Brutus Password Cracker

If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free.
It is available for Windows 9x, NT and 2000, there is no UNIX version available although it is a possibility at some point in the future.
Brutus was first made publicly available in October 1998.
Development continues so new releases will be available in the near future.

Features :
Brutus version AET2 is the current release and includes the following authentication types :
* HTTP (Basic Authentication)
* HTTP (HTML Form/CGI)
* POP3
* FTP
* SMB
* Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :
* Multi-stage authentication engine
* 60 simultaneous target connections
* No username, single username and multiple username modes
* Password list, combo (user/password) list and configurable brute force modes
* Highly customizable authentication sequences
* Load and resume position
* Import and Export custom authentication types as BAD files seamlessly
* SOCKS proxy support for all authentication types
* User and password list generation and manipulation functionality
* HTML Form interpretation for HTML Form/CGI authentication types
* Error handling and recovery capability inc. resume after crash/failure.

Download :
http://www.hoobie.net/brutus/brutus-download.html
http://www.insecure.in/hacktools/brutus-aet2.zip

Read more »

 

Cain & Abel v4.9.35 Released

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

New Features:

• Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
• Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
• Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
• Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
• Fixed a bug of RSA SecurID Calculator within XML import function.
• Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data.
• Executables rebuilt with Visual Studio 2008.
• Added Windows Firewall status detection on startup.
• Added UAC compatibility in Windows Vista/Seven.
• Winpcap library upgrade to version 4.1.1.

Read more »

 

Find domains – Discover Domains by IP Address, Hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

This tool is prepared by starting with Bing API 2.0 code sample.

In order to use FindDomains :

• Create an appid from “Bing Developers”, this link.
• It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
• When you have registered an appid, enter it to the “appid.txt” which is on program directory.

Some outlines :

• Uses Bing search engine. Works with first 1000 records.
• Multithreaded on crawling and DNS resolution.
• Performs DNS resolution for extracted domains to eleminate cached/old records.
• Has a console interface so it can be very useful with some command-line foo.
• Works with Mono. But running under Windows is more efficient.

Sample usage :

1) FindDomains.exe 1.2.3.4
2) FindDomains.exe www.hotmail.com

Requirements :
1) NET Framework 3.5. Also working with Mono.

http://finddomains.googlecode.com/files/FindDomainsv0.1.1.rar

Read more »

 

Disable Error Report In Windows

Microsoft’s Error Reporting in windows sometimes is disturbing, most of us don’t want to send that error report because it’s of no use.
There’s an easy way to disable Microsoft error report in windows.

Disable Microsoft Error report in Windows XP :
1) Open Control Panel (Start > Control Panel)
2) Open the Problem Reports & Solutions applet Under advanced options and disable error reporting.

Disable Microsoft Error report in Windows Vista :
1) Right click on my computer (Desktop) and click properties
2) Click the Advanced Tab
3) You’ll see a “Error reporting” button at the bottom, click it
4) Select Disable Error Reporting.

And you’re done….!

Read more »

 

PlayStation 3 Hacked – Exploit Released

Geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish.

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3’s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

Read more »