The Ethical Hacker Network - Video: RainbowCrack after MS-SQL/Pwdump Hack

The Ethical Hacker Network - Video: RainbowCrack after MS-SQL/Pwdump Hack

Coding Horror: Rainbow Hash Cracking

Coding Horror: Rainbow Hash Cracking

"The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password 'Fgpyyih804423' in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it 'strong'. The Geekwisdom password strength meter rates it 'mediocre'."

Using fgdump

Using fgdump

"fgdump is a pretty easy tool to use, but there are a number of options which you can use to make it even easier. Let's start by looking at the command line parameter help, which is accessible by running 'fgdump -?'"

The Ethical Hacker Network - Tutorial: Rainbow Tables and RainbowCrack

The Ethical Hacker Network - Tutorial: Rainbow Tables and RainbowCrack

"Rainbow tables reduce the difficulty in brute force cracking a single password by creating a large pre-generated data set of hashes from nearly every possible password. Rainbow Tables and RainbowCrack come from the work and subsequent paper by Philippe Oechslin [1]. The method, known as the Faster Time-Memory Trade-Off Technique, is based on research by Martin Hellman & Ronald Rivest done in the early 1980’s on the performance trade-offs between processing time and the memory needed for cryptanalysis. In his paper published in 2003, Oechslin refined the techniques and showed that the attack could reduce the time to attack 99.9% of Microsoft's LAN Manager passwords (alpha characters only) to 13.6 seconds from 101 seconds. Further algorithm refinements also reduced the number of false positives produced by the system."

Project RainbowCrack

Project RainbowCrack

"RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time."

Hackers Center Security Portal

Hackers Center Security Portal

SANS Institute - Intrusion Detection FAQ: What is p0f and what does it do?

SANS Institute - Intrusion Detection FAQ: What is p0f and what does it do?

"0f is described as a tool which can fingerprint Operating System passively. There are two methods of detecting the type of Operating System a host is running."

Linux.com :: CLI Magic: p0f

Linux.com :: CLI Magic: p0f

"P0f is a passive OS fingerprint tool written by The Evil Twin, a.k.a. Michal Zalewski. Don't worry, we won't be doing anything illegal, just making our own personal version of Netcraft's 'What's that site running?' survey."

Packet analysis tools and methodology (Part 1)

Packet analysis tools and methodology (Part 1)

"There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them."

20 Reasons why Vista Sucks! — JawJab

20 Reasons why Vista Sucks! — JawJab

Metasploit™ Tutorial - A New Day for System Exploits

The Ethical Hacker Network - Metasploit™ Tutorial - A New Day for System Exploits

"How tough is it to really compromise a system? As an ethical hacking instructor, that is a question that I get asked quite frequently. My usual response to this type of question is to encourage the questioner to try to compromise a system, which they own, to find out the time and skill necessary to compromise a system."

The Ethical Hacker Network - Video: Terminal Server / RDP Password Cracking

The Ethical Hacker Network - Video: Terminal Server / RDP Password Cracking

"MS Terminal Services for Windows Server, Remote Assistance for Windows XP and RDP allow for remote interactive connections to Windows Servers and Windows XP machines. Just like Telnet and SSH, these can be powerful connections that in most cases are only protected with a username and password. There are several publicly available tools that will perform dictionary and bruteforce attacks against Terminal Services and Remote Assistance services. These tools include TSGrinder and TScrack for Windows and Rdesktop (with a patch) for *nix. In this video we will see some example attacks using these tools."

The Ethical Hacker Network - Video: Exploring Metasploit 3 and the New and Improved Web Interface - Part 2

The Ethical Hacker Network - Video: Exploring Metasploit 3 and the New and Improved Web Interface - Part 2


"In this video we explore the revised MSFWeb interface for the Metasploit Framework 3.0. We specifically take a look at running 'browser' exploits where you have to get the victim to connect back to your listening Metasploit instance. We'll use the ie_createobject exploit via the MSFweb GUI, and then we'll use the wmf_setabortproc exploit using the built in msfconsole (a new addition in MSFWeb 3.0). We'll also take a look at using custom meterpreter scripts; first to see if the victim is running in vmware and second, to clear the event logs."

The Ethical Hacker Network - Video: Exploring Metasploit 3 and the New and Improved Web Interface - Part 1

The Ethical Hacker Network - Video: Exploring Metasploit 3 and the New and Improved Web Interface - Part 1


"In this video we explore the revised MSFWeb interface for the Metasploit Framework 3.0. We specifically take a look at running auxiliary modules against a server running MSSQL, and then we'll take a look at using the MSFweb GUI to run the idq exploit with the meterpreter payload. What is unique about the idq bug is that it will NOT give you administrator or system on the box, but you can use the rev2self command in meterpreter to elevate your privileges from IUSR_MACHINENAME to SYSTEM. While we're at it, we also dump the hashes using hashdump for a little extra fun."

