Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Brute Force. Show all posts
Showing posts with label Brute Force. Show all posts

Sunday, August 26, 2018

wpCrack - Wordpress Hash Cracker


Wordpress Hash Cracker.

Installation
git clone https://github.com/MrSqar-Ye/wpCrack.git


Video


Share:

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing



Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured).
After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.

Requirements
WiFi interface in monitor mode aircrack-ng SQLite3 openssl for compilation of modules (optional) wlanhc2hcx from hcxtools
In order to log GPS coordinates of handshakes, configure your coordinate logging software to log to .loc/*.txt (the filename can be chosen as desired). Airbash will always use the output of cat "$path$loc"*.txt 2>/dev/null | awk 'NR==0; END{print}', which equals to reading all .txt files in .loc/ and picking the second line. The reason for this way of implementation is the functionality of GPSLogger, which was used on the development device.

Calculating default keys
After capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase.

Compiling Modules
The modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in src/
Credits for the code go to the authors Kevin Devine and [peter@haxx.in].
On Linux:
gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcrypto
gcc -O2 -o modules/upckeys modules/upc_keys.c -lcrypto
If on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed.

Usage
Running install.sh will create the database, prepare the folder structure and create shortlinks to both scripts which can be moved to a directory that is on $PATH to allow execution from any location.
After installation, you may need to manually adjust INTERFACE on line 46 in airba.sh. This will later be determined automatically, but for now the default is set to wlan0, to allow out of the box compatibility with bcmon on Android.
./airba.sh starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms.
To view the database contents, run sqlite3 .db.sqlite3 "SELECT * FROM hs" in the main directory.

Update (Linux only ... for now):
Airbash can be updated by executing update.sh. This will clone the master branch into /tmp/ and overwrite the local files.

Output
_n: number of access points found
__c/m: represents client number and maximum number of clients found, respectively
-: access point is blacklisted
x: access point already in database
?: access point out of range (not visible to airodump anymore)

The Database
The database contains a table called hs with seven columns.
id: incrementing counter of table entries
lat and lon: GPS coordinates of the handshake (if available)
bssid: MAC address of the access point
essid: Name identifier
psk: WPA Passphrase, if known
prcsd: Flag that gets set by crackdefault.sh to prevent duplicate calculation of default keys if a custom passphrase was used.
Currently, the SQLite3 database is not password-protected.


Share:

Sunday, July 8, 2018

iCloudBrutter - AppleID Bruteforce


iCloudBrutter is a simple python (3.x) script to perform basic bruteforce attack againts AppleID.

Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter.

Installation
$ git clone https://github.com/m4ll0k/iCloudBrutter.git
$ cd iCloudBrutter
$ pip3 install requests,urllib3,socks
$ python3 icloud.py


Share:

Friday, June 22, 2018

XBruteForcer - CMS Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)


Brute Force Tool: WP , Joomla , DruPal , OpenCart , Magento

Simple brute force script
[1] WordPress (Auto Detect Username)
[2] Joomla
[3] DruPal
[4] OpenCart
[5] Magento
[6] All (Auto Detect CMS)

Usage
Short Form Long Form Description
-l --list websites list
-p --passwords Passwords list

Example
perl XBruteForcer.pl -l list.txt -p passwords.txt

for coloring in windows Add This Line
use Win32::Console::ANSI;


BUG ?

Installation Linux
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt 

Installation Android
Download Termux
cpan install LWP::UserAgent
cpan install HTTP::Request
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt 

Installation Windows
Download Perl
Download XBruteForcer
Extract XBruteForcer into Desktop
Open CMD and type the following commands:
cd Desktop/XBruteForcer-master/
perl XBruteForcer.pl -l list.txt -p passwords.txt 

Version
Current version is 1.2 What's New
• speed up
• Bug fixes
version 1.1
• Bug fixes


Share:

Thursday, September 21, 2017

Fast and Flexible Network Login Hacker - Hydra 8.6

 A very fast network logon cracker which supports many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and Medusa. Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however, none does either support more than one protocol to attack or support paralyzed connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently, this tool supports the following protocols:


Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

CHANGELOG for 8.6

CHANGELOG for 8.6
  ===================
  ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
  
  ! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix
  * added radmin2 module by catatonic prime - great work!
  * smb module now checks if SMBv1 is supported by the server and if signing is required
  * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
  * Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting)
  * Added new command line option:
    -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended)
  * Options put after -R (for loading a restore file) are now honored (and were disallowed before)
  * merged several patches by Diadlo@github to make the code easier readable. thanks for that!
  * merged a patch by Diadlo@github that moves the help output to the invididual module


Share:

Sunday, September 10, 2017

Simple HS256 JWT Token Brute Force Cracker - jwt-cracker


Simple HS256 JWT token brute force cracker.
Effective only to crack JWT tokens with weak secrets.
Recommendation: Use strong long secrets or RS256 tokens.

