Posts tagged darkstuff
Most penetration tests are focused on either network attacks or web application attacks. Given this separation, many pen testers themselves have understandably followed suit, specializing in one type of test or the other. While such specialization is a sign of a vibrant, healthy penetration testing industry, tests focused on only one of these aspects of a target environment often miss the real business risks of vulnerabilities discovered and exploited by determined and skilled attackers. By combining web app attacks such as SQL injection, Cross-Site Scripting, and Remote File Includes with network attacks such as port scanning, service compromise, and client-side exploitation, the bad guys are significantly more lethal. Penetration testers and the enterprises who use their services need to understand these blended attacks and how to measure whether they are vulnerable to them. This session provides practical examples of penetration tests that combine such attack vectors, and real-world advice for conducting such tests against your own organization.
The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best live CD for web testing will provide feedback for what they would like to see included on the CD.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
read more here
or download here
install and collect the data, password or acting like from another computer
from http://sectools.org, this tool has increase popularity rank from 23 to 9.
with this tools you can do anything, from sniffing the network, cracking local password and the most thing that this tools can combine that, sniffing password from the network and crack it.
when you in a local area network which use a hub as switch, you will do almost all the tools ability. because the sniffing can be done from switch hub environment or from cable tap.
with the support of airpcap hardware and its driver you can gain access to the wireless network, from packet injection to cracking the wireless encryption.
sectools write this comment to this tools
Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools
support their platform first, and Windows ports are often an
afterthought. They are usually right, but Cain & Abel is a glaring
exception. This Windows-only password recovery tool handles an enormous
variety of tasks. It can recover passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords and
analyzing routing protocols. It is also well documented.
from its original site, it ha released the new version which has several feature and fixes Cain & Abel v4.9.8 released
– Added support for new AES-128bit Keyfobs in RSA SecurID Token Calculator.
– Microsoft SQL Server 2005 Password Extractor via ODBC.
– Fixed a bug in Internet Explorer 7 AutoComplete password decoder.
– Default HTTP users and passwords fields updated.
– Automatic recognition of AirPcap TX capability based on channels.
from the site, they describe this tool like this:
Cain & Abel is a password recovery tool for
Microsoft Operating Systems. It allows easy recovery of various kind of
passwords by sniffing the network, cracking encrypted passwords using
Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP
conversations, decoding scrambled passwords, recovering wireless
network keys, revealing password boxes, uncovering cached passwords and
analyzing routing protocols. The program does not exploit any software
vulnerabilities or bugs that could not be fixed with little effort. It
covers some security aspects/weakness present in protocol’s standards,
authentication methods and caching mechanisms; its main purpose is the
simplified recovery of passwords and credentials from various sources,
however it also ships some “non standard” utilities for Microsoft
Cain & Abel has been developed in the hope that it will be useful for
network administrators, teachers, security consultants/professionals, forensic
staff, security software vendors, professional penetration tester and everyone
else that plans to use it for ethical reasons. The author will not help or support
any illegal activity done with this program. Be warned that there is the possibility
that you will cause damages and/or loss of data using this software and that
in no events shall the author be liable for such damages or loss of data. Please
carefully read the License Agreement included in the program before using
The latest version is faster and contains a lot of new features
like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle
attacks. The sniffer in this version can also analyze encrypted
protocols such as SSH-1 and HTTPS, and contains filters to capture credentials
from a wide range of authentication mechanisms. The new version also ships routing protocols authentication
monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and
for several specific authentications, password/hash calculators, cryptanalysis
attacks, password decoders and some not so common utilities related to
network and system security.
for completed documentation you can read the documentation area here
__original site http://www.oxid.it
and you can download it from : http://www.oxid.it/cain.html