CKTricky over at http://cktricky.blogspot.com has been running an awesome Burp Tip of the Day series on his blog. After seeing him use Nikto through Burp. I decided to see if I could just export the list of checks to a text file so that I could use them over and over in Intruder. After a bit of awk and sed hell I figured it out, and submited it to him for acceptance to his BTotD series.
So this is a pretty crafty way of getting packet captures on a target system. Definitely could be streamlined with some meterpreter scripting fu, but awesome job on the video. Metasploit meterpreter Windump/Winpcap sniffer from siles on Vimeo.
The site has been down for a while, there were a lot of factors that played into that, but mostly it was focus on some family, as I had some in town. I also came to the conclusion that it’s time to move to “the cloud” so I moved over to SquareSpace (using the coupon code: DEFCON </end shameless plug>). I have an actual web designer looking at hooking this thing up right.
Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a word list against the hash, if that doesn’t work, try rainbow tables (if they happen to have the tables for that specific hash type), and then the full on brute force. Some would say those first two steps are reversed, and it really is the choice of the the person doing it and the word lists they have to work with.
I recently upgraded my video card and had a rough time finding programs that fit the hype of GPU password cracking, so here is what I found so that you won’t have as hard a time. Ivan Golubev’s SHA1/MD5/MD4 cracker: http://www.golubev.com/hashgpu.htm Ivan Golubev’s RAR pass cracker: http://www.golubev.com/rargpu.htm CUDA Multiforcer (down at the time of this posting) http://www.cryptohaze.com/bruteforcers.php BarsWF - MD5 Cracker: http://3.14.by/en/md5 GPU MD5 Crack: (Included in BackTrack 4 repos “gpu-md5-crack”)
Update I can’t say with 100% certainty that Nessus ever used NMAP as it’s base scanner, I was going off of memory. I apologize for not being perfect. Update 2 Since people can’t seem to let it go, I would say that I was totally wrong and the nmap was absolutely never used in nessus ever, but then I would be caught in another absolute that I can’t confirm. According to their wiki, the nmap nasl script were taken out because people were No, I haven’t listened to the latest episode of Securabit in which Paul comes on and talks about Nessus.
Here is a quick no nonsense PTH video I made for the guys over at SecurityAegis Music is Scott Brown’s contribution to the Happy 2b Hardcore Chapter Four album called “Elysium”
Per the best of the best in presenting, what breeds a good presentation slide deck? Simplicity I want to pose a statement. “Simplicity is Security”. The reason I say this is that this day in age, at least in the US, ‘convenience’ is king. And we try to protect those conveniences with ‘security’. Let me start over a bit, this train of thought all started when I started to explain the insecurities in WiMAX to my wife.
I recently visited Tokyo, Japan. Just as always, my curiosity got the best of me and I started to calculate the population density of the buildings where I was staying. Giving fudge factor of non-populated apartments, I estimated 8,500 families in twelve 15 story buildings, living in a 1.5 mile square piece of land.That’s CRAZY. Mass transit and unrestricted modes of transit are not a whim, they are a requirement. I bet you’re asking how this applies to security, or for that matter computers at all.
When I was in middle school, I told a lie. I was so good at telling lies, and remembering even the infinite details of these lies that I could make them believable. Later in life, I learned that this skill was called “Social Engineering ;-)”, but back to the story; I told everyone that I had won a shopping spree at “Incredible Universe”, now named “Fry’s”. Even the teacher believed me.