XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license.

Why XTest?

XTest was developed with the specific aim of improving the security of environments that use 802.1x to protect IP Phone endpoints and their supporting VoIP Infrastructure. With the increasing prevalence of 802.1x Supplicant support in wired hard Phones, 802.1x will be increasingly used to ensure that remote IP Phones placed in areas with low physical security will have their directly connected ethernet switch ports secured against unauthorized access.

Furthermore, the tool can demonstrate the danger of relying solely on 802.1x, because the current wired 802.1x implementation only requires authentication when the port initially comes up/up. Subsequent packets are not authenticated, allowing an attacker to share a connection on a hub with the valid 802.1x supplicant, allowing unauthorized switchport access.

Features

• 802.1x Supplicant: XTest can test the username and password against an 802.1x Authenticator (Ethernet Switch), and supports re-authentication. This is a simple and easy method of comparing the password against a valid 802.1x Supplicant running on an IP Phone or a PC.
• Offline pcap dictionary attacK: If you capture a valid 802.1x authentication sequence into a pcap file, XTest will run a dictionary attack against the pcap using a supplied wordlist. XTest will elicit the password from the pcap if the dictionary file containst the valid password.
• Shared Hub unauthorized access: Using a shared hub, XTest can use the successful authentication of a valid 802.1x supplicant to gain unauthorized access to the network.

Tested Platforms

802.1x Supplicants:

• Cisco Unified IP Phone 7971G-GE
• Cisco Unified IP Phone 7961G-GE
• Cisco Unified IP Phone 7941G-GE
• Cisco Unified IP Phone 7942G
• Cisco Unified IP Phone 7945G

802.1x Authenticator:

• Cisco Catalyst 3560 (WS-C3560G-24PS)

Radius Server:

• CiscoSecure ACS 4.1

You can download XTest here:

xtest-1.0.tar

Or read more here.

Technorati Tags: hacking voip, Network Hacking, voip auditing, voip infrastructure security, voip infrastructure testing, voip testing, xtest

How does it work?

It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS traffic, it works in conjunction with man-in-the-middle techniques or MITM such as DNS, ARP, DHCP, etc.

Attack Vectors

Internal scenario:

• Internal DNS access
• ARP Spoofing
• DNS Cache Poisoning
• DHCP Spoofing

External scenario:

• Internal DNS Access
• DNS Cache Poisoning

What are the supported OS?

The framework is multiplatform, it only depends of having the right payload for the target platform to be exploited.

Implemented modules

• Java plugin
• Winzip
• Winamp
• MacOS
• OpenOffice
• iTunes
• Linkedin Toolbar
• Download Accelerator
• Notepad++

You can download ISR-evilgrade here:

isr-evilgrade-1.0.0.tar.gz

Or read more here.

Technorati Tags: evilgrade, exploits, fake updates, infobyte, isr, isr-evilgrade, man-in-the-middle, mitm, spoofing, vulnerabilities, xploit updates

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

OpenVAS products are Free Software under GNU GPL and a fork of Nessus.

About OpenVAS Server

The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.

The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.

OpenVAS server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.

About OpenVAS-Client

OpenVAS-Client is a terminal and GUI client application for both OpenVAS and Nessus. It implements the Nessus Transfer Protocol (NTP). The GUI is implemented using GTK+ 2.4 and allows for managing network vulnerability scan sessions.

OpenVAS-Client is a successor of NessusClient 1.X. The fork happened with NessusClient CVS HEAD 20070704. The reason was that the original authors of NessusClient decided to stop active development for this (GTK-based) NessusClient in favor of a newly written QT-based version released as proprietary software.

OpenVAS-Client is released under GNU GPLv2 and may be linked with OpenSSL.

You can download OpenVAS here:

OpenVAS Client
OpenVAS Server

Or read more here.

Technorati Tags: nessus, Network Hacking, openvas, penetration-testing, security scanning, Security Software, va, vas, vuln assessment, vulnerability-assessment, vulnerability-scanner

HeX Main Features

HeX Main Menu - Cleaner look and more user interface oriented and maximum 4 levels depth HeX Main Menu allows quick access to all the installed applications in HeX.

Terminal - This is exactly what you need, the ultimate analyzt console!

Instant access to all the Network Security Monitoring(NSM) and Network Based Forensics(NBF) Toolkits via Fluxbox Menu. We have also categorized them nicely so that you know what to use conditionally or based on scenario.

Instant access to the Network Visualization Toolkit, you can watch the network traffics in graphical presentation and that assist you in identifying large scale network attacks easily.

Instant access to Pcap Editing Tools which you can use to modify or anonymize the pcap data, it’s great especially when you want to share your pcap data.

Network and Pentest Toolkits contain a lot of tools to perform network or application based attacks, you can generate malicious packets using them and study malicious packets using those analysis tools listed in NSM-Toolkit and NBF-Toolkit as well.

While we think HeliX liveCD is better choice in digital forensics arsenal, Forensics-Toolkit can be considered as the add-on for people who are interested in doing digital forensics.

Under Applications, there are Desktop, Sysutils and Misc, all of them are pretty self-explained and contain user based applications such as Firefox, Liferea, Xpdf and so forth. Additionally, Misc contains some useful scripts, for example you can just start ssh service by clicking on SSHD-Start.

You can download HeX 1.0.3 here:

hex-i386-1.0.3.iso

Or read more here.

Technorati Tags: digital-forensics, hacking-networks, hex, linux-livecd, livecd, Network Hacking, network monitoring livecd, network security analysis, network security livecd, network security monitoring, network-analysis, network-forensics, nsm, nsm livecd, packet monkeys, packet sniffing, rawpacket, security-livecd, traffic-analysis

This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a
callback connection that is then used for input/output redirection.

It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.

Details

1. Start a nc listener
2. Run PuttyHijack specify the listener ip and port
3. Watch the echoing of everything including passwords

Some basic commands in this version include;

!disco - disconnect the real putty from the display
!reco - reconnect it
!exit - just another way to exit the injected shell

You can download PuttyHijack V1.0 here:

PuttyHijackV1.0.rar

Or read more here.

Technorati Tags: hacking putty, hacking ssh, hacking-windows, insomniasec, putty, putty hacking, putty hijack, puttyhijack, ssh security, windows-security

What’s new?

• Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
• New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
• New -a switch for whosthere/iam: specify addresses to use.
• New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
• genhash now outputs hashes using the LM HASH:NT HASH format

You can download Pass-The-Hash Toolkit v.14 here:

Source

pshtoolkit_v1.4-src.tgz

Windows Binaries

pshtoolkit_v1.4.tgz

Read what’s new?
Or read more here.

Technorati Tags: Hacking Tools, hacking-windows, hash toolkit, LSA, NTLM, ntlm hashes, pass the hash, pass the hash toolkit, Password Cracking, psh, Windows Hacking, windows password hash

Many people ask, “What makes it better than X?”, or “Why should I use this over Y”. Our answer to this question is, we do not think about whether people are using it or not. We are more concerned about the learning process. If you want to try something with a clean interface, fast, and an excellent range of programs please don’t hesitate to download nUbuntu.

You can download nUbuntu 8.04 here:

nUbuntu - 8.04 (x86) (Torrent)
nUbuntu - 8.04 (x86) (Direct)

Or read more here.

Technorati Tags: hacking-livecd, livecd, network ubunutu, nubuntu, nubuntu livecd, security-livecd, security-tools, ubuntu

I wanted to mention this tool separately as I think it’s very cool!

MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter™ enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter™’s Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.

Because it is not based on fixed or statically-positioned hardware, MoocherHunter™ allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter™ allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.

You can download OSWA Assistant here to get MoocherHunter:

oswa-assistant.iso

Or read more here.

Technorati Tags: livecd, moocherhunter, oswa, oswa assistant, rogue wifi users, rogue wireless users, security-tools, thinksecure, wifi audit, wifi-security, wireless-security

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.

TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.

You can download TSGrinder 2.0.3 here:

tsgrinder-2.03.zip

Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:

roboclient.zip

Or read more here.

Technorati Tags: brute-force, hacking terminal server, hacking terminal services, Hacking Tools, hacking-windows, Password Cracking, terminal server, terminal services, tsgrinder

Features

• sniffing on all kinds of configured devices (Ethernet, PPP, …)
• capturing and decoding nearly all types of DNS packets, including packet decompression
• ncurses driven text based frontend with interactive commandline and multiple windows
• threaded design allow more flexibility when adding your own features
• clean code, commented and tested just fine, ready for you to extend
• internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
• DNS name server versioning using BIND version requests
• DNS local spoofing, answering DNS queries on your LAN before the remote NS
• DNS jizz spoofing, exploiting a weakness within old BIND versions
• DNS ID spoofing, exploiting a weakness within the DNS protocol itself

You can download Zodiac 0.4.9 here:

zodiac-0.4.9.tar.gz

Or read more here.

Technorati Tags: dns monitoring, dns sniffing, dns spoofing, dns-hacking, hacking bind, hacking dns, hacking-networks, Network Hacking, packet-factory, zodiac