Archive for the 'Network Hacking' Category

Xprobe2 - Active OS Fingerprinting Tool

Published at May 16, 2008 in Network Hacking and Hacking Tools. Comments

Sometimes I wonder to myself have I mentioned a certain tool on the site, usually one of my favourites…often I search the site to find I have never posted about it.

It just goes to show how we often overlook some of the more ‘obvious’ choices, and to many people they may not be that obvious. I’ll be going through the tools I use and posting them up here if I haven’t already.

Anyway one of the stock tools for any pen-tester is Xprobe usually known now as Xprobe2 - some of it’s logic has been absorbed into nmap and it’s basically an active OS fingerprinting tool meaning it sends actual data to the machine it’s fingerprinting rather than a passive tool like p0f which just listens.

Xprobe2 is a remote, active OS fingerprinting tool, the features are as below:

  • Port scanning is now available through the usage of the -T (TCP) and -U (UDP) command line option
  • Added the -B command line option (’blind port guess’) used for searching an open TCP port among the following ports: 80,21, 25, 22, 139
  • Include XSD schema with distribution and make our XML comply with that XSD
  • loopback (lo) is supported

You can read more on Xprobe2 and what it does here:

Intrusion Detection FAQ: What is XProbe?

Download Xprobe2 here:

xprobe2-0.3.tar.gz

Or read more here.

Technorati Tags: , , , , , , , ,

rtpbreak 1.3a Released - RTP Analysis and Hacking

Published at May 7, 2008 in Network Hacking and Hacking Tools. Comments

With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input is a sequence of packets, the output is a set of files you can use as input for other tools (wireshark/tshark, sox, grep/awk/cut/cat/sed and so on). It also supports wireless (AP_DLT_IEEE802_11) networks.

This is a list of scenarios where rtpbreak is a good choice:

  • reconstruct any RTP stream with an unknown or unsupported signaling protocol
  • reconstruct any RTP stream in wireless networks, while doing channel hopping (VoIP activity detector)
  • reconstruct and decode any RTP stream in batch mode (with sox, asterisk)
  • reconstruct any already existing RTP stream
  • reorder the packets of any RTP stream for later analysis (with tshark, wireshark, …)
  • build a tiny wireless VoIP tapping system in a single chip Linux unit
  • build a complete VoIP tapping system (rtpbreak would be just the RTP dissector module!)

This project is released under license GPL version 2.

You can download rtpbreak 1.3a here:

rtpbreak-1.3a.tgz

Or read more here.

Technorati Tags: , , , , , , , , ,

CDPSnarf - CDP Packet Sniffer

Published at April 30, 2008 in Network Hacking and Hacking Tools. Comments

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

The application is written in C using the popular PCAP library.

Sample Output

Cisco AIR-AP1231G-E-K9 Access Point:

$ sudo ./cdpsnarf eth2
Waiting for a CDP packet...

[#0] Sniffed CDP advertisement with a size of 367 bytes.
——————————————————-
CDP Version: 2
TTL: 180 ms
Checksum: 0×7282

Device ID: cisco-ap.mydomain.net

Software version: Cisco IOS Software, C1200 Software (C1200-K9W7-M),
Version 12.3(8)JEA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 23-Aug-06 16:42 by kellythw

Platform: cisco AIR-AP1231G-E-K9

Addresses: 1
Address #: 1
Protocol type: [1] NLPID format
Protocol: [0xCC] IP
IP Address: 157.228.87.1

Port ID: Dot11Radio0

Capabilities:
[0x02] Transparent bridge

You can download CDPSnarf here:

CDPSnarf 0.1.6

Or read more here.

Technorati Tags: , , , , , , , ,

Technitium MAC Address Changer v4.8 Released for Download - Free

Published at April 28, 2008 in Network Hacking, Hacking Tools, Hack and Applications. Comments

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box. Technitium MAC Address Changer is coded in Visual Basic 6.0.

There are some famous, commercial tools available in the market for US$19.99 to as much as US$1500 (!), but Technitium MAC Address Changer is available for FREE. We don’t charge for just changing a registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim!

Features

  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.

You can download Technitium MAC Address Changer v4.8 here:

Technitium-MAC-Address-Changer

Or read more here.

[tags]change mac address, change mac address windows, free-software, freeware mac changer, mac address changer, mac-changer, network-security, Security Software, technitium, technitium mac adress changer, tmac[tags]

Wireshark v1.0.0 Released - Cross Platform Graphical Packet Sniffer

Published at April 14, 2008 in Network Hacking, Hacking Tools, Applications, Articles and Security. Comments

After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!

For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features

Wireshark has a rich feature set which includes the following:

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

This is one tool EVERYONE involved in security or network administration should be familiar with.

You can download Wireshark here:

Wireshark v1.0.0

Or read more here.

Technorati Tags: , , , , , , , ,