Install

With npm:
npm install --global jwt-cracker

Usage

From command line:
jwt-cracker <token> [<alphabet>] [<maxLength>]
Where:
  • token: the full HS256 JWT token string to crack
  • alphabet: the alphabet to use for the brute force (default: "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789")
  • maxLength: the max length of the string generated during the brute force (default: 12)

Requirements

This script requires Node.js version 6.0.0 or higher

Example

Cracking the default jwt.io example:
jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6
It takes about 2 hours in a Macbook Pro (2.5GHz quad-core Intel Core i7).




Share:

Saturday, September 9, 2017

Android application to brute force WiFi passwords (No Root Required) - WiFi Bruteforcer




WARNING: This project is still under development and by installing the app may misconfigure the Wi-Fi settings of your Android OS, a system restore may be necessary to fix it.

Android application to brute force WiFi passwords without requiring a rooted device.




Share:

Wednesday, January 25, 2017

A Single File Bruteforcer Supports Multi-Protocol - F-Scrack



F-Scrack is a single file bruteforcer supports multi-protocol, no extra library requires except python standard library, which is ideal for a quick test.

Currently support protocol: FTP, MySQL, MSSQL,MongoDB,Redis,Telnet,Elasticsearch,PostgreSQL.

Compatible with OSX, Linux, Windows, Python 2.6+.

Usage
Options:
python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]

-h
Supports ip(192.168.1.1), ip range (192.168.1) (192.168.1.1-192.168.1.254), ip list (ip.ini) , maximum 65535 ips per scan.
-p
Ports you want to scan, use comma to separate multi ports. Eg 1433,3306,5432. 
Default scan ports(21,23,1433,3306,5432,6379,9200,11211,27017) if no ports specified.
-m
Number of threads. Default is 100.
-t
Seconds to wait before timeout.
-d
Dictionary file.
-n
Scan without ping scan(Live hosts detect).
Example:
python F-Scrack.py -h 10.111.1
python F-Scrack.py -h 192.168.1.1 -d pass.txt
python F-Scrack.py -h 10.111.1.1-10.111.2.254 -p 3306,5432 -m 200 -t 6
python F-Scrack.py -h ip.ini -n


Share:

Sunday, January 8, 2017

Server-side Brute-force Module (ssh, ftp, smtp, facebook, and more) - brut3k1t



Server-side brute-force module. Brute-force (dictionary attack, jk) attack that supports multiple protocols and services.

1. Introduction
brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:
ssh
ftp
smtp
XMPP
instagram
facebook
There will be future implementations of different protocols and services (including Twitter, Facebook, Instagram).

2. Installation
Installation is simple. brut3k1t requires several dependencies, although they will be installed by the program if you do not have it.
  • argparse - utilized for parsing command line arguments
  • paramiko - utilized for working with SSH connections and authentication
  • ftplib - utilized for working with FTP connections and authentication
  • smtplib - utilized for working with SMTP (email) connections and authentication
  • fbchat - utilized for connecting with Facebook
  • selenium - utilized for web scraping, which is used with Instagram (and later Twitter)
  • xmppy - utiized for XMPP connections ...and more within the future!
Downloading is simple. Simply git clone .
git clone https://github.com/ex0dus-0x/brut3k1t
Change to directory:
cd /path/to/brut3k1t

3. Usage
Utilizing brut3k1t is a little more complicated than just running a Python file.
Typing python brut3k1t -h shows the help menu:
usage: brut3k1t.py [-h] [-s SERVICE] [-u USERNAME] [-w PASSWORD] [-a ADDRESS]
               [-p PORT] [-d DELAY]

Server-side bruteforce module written in Python

optional arguments:
-h, --help            show this help message and exit
-a ADDRESS, --address ADDRESS
                    Provide host address for specified service. Required
                    for certain protocols
-p PORT, --port PORT  Provide port for host address for specified service.
                    If not specified, will be automatically set
-d DELAY, --delay DELAY
                    Provide the number of seconds the program delays as
                    each password is tried

required arguments:
-s SERVICE, --service SERVICE
                    Provide a service being attacked. Several protocols
                    and services are supported
-u USERNAME, --username USERNAME
                    Provide a valid username for service/protocol being
                    executed
-w PASSWORD, --wordlist PASSWORD
                    Provide a wordlist or directory to a wordlist

