Balikpapan Underground

TLSSLed v1.3 released

2013-02-11T16:41:00.005-08:00

TLSSLed v1.3 released - TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities.

This version is the result of testing lots of HTTPS (SSL/TLS) implementations during real-world pen-tests, so it is full of minor improvements and extra checks to identify different behaviors we have found in the wild (see the changelog inside the tool/script: "New in version 1.3" section). In several of my "Security of National eID (smartcard-based) Web Application" talks during the last year I mentioned that an upcoming TLSSLed version was going to be released... so here it is! :) Additionally, the tool output has been changed for easy reading and to provide quick information for each finding: negative [-], positive [+], or informational [.] (as well as grouping tests [*] and highlight warning and error messages [!]).

The tool usage has not changed. Simply run the tool by providing the target hostname or IP address plus the target port:

$ ./TLSSLed_v1.3.sh <hostname or IP_address> <port>

This version has been tested on updated versions of Samurai WTF 2.0 (running openssl 1.0.1 and sslscan 1.8.2), Backtrack5 R3 (running openssl 0.9.8k and sslscan 1.8.2), and Mac OS X Mountain Lion 10.8.x (running openssl 0.9.8r and sslscan 1.8.2; it requires to add and compile sslscan manually, see below). Samurai WTF 2.0 is the only one of these three that includes openssl v1.0.x by default, providing support for the TLS v1.1 and v1.2 protocol tests.

Instructions to get and compile sslscan for Mac OS X are available on the original webpage, although for Mountain Lion, if you have Xcode installed (or even without it?), you simply need to run the following command and ignore the openssl deprecated warnings:
$ gcc -lssl -lcrypto -o sslscan sslscan.c

Additionally, TLSSLed v1.3 has also been recently tested with a newest sslscan fork project that was released to better support STARTTLS, currently at version 1.8.3rc3, and available at GitHub.

If you find any bug, misbehavior, openssl/sslscan version combination, or target HTTPS (SSL/TLS) implementation that cannot be properly tested, please let us know so that we can fix it and add new features. Enjoy it!

Download TLSSLed v1.3
Download other versions -
TLSSLed v1.2
TLSSLed v1.1
TLSSLed v1.0

Source-
http://blog.taddong.com/2013/02/tlssled-v13.html

SSLScan v1.8.2 - Fast SSL Scanner

2013-02-11T16:40:00.001-08:00

SSLScan v1.8.2 - Fast SSL Scanner
SSLScan determines what ciphers are supported on SSL-based services, such as HTTPS. Furthermore, SSLScan will determine the prefered ciphers of the SSL service.

Requirements

SSLScan requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.

Building

To build SSLScan, first extract the archive and change into the source directory. Then execute the following command:

gcc -lssl -o sslscan sslscan.c

On Apple Mac OS X you will need to install the ports version of OpenSSL as the version that comes with your Mac is missing a few things. So if you don't already have ports installed, download it from www.macports.org. You can install the latest OpenSSL using the following command:

sudo port install openssl
SSL Scan can then be built using the following command:

gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c
Running

In its simplist form, SSLScan can be run with only one parameter, just specify the host to test. SSLScan will default to port 443 if a port is not specified. The following screenshot shows SSLScan being run, testing only the SSLv2 ciphers.

The command line arguements for SSLScan are:

Command:
sslscan [Options] [host:port | host]

Options:
--targets= A file containing a list of hosts to
check. Hosts can be supplied with
ports (i.e. host:port).
--no-failed List only accepted ciphers (default
is to listing all ciphers).
--ssl2 Only check SSLv2 ciphers.
--ssl3 Only check SSLv3 ciphers.
--tls1 Only check TLSv1 ciphers.
--pk= A file containing the private key or
a PKCS#12 file containing a private
key/certificate pair (as produced by
MSIE and Netscape).
--pkpass= The password for the private key or
PKCS#12 file.
--certs= A file containing PEM/ASN1 formatted
client certificates.
--starttls If a STARTTLS is required to kick an
SMTP service into action.
--http Test a HTTP connection.
--bugs Enable SSL implementation bug work-
arounds.
--xml= Output results to an XML file.
--version Display the program version.
--help Display the help text you are now
Third Party

Jabra has developed an XML parser for SSLScan which can be downloaded from http://search.cpan.org/~jabra/.

Downloads
Download sslscan-1.8.2.tgz (22.2 kB)
Download other versions
Screenshot -

UPDATE OWASP Zed Attack Proxy(ZAP) v 2.0.0 - an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications

2013-02-11T16:35:00.001-08:00

UPDATE OWASP Zed Attack Proxy(ZAP) v 2.0.0 - an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications

OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Some of ZAP's features:

Some of ZAP's characteristics:

Easy to install (just requires java 1.7)
Ease of use a priority
Comprehensive help pages
Fully Internationalized
Under active development
Open source
Free (no paid for 'Pro' version)
Cross platform
Involvement actively encouraged

It supports the following languages:

English
Brazilian Portuguese
Chinese
Danish
Filipino
French
German
Greek
Indonesian
Italian
Japanese
Persian
Polish
Russian
Spanish

Download version 2.0.0 from here
ZAP_2.0.0_Windows.exe
ZAP_2.0.0_Linux.tar.gz
ZAP_2.0.0_Mac_OS_X.zip

OWASP Zed Attack Proxy v 2.0.0 released on 30-Jan-2013

There is a new version of the OWASP Zed Attack Proxy (ZAP) available right now, and there are so many changes in it that we’ve decided to call it version 2.0.0.

If you just want to get stuck in and download it then head over to http://code.google.com/p/zaproxy/downloads/list : it's available for Windows, