Archive for February, 2008

NetworkMiner - Passive Sniffer & Packet Analysis Tool

Published at February 28, 2008 in Windows Hacking, Network Hacking, Applications and Articles. Comments

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.

NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri) in order to do as correct passive OS fingerprinting as possible. NetworkMiner also uses the MAC-vendor list from Nmap (Fyodor).

The purpose of NetworkMiner is to collect data about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner can extract files transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network.

Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.

A feature the author wants to include in future versions of NetworkMiner is to use statistical methods to do protocol identification (protocol fingerprinting) of a TCP session or UDP data. This means that instead of looking at the port number to guess which protocol is used on top of the TCP/UDP packet NetworkMiner will identify the correct protocol based on the TCP/UDP packet content. In this way NetworkMiner will be able to identify protocols even if the service is run on a non-standard port.

You can download NetworkMiner here:

NetworkMiner-0.82

Or you can read more here.

Technorati Tags: , , , , , , , , ,

Nessconnect 1.0.1 Released - GUI, CLI & API Client for Nessus

Published at February 26, 2008 in Penetration Testing, Applications, Articles and Security. Comments

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously known as Nessj and Reason.

Features

Nessconnect provides an alternative interface over the standard Nessus client. It allows the user to customize the scanning preferences and available plug-ins based on a wide range of criteria. In addition to an improved graphical user interface, Nessconnect provides customized session management with templates, allowing the user to create multiple templates for different testing scenarios.

Reports are generated in XML, and XSLT style sheets can be used to easily produce customized reports, including charts/graphs. Nessconnect also supports vulnerability trending, allowing you track hosts vulnerabilities across multiple scans over a certain period. And if you prefer not to use a GUI, all these features are available via the command line.

The old Nessus interface was pretty bad, especially the Windows one, the Linux GUI was so much better and the HTML reports generated were so much better. If you like this, you can use it on both because it’s in Java it’s cross-platform.

I’m glad someone finally put some effort into an updated GUI even though Nessus is not quite so ‘free’ now.

What’s new?

  • Promoted project from beta to stable.
  • Graphical user interface layout changes.
  • Changed command line interface arguments.
  • Added the beginnings of some documentation.
  • Fixed sorting of addresses and ports; thanks to Richard van den Berg.
  • Fixed shell scripts to better handle XULRunner embedding.
  • Fixed UNC path handling issue in URLs.
  • Increased default heap size to 1 GB.
  • Name change from Nessj to Nessconnect.
  • Ownership change from Intekras to Idealogica.
  • Updated libraries.

It is of course also free and open-source.

You can download Nessconnect here:

Nessconnect (current) 1.0.1

Or read more here.

Technorati Tags: , , , , , , ,

SWFIntruder - Analysis and Security Testing of Flash Applications

Published at February 26, 2008 in Applications, Articles and Security. Comments

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.

I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the first tool specifically developed for analyzing and testing security of Flash applications at runtime.

It helps to find flaws in Flash applications using the methodology originally described in Testing Flash Applications and in Finding Vulnerabilities in Flash Applications.

Features

  • Basic predefined attack patterns.
  • Highly customizable attacks.
  • Highly customizable undefined variables.
  • Semi automated XSS check.
  • User configurable internal parameters.
  • Log Window for debugging and tracking.
  • History of latest 5 tested SWF files.
  • ActionScript Objects runtime explorer in tree view.
  • Persistent Configuration and Layout.

SWFIntruder was developed using ActionScript, Html and JavaScript resulting in a tool taking advantage of the best features of those technologies in order to get the best capabilities for analysis and interaction with the testing Flash movies.

SWFIntruder was developed by using only open source software. Thanks to its generality, SWFIntruder is OS independant.

You can download SWFIntruder here:

swfintruder-0.9.1.tgz

Or read more here.

Technorati Tags: , , , , , , ,

Russix - LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking

Published at February 20, 2008 in Penetration Testing, Linux Hacking, Wireless Hacking, Linux, Applications and Security. Comments

It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out.

Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing.

It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an “Evil Tiny Twin” attack in less than 5, it will not let you become the latest version of Barclays Bank.

Russix evolved from an internal UK Military Wireless auditing tool (debian based) which russ had developed while working for them as a penetration tester.

Russix is a free download for auditing. It scripts together several WLAN attacks and will allow the user to break a WEP key in about 6 keystrokes! It will not be modified by us to make it into a phishing tool as that would be evil.

It comprises a number of tools including aircrack-ng, cowpatty, asleap, nmap, wireshark, hydra, as well as scripted attacks to aid cracking WEP and WPA networks. Currently, it only supports Atheros based chipsets and those of you lucky enough to own 2 atheros cards will be able to use the scripted Evil Twin attack.

Interested in hearing any feedback you may have or improvements you can make.

You can download it here:

Built on 9th Dec 2007: Download latest version

Or read more here.

Technorati Tags: , , , , , , , , , ,

Apple iPhone Unlocked Again - 1.1.2 and 1.1.3 Firmware

Published at February 18, 2008 in News. Comments

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones.

It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much done (he used a much higher range of registers than previously).

A teen hacker known for his deftness with iPhones has figured out how to unlock models running the latest firmware versions by cracking a protection that has frustrated hackers for weeks.

The breakthrough by George Hotz, aka Geohot, means people who have bought a recent iPhone will once again be able to use it on the phone network of their choice. Apple makes as much as $400 for every handset that’s activated on an approved network, so its developers have worked hard to prevent the so-called unlocking of iPhones.

A very smart young man indeed, just showing 1 person can indeed defeat the security of a huge multi-national billion dollar company.

And he’s done it twice.

The latest salvo was fired late last week, following a 24-hour hacking spree by Geohot that was broken up by only three hours of sleep. It turns out the latest firmware contained modifications to the device’s memory registers to prevent unlocking. Geohot worked around those changes by finding another, much higher register that was vulnerable.

“I guess Apple thought big numbers were harder to guess,” he wrote.

He then found a way to install his custom-built code by exploiting a flaw that allowed him to erase a range of memory addresses where security software is stored.

An amazing 27% of iPhones are running on unauthorized networks which means they are cracked. Of course Apple will soon come out with a new firmware update that negates this problem….but then the game will just start all over again.

And no one doubt Geohot or someone like him will break it again.

If you want to know how to do it check out step-by-step instructions here from iClarified here.

Source: The Register

Technorati Tags: , , , , , , ,