Archive for April, 2008

CDPSnarf - CDP Packet Sniffer

Published at April 30, 2008 in Network Hacking and Hacking Tools. Comments

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

The application is written in C using the popular PCAP library.

Sample Output

Cisco AIR-AP1231G-E-K9 Access Point:

$ sudo ./cdpsnarf eth2
Waiting for a CDP packet...

[#0] Sniffed CDP advertisement with a size of 367 bytes.
——————————————————-
CDP Version: 2
TTL: 180 ms
Checksum: 0×7282

Device ID: cisco-ap.mydomain.net

Software version: Cisco IOS Software, C1200 Software (C1200-K9W7-M),
Version 12.3(8)JEA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 23-Aug-06 16:42 by kellythw

Platform: cisco AIR-AP1231G-E-K9

Addresses: 1
Address #: 1
Protocol type: [1] NLPID format
Protocol: [0xCC] IP
IP Address: 157.228.87.1

Port ID: Dot11Radio0

Capabilities:
[0x02] Transparent bridge

You can download CDPSnarf here:

CDPSnarf 0.1.6

Or read more here.

Technorati Tags: , , , , , , , ,

Technitium MAC Address Changer v4.8 Released for Download - Free

Published at April 28, 2008 in Network Hacking, Hacking Tools, Hack and Applications. Comments

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box. Technitium MAC Address Changer is coded in Visual Basic 6.0.

There are some famous, commercial tools available in the market for US$19.99 to as much as US$1500 (!), but Technitium MAC Address Changer is available for FREE. We don’t charge for just changing a registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim!

Features

  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.

You can download Technitium MAC Address Changer v4.8 here:

Technitium-MAC-Address-Changer

Or read more here.

[tags]change mac address, change mac address windows, free-software, freeware mac changer, mac address changer, mac-changer, network-security, Security Software, technitium, technitium mac adress changer, tmac[tags]

Pass-The-Hash Toolkit v1.3

Published at April 27, 2008 in Windows Hacking, Hacking Tools, Applications and Articles. Comments

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Pass-The-Hash Toolkit

Pass-The-Hash Toolkit is comprised of three tools: IAM.EXE, WHOSTHERE.EXE and GENHASH.EXE.

GENHASH.EXE
This is just a utility that uses some undocumented Windows functions to generate the LM and NT hash of a password. This tool is useful to test IAM.EXE and WHOSTHERE.EXE and perhaps to do some other things. Pretty simple and small tool.

IAM.EXE
This tools allows you to change your current NTLM credentials without having the cleartext password but the hashes of the password. The program receives a username, domain name and the LM and NT hashes of the password; using this it will change in memory the NTLM credentials associated with the current windows logon session. After the program performs this operation, all outbound network connections to services that use for authentication the NTLM credentials of the currently logged on user will utilize the credentials modified by IAM.EXE.

WHOSTHERE.EXE
This tools will list logon sessions with NTLM credentials (username,domain name, LM and NT hashes). Logon sessions are created by windows services that log in using specific users, remote desktop connections, etc. This tool has many uses, one that i think is interesting: Let’s say you compromised a Windows Server that is part of a Windows Domain (e.g.: Backup server) but is NOT the domain controller.

You can download Pass-The-Hash Toolkit v1.3 here:

Source Code

Latest stable release (1.3), updated on February 29, 2008.

Win32 binaries

Latest stable release (1.3), updated on February 29, 2008.

Or read more here.

Technorati Tags: , , , , , , , , , , ,

WifiZoo v1.3 Released - Passive Info Gathering for Wifi

Published at April 22, 2008 in Penetration Testing, Hacking Tools, Wireless Hacking, Applications and Articles. Comments

WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.

The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering all wifi channels.

WifiZoo does the following:

  • gathers bssid->ssid information from beacons and probe responses
  • gathers list of unique SSIDS found on probe requests
  • gathers the list and graphs which SSIDS are being probed from what sources
  • gathers bssid->clients information and outputs it in a file that you can later use with graphviz and get a graph with “802.11 bssids->clients”.
  • gathers ‘useful’ information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials, smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic, nbt, etc.

You can download WifiZoo v1.3 here:

wifizoo_v1.3.tgz

Or read more here.

Technorati Tags: , , , , , ,

HDIV - Java Web Application Security Framework

Published at April 22, 2008 in Hack, Applications and Articles. Comments

HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. It is possible to use HDIV in applications that don’t use Struts 1.x, Struts 2.x, Spring MVC or JSTL, but in this case it is necessary to modify the application (JSP pages).

Functionality

INTEGRITY: HDIV guarantees integrity (no data modification) of all the data generated by the server which should not be modified by the client (links, hidden fields, combo values, radio buttons, destiny pages, etc.). Thanks to this property HDIV helps to eliminate most of the vulnerabilities based on the parameter tampering.

EDITABLE DATA VALIDATION: HDIV eliminates to a large extent the risk originated by attacks of type Cross-site scripting (XSS) and SQL Injection using generic validations of the editable data (text and textarea).

CONFIDENTIALITY: HDIV guarantees the confidentiality of the non editable data as well. Usually lots of the data sent to the client has key information for the attackers such as database registry identifiers, column or table names, web directories, etc.

ANTI-CROSS SITE REQUEST FORGERY (CSRF) TOKEN: Random string called a token is placed in each form and link of the HTML response, ensuring that this value will be submitted with the next request. This random string provides protection because not only does the compromised site need to know the URL of the target site and a valid request format for the target site, it also must know the random string which changes for each visited page.

You can download HDIV here:

hdiv 2.0.4

Or read more here.

Technorati Tags: , , , , , , ,