Examples of usage:
Cracking SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt
The program will automatically set the port to 22, but if it is different, specify with -p flag.
Cracking email test@gmail.com with wordlist.txt on port 25 with a 3 second delay. For email it is necessary to use the SMTP server's address. For e.g Gmail = smtp.gmail.com . You can research this using Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3
Cracking XMPP test@creep.im with wordlist.txt on default port 5222 . XMPP also is similar to SMTP, whereas you will need to provide the address of the XMPP server, in this case  creep.im .
python brut3k1t.py -s xmpp -a creep.im -u test -w wordlist.txt
Cracking Facebook is quite a challenge, since you will require the target user ID, not the username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Cracking Instagram with username test with wordlist wordlist.txt and a 5 second delay
 python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5
## KEY NOTES TO REMEMBER
  • If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um... web-based. :)
  • If you do not supply the delay -d flag, the default delay in seconds will be 1.
  • Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
  • Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
  • Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
  • Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21 . Please keep that in mind.
  • Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!



Share:

Thursday, December 1, 2016

Automated Brute-Force Login Attacks Against EAP Networks - Auto_EAP



Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by Jouni Malinen j@w1.fi to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs.

Demo

./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0
Initialized...
Trying Username Alice with Password test: SUCCESS
Trying Username Bob with Password test: FAILED
Trying Username Charles with Password test: FAILED
Trying Username David with Password test: SUCCESS
Completed


Installation

Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched.

Help

./Auto_EAP.py -h
usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K
Key_mgmt -E Eap_type

optional arguments:
-h, --help show this help message and exit
-i Interface, --interface Interface
The Interface to use
-s SSID, --ssid SSID The SSID to attack
-U Usernamefile, --User Usernamefile
Path to username file
-p Password, --password Password
Password to use
-K Key_mgmt, --key_mgmt Key_mgmt
Key_Management type to use
-E Eap_type, --eap_type Eap_type
Eap type to use


Todo list

  • [✓] Resoved bug with .a type wireless cards (Shout out to Havok0x90 for his help in resolving this issue)
  • [-] Add multi-threading functionality
  • [-] Add support for password lists


Share:

Sunday, October 9, 2016

WPA/WPA2 Security Hacked Without Brute Force - Fluxion



Fluxion is a remake of linset by vk496 with less bugs and more features. It's compatible with the latest release of Kali (Rolling). Latest builds (stable) and (beta) HERE . If you new, please start reading the wiki

Fluxion GUI

How it works
  • Scan the networks.
  • Capture a handshake (can't be used without a valid handshake, it's necessary to verify the password)
  • Use WEB Interface *
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted

Requirements
A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling. Kali 2 & 2016 support the latest aircrack-ng versions. A external wifi card is recommended.

Credits
  1. Deltax @FLuX and Fluxion main developer
  2. Strasharo @Fluxion help to fix DHCPD and pyrit problems, spelling mistakes
  3. vk496 @Linset main developer of linset
  4. ApatheticEuphoria @WPS-SLAUGHTER,Bruteforce Script,Help with Fluxion
  5. Derv82 @Wifite/2
  6. Princeofguilty @webpages
  7. Photos for wiki @ http://www.kalitutorials.net

Useful links
  1. wifislax
  2. kali
  3. linset
  4. ares


Share:

Sunday, September 4, 2016

Top List Password - Word List 10 Million Passwords






In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier.

When password guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because a brute-force search takes too long. Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.

Brute-force attacks can be made less effective by obfuscating the data to be encoded making it more difficult for an attacker to recognize when the code has been cracked or by making the attacker do more work to test each guess. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.

Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.

Source: Wikipedia 

VirusTotal

Pass: offsec

By: OffSec




Share:

Friday, August 26, 2016

Automated Penetration Toolkit - APT2




This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information.

All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

Setup
On Kali Linux install python-nmap library:
sudo pip install python-nmap
sudo pip install neovim

Configuration (Optional)
APT2 uses the default.cfg file in the root directory. Edit this file to configure APT2 to run as you desire.
Current options include:
  • metasploit
  • nmap
  • threading

Metasploit RPC API (metasploit)
APT2 can utuilize your host's Metasploit RPC interface (MSGRPC). Additional Information can be found here: https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html

NMAP
Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.

Threading
Configure the number of the threads APT2 will use.