The Metasploit Project

The Metasploit Project


"Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is a community project managed by Metasploit LLC."

Passive Network Analysis

Passive Network Analysis

"Our objective is to find out as much as possible about our own networks. Ideally we could just stroll down and ask the IT folks for a detailed network topology, an identification of our address ranges and the commonly used ports and protocols on the network. It seems counter-intuitive, but smaller enterprises actually do better about tracing this kind of information than gigantic multinational companies, partially because there is less data to track, and also because security and IT tend to work better together in smaller organizations."

Apple patches a pile of flaws

Apple patches a pile of flaws

"Consumer technology company Apple released two updates on Tuesday to fix more than a hundred flaws in its Mac OS X operating system, the OS's open-source components and the company's Safari Web browser."

Verizon Wins Key FCC Auctions - WSJ.com

Verizon Wins Key FCC Auctions - WSJ.com

The Cardiac Hack | NetworkWorld.com Community

The Cardiac Hack | NetworkWorld.com Community

"This is no longer true. Hacking cardiac pacemakers crosses the line of intellectual curiosity, into that of unquestionable and unthinkable criminal behavior."

The Ethical Hacker Network - Tutorial: Metasploit v2.6 Web Interface

The Ethical Hacker Network - Tutorial: Metasploit v2.6 Web Interface

"The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. It's a powerful tool for penetration testing, exploit development, and vulnerability research."

Snort Intrusion Detection and Prevention Guide

Snort Intrusion Detection and Prevention Guide

"Arguably one of the best network intrusion detection systems (IDS) is the free and open source Snort toolkit. It has a large and active community, and is backed by the commercial company SourceFire, making Snort a strong contender in the intrusion detection systems market. The package itself is free. All that's required is some hardware to run it on and the time to install, configure and maintain it. Snort runs on any modern operating system (including Windows and Linux), but some consider it to be complicated to operate. The goal of this guide is to take some of the mystery out of Snort."

The Ethical Hacker Network - Video: Man-in-the-Middle Attack on MySpace with Cain

The Ethical Hacker Network - Video: Man-in-the-Middle Attack on MySpace with Cain

"Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols."

Tools of the Trade (Part 1)

Tools of the Trade (Part 1)

"Being in the computer security field means that you are always striving to stay current. You are always trying to learn new tools, and understand new exploits. That said there are also some tools that simply aren’t going to go away any time soon and are really necessary to learn. Over the course of this three part series we will look at some of the best known hacking tools. After all, it pays dividends to know just how your enemy works and more specifically with what."

Hack This Site!

Hack This Site!

"Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project."

a great place to learn some pretty nifty stuff. Check the forums if you get stumped.

Analyzing a Hack from A to Z (Part 1)

Analyzing a Hack from A to Z (Part 1):

"Within this article series we will both pull off a hack, and analyze its methodology. By understanding a hacker's methodology one can better defend one’s networks."

Snort - the de facto standard for intrusion detection/prevention

Snort - the de facto standard for intrusion detection/prevention:

Snort Documents"

The Ethical Hacker Network - Tutorial: Hping2 Basics

The Ethical Hacker Network - Tutorial: Hping2 Basics:
Tutorial: Hping2 Basics

"Hping2 is a command-line oriented TCP/IP packet assembler/analyzer."

The Ethical Hacker Network - Step by Step Guide to the Advanced Mobile Hacks Video

The Ethical Hacker Network - Step by Step Guide to the Advanced Mobile Hacks Video:

"This article in 2 parts is designed to be a compliment to the in-depth, step-by-step hacking video tutorial. Part 1, Step by Step Guide to the Advanced Mobile Hacks Video, will outline in detail the steps organizations and users need to take to prevent each of these hacks from taking place. Part 2, Engineering Guide for the Enterprise, details the fundamental changes in security strategy that enterprises and individuals need to implement in order to protect ongoing threats to mobile devices."

Secrets of Network Cartography: A Comprehensive Guide to nmap

Secrets of Network Cartography: A Comprehensive Guide to nmap: "Secrets of Network Cartography:

A Comprehensive Guide to nmap"

Online book, of everything you will ever need to know about nmap.

The Ethical Hacker Network - EH-Net Exclusive: BackTrack 3 Teaser Video

The Ethical Hacker Network - EH-Net Exclusive: BackTrack 3 Teaser Video: "Most of you by now have heard of BackTrack, the highly popular and regarded Linux Security Distro for ethical hackers. Straight from the project's developers come this teaser video. With several examples of what the new version can do and a running time of 6:16, we hope to have you on the edge of your seat in anticipation."

This is awesome!

Nmap Video Tutorial 2: Port Scan Boogaloo (Hacking Illustrated Series InfoSec Tutorial Videos)

Nmap Video Tutorial 2: Port Scan Boogaloo (Hacking Illustrated Series InfoSec Tutorial Videos): "Nmap Video Tutorial 2: Port Scan Boogaloo"

Basic Nmap Usage (Hacking Illustrated Series InfoSec Tutorial Videos)

Basic Nmap Usage (Hacking Illustrated Series InfoSec Tutorial Videos): "Basic Nmap Usage"

I-Hacked.com Taking Advantage Of Technology - Installing Backtrack3 on an Eee PC

I-Hacked.com Taking Advantage Of Technology - Installing Backtrack3 on an Eee PC: "The Asus Eee PC. A palm-sized 900Mhz computer that includes a 4Gb Solid state hard drive. Now consider the fact that this beautiful machine includes an Atheros-Chipset based wificard that supports injection, and has 3 USB 2.0 ports. You have the perfect hack-top. The only thing that could make it better is to match this great hack-top with a great Hack-OS.

BackTrack is the top rated linux live distribution focused on penetration testing, and supports the Eee PC natively. This tutorial will walk you though the installation of BackTrack 3.0 (beta) onto the Eee PC."

Using netcat

Be sure to check out my hands on beginner tutorial of using Netcat.

Using Netcat - Hands on

General NMAP and Xprobe2

nmap [Scan Type...] [Options] {target specification}

Nmap is a well known port scanning tool that is widely used by network security professionals. Nmap is supported on many different platforms including: Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OSX, HP-UX, NetBSD, Sun OS and Amiga. Nmap offers many different options on the type of port scan one would want to do.

Nmap is used for common port scanning. There are many options to choose from. Nmap by default uses SYN packets for the basic command nmap 192.168.1.2. One also has the option to specify using SYN packets by typing -sS as a option, nmap -sS 192.168.1.2. SYN flags are very useful because they do not do a complete hand shake as a TCP flag would. Do perform a TCP connect scan, add -sT to the nmap command. -sU will give you the option to scan UDP ports. When a port is closed on the target host, nmap will label it as “filtered.” Nmap also offers the option to scan for the operating system on the target machine with the -O option. Using Nmap to identify the operating system is also called, TCP/IP fingerprinting. Nmap has the ability to choose which ports to scan, so one can choose which port, or a range of ports to scan.

Nmap is a very powerful unique tool that the network security realm has been opened up to. I find Nmap very interesting. During my research I realized Nmap is not just a simple little command, but after viewing the man page of Nmap, it was obvious there was a lot more to Nmap then one would think. As I have only barely scratched the surface of Nmap, I have learned basic host discovery commands such as -sS, -sT, -sU, -sN, -sF, -sX, -sO, -O and there are a lot more! One thing I have found foreign to me is the ability to change the performance and timing of Nmap.

xprobe2 [ -v ] [ -r ] [ -p proto:portnum:state ] [ -c configfile ] [ -o logfile ] [ -p port ] [ -t receive_timeout ] [ -m numberofmatches ] [ -D modnum ] [ -F ] [ -X ] [ -B ] [ -A ] [ -T port spec ] [ -U port spec ] host

Although XProbe2 is not a port scanning utility, it struck much interest in me when it came to operating system fingerprinting. Nmap offers a option to scan for the operating system, however Xprobe2 is much faster than Nmap. Xprobe2 uses ICMP packets, which makes it not so heavily dependent upon TCP.Here is a brief excerpt of the man page for Xprobe2:
“xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2 relies on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.


The operation of xprobe2 is described in a paper titled "xprobe2 - A 'Fuzzy' Approach to Remote Active Operating System Fingerprinting", which is available from http://www.sys-security.com/html/projects/X.html. “

Xprobe2 has many different options, just like Nmap. However, Xprobe2 is for OS fingerprinting, but they do have options, -T and -U, that enable a built in port scanning module that would attempt to scan TCP and/or UDP ports.

More Info

http://linux.die.net/man/1/nmap

http://linux.die.net/man/1/xprobe2

http://nmap.org/osdetect/index.html

http://www.irongeek.com/i.php?page=videos/nmap2

http://www.networkuptime.com/nmap/index.shtml

http://irongeek.com/i.php?page=computerlaws/state-hacking-laws

http://nmap.org/

http://209.85.173.104/search?q=cache:WrmmXQ8WCKUJ:www.sys-security.com/archive/papers/Present_and_Future_Xprobe2-v1.0.pdf+xprobe2+testing&hl=en&ct=clnk&cd=7&gl=us
or
www.sys-security.com/archive/papers/Present_and_Future_Xprobe2-v1.0.pdf

http://www.networksecurityarchive.org/html/Pen-Test/2004-12/msg00199.html

http://www.antionline.com/archive/index.php/t-247835.html

First Post - A blog with information on the tech world, the underground, and the dark side of ethics.

Not to long ago I have started going to school for my B.S. degree in Network Security, between that and my best friend who started www.ecultureonline.com, these two things have inspired me to start a network security blog about everything that I am learning, and also a place to post interesting findings from around the web. Anyway, enjoy!