Tools
These tools can be used for good and bad. They are all readily available on the Web. So,
if you're one of the good guys : find out how long your passwords will resist a dictionary or brute force attack, see what information your computers would reveil when asked the right way, and check your network before the bad guys do ... network tools Password tools Get some practise
if you're one of the good guys : find out how long your passwords will resist a dictionary or brute force attack, see what information your computers would reveil when asked the right way, and check your network before the bad guys do ... network tools Password tools Get some practise
| Online DNS lookup, Whois, a.o. | KLOTH Services | WWW implementations of common network tools such as whois and nslookup / dig. Although they're in fact network troubleshooting tools, services / tools like these are often used to gather information about a 'target' or 'victim' (re. Hacking Exposed : a mini howto). Which goes to show that toold can be used for good and for bad ... | E | |
| nmap | www.insecure.org | simply the best port scanner, with some added functionality (e.g. remote OS guess) | E | |
| nessus | www.nessus.org | extremely complete vulnarability checker / security audit : scans a remote system for open ports (using nmap), then attempts to exploit the services listening at those ports and returns a detailed report. Open Source Quality. | E | |
| hping | www.hping.org | when ping and traceroute return timeouts because you can't trace 'behind' a router or firewall, hping might help. | E | |
| Same Spade | www.samspade.org | client for multiple protocols and integrated network query tool for Windows 95, 98, NT & Windows 2000 | E | |
| Look@Lan | www.lookatlan.com | freeware network enumeration and monitoring tool | E | |
| NBTEnum, NetBIOS User Enumartion Tool, | copy available atpacketstorm.linuxsecurity.org | nbtenum and other enumeration tools should be available at , but that site is apparently offline | E | |
| Hacking Exposed : the tools | the tools discussed in the book "Hacking Exposed" | E | ||
| Arne Vidstrom : The Toolbox - Freeware security tools for Windows | www.ntsecurity.nu, Arne Vidstrom | collection of freeware security tools, written by Arne Vidstrom, including a.o. a key logger, ping sweep, a tool to enumerate user accounts on a Windows system, a Microsoft SQL Server dictionary attack... | E | |
| Wireless Security software | Hideaway.Net | tools that can locate, audit, and even sniff wireless networks | E | |
| Unix Penetration Rootkits | Packet Storm | a collection of UNIX / Linux penetration rootkits | E | |
| Windows NT Penetration Tools | Packet Storm | a collection of Windows NT (2000, XP, etc.) penetration tools | E | |
| Astalavista Tool Box | Astalavista Secutity Group | An extensive collection of enumeration, sniffing cracking and exploiting tools. | E | |
| Oreilly Network tools | Collection of network hack and crack tools, mainly tar archives | E | ||
| www.insecure.org | www.insecure.org | www.insecure.org, of nmap fame, also caries extensive lists and (links to) forums on exploits, penetration testing, (exploitable) bugs, know security holes etc | E | |
| Brutus | Password cracker for HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3, FTP, SMB, Telnet servers. Originally created to check routers for default passwords. Brute Force / Dictionary approach | E | ||
| Hydra | The Hacker's Choice | THC-Hydra - login hacker for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is included in Nessus. | E | |
| l0phtcrack | Once the best tool for Windows NT cracking, and freely available. Now commercialized by Symantec. You may want to try and get a copy from astalavista :-) | E | ||
| John The Ripper | The famous John The Ripper password cracker | E | ||
| Cain and Able | finds passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols | E | ||
| TSCrack | Password Cracker for Windows Terminal Server. TSCrack is said to use Artificial Intelligence / Artificial Neural Networks to be able to interprete de bitmaps sent by the terminal server and generate an appropriate response. | E | ||
| "I forgot the Administrator password" | 'Linux on a floppy' boot disk that allows to blank out the administrator password and reset accounts on Windows NT systems | E | ||
| SIW - System Information for Windows | Not a password cracker per se, but a tool to collect system information on Windows systems. As it happens, this system information includes cached credentials, product keys and other 'secrets' | E | ||
| Default Passwords | Who says you need to crack anything ? Lot's of network devices are installed without any configuration, so they still have the user name / passwords that the vendor put there. And these passwords are very well known ... | E |
Comments
Post a Comment