Run:

No Options:
python apt2 or ./apt2

With Configuration File
python apt2 -C <config.txt>

Import Nexpose, Nessus, or NMap XML
python apt2 -f <nmap.xml>

Specify Target Range to Start
python apt2 -f 192.168.1.0/24

Safe Level
Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the -s or --safelevel command line flags.

Usage:
usage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]]
[--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b]
[--listmodules]

optional arguments:
-h, --help show this help message and exit
-v, --verbosity increase output verbosity
-s SAFE_LEVEL, --safelevel SAFE_LEVEL
set min safe level for modules
-b, --bypassmenu bypass menu and run from command line arguments

inputs:
-C <config.txt> config file
-f [<input file> [<input file> ...]]
one of more input files seperated by spaces
--target initial scan target(s)

ADVANCED:
--ip <local IP> defaults to ip of interface

misc:
--listmodules list out all current modules


Modules
-----------------------
LIST OF CURRENT MODULES
-----------------------
nmaploadxml Load NMap XML File
hydrasmbpassword Attempt to bruteforce SMB passwords
nullsessionrpcclient Test for NULL Session
msf_snmpenumshares Enumerate SMB Shares via LanManager OID Values
nmapbasescan Standard NMap Scan
impacketsecretsdump Test for NULL Session
msf_dumphashes Gather hashes from MSF Sessions
msf_smbuserenum Get List of Users From SMB
anonftp Test for Anonymous FTP
searchnfsshare Search files on NFS Shares
crackPasswordHashJohnTR Attempt to crack any password hashes
msf_vncnoneauth Detect VNC Services with the None authentication type
nmapsslscan NMap SSL Scan
nmapsmbsigning NMap SMB-Signing Scan
responder Run Responder and watch for hashes
msf_openx11 Attempt Login To Open X11 Service
nmapvncbrute NMap VNC Brute Scan
msf_gathersessioninfo Get Info about any new sessions
nmapsmbshares NMap SMB Share Scan
userenumrpcclient Get List of Users From SMB
httpscreenshot Get Screen Shot of Web Pages
httpserverversion Get HTTP Server Version
nullsessionsmbclient Test for NULL Session
openx11 Attempt Login To Open X11 Servicei and Get Screenshot
msf_snmplogin Attempt Login Using Common Community Strings
msf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values
httpoptions Get HTTP Options
nmapnfsshares NMap NFS Share Scan
msf_javarmi Attempt to Exploit A Java RMI Service
anonldap Test for Anonymous LDAP Searches
ssltestsslserver Determine SSL protocols and ciphers
gethostname Determine the hostname for each IP
sslsslscan Determine SSL protocols and ciphers
nmapms08067scan NMap MS08-067 Scan
msf_ms08_067 Attempt to exploit MS08-067



Share:

Thursday, June 30, 2016

Network Logon Cracker - THC-Hydra 8.2

 A very fast network logon cracker which support many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

CHANGELOG for 8.2
 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra

* Added RTSP module, thanks to jjavi89 for supplying!
* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
* Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
* Added support in hydra-http for http-post (content length 0)
* Fixed important bug in http-*://server/url command line processing
* Added SSL SNI support
* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
* Fixed for SSL connection to support TLSv1.2 etc.
* Support for different RSA keylengths, thanks to fann95 for the patch
* Fixed a bug where the cisco-enable module was not working with the password-only logon mode
* Fixed an out of memory bug in http-form
* Fixed imap PLAIN method
* Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
* Added --fhs switch to configure (for Linux distribution usage)



Share:

Tuesday, May 10, 2016

Password cracking rules for Hashcat based on statistics and industry patterns - Hob0Rules



Password cracking rules for Hashcat based on statistics and industry patterns. The following blog posts on passwords explain the statistical signifigance of these rulesets:

Useful wordlists to utilize with these rules have been included in the wordlists directory
Uncompress these with the unfollowing command

gunzip rockyou.txt.gz

hob064

This ruleset contains 64 of the most frequent password patterns used to crack passwords. Need a hash cracked quickly to move on to more testing? Use this list.


hashcat -a 0 -m 1000 <NTLMHASHES> wordlists/rockyou.txt -r hob064.rule -o cracked.txt

d3adhob0

This ruleset is much more extensive and utilizes many common password structure ideas seen across every industry. Looking to spend several hours to crack many more hashes? Use this list.


hashcat -a 0 -m 1000 <NTLMHASHES> wordlists/english.txt -r d3adhob0.rule -o cracked.txt


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition