beta, Windows only)<br />• Cain & Abel: mostly a password cracker, can also record VOIP conversations (Windows only)<br />• sipsak (SIP swis army knife): a SIP packet generator<br />• SIPp: a SIP test tool and packet generator<br />• Nastysip: a SIP bogus message generator<br />• voipong: dumps G711 encoded VOIP communications to wave files. Supports: SIP, H323, Cisco Skinny Client Protocol, RTP and RTCP<br />• Perl based tools by Thomas Skora: sip-scan, sip-kill, sip-redirectrtp, rtpproxy and ipq_rules<br />• rtptools: a toolset for rtp recording and playing<br /><br /><span style="font-weight: bold;">Networkbased Tools:</span><br />• yersinia: a network tool designed to take advantage of some weakeness in different network protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)<br />• Netsed: alters content of network packets while forwarding the packets<br />• ip6sic: a IPv6 stack integrity tester<br /><br /><span style="font-weight: bold;">VPN:</span><br />• ike-scan: an IPSec enumeration and fingerprinting tool<br />• ikeprobe: ike scanning tool<br />• ipsectrace: a tool for profiling ipsec traffic in a dump file. Initial alpha release<br />• VPNMonitor: a Java application to observer network traffic. It graphically represents network connections and highlights all VPN connections. Nice for demonstrations, if somewhat of limited use in a real pen test.<br />• IKECrack:an IKE/IPSec cracker for pre-shared keys (in aggressive mode authentication [RFC2409])<br />DNSA: DNS Auditing tool by Pierre Betouin<br /><br /><span style="font-weight: bold;">A little more:</span><br />Hunt: a session hijacking tool with curses GUI<br />SMAC: a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.<br />The WebGoat Project: a web application written in Java with intentional vulnerabilities. Supports an interactive learning environment with individual lessons.<br />TSCrack: a Windows Terminal Server brute forcer<br />Ollie Whitehouse from @stake released some new cellular phone based pentesting tools for scanning (NetScan, MobilePenTester). All tools require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems no longer to support much of their free security tools. So, use instead the alternativ download links above.<br />THC-FuzzyFingerprint: generates fuzzy fingerprints that look almost nearly equal to a given fingerprint/hash-sum. Very useful for MITM attacks.<br />BeatLM, a password finder for LM/NTLM hashes. Currently, there is no support for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM.<br />THC vlogger: a linux kernel based keylogger<br />The Metasploit Framework: an "advanced open-source platform for developing, testing, and using exploit code".<br />ATK (Attack Tool Kit): a comination of security scanner and exploit framework (Windows only)<br />Pirana: an exploitation framework to test the security of email content filters. See also the whitepaper<br />PassLoc: a tool which provides the means to locate keys within a buffer. Based on the article "Playing hide and seek with stored keys" by Adi Shamir.<br />Dl-Hell: identifies an executables dynamic link library (DLL) files<br />DHCPing: a security tool for testing dhcp security<br />ldapenum: a perl script for enumeration against ldap servers.<br />Checkpwd: a dictionary based password checker for oracle databases<br />NirCmd from NirSoft: a windows command line tool to manipulate the registry, initiate a dialup connection and much more<br />Windows Permission Identifier: a tools for auditing user permissions on a windows system<br />MSNPawn: a toolset for footprinting, profiling and assesment via the MSN Search. Windows-only, .NET required<br />snmpcheck:a tool to gather information via snmp. Works on Linux, *BSD and Windows systems.<br />pwdump6: extract NTLM and LanMan hashes from Windows targets<br /><br />Aprovéchenla, en breve un par más ;-)<br /></span>Ariel M. Liguori de Gottighttp://www.blogger.com/profile/02714929794781699420noreply@blogger.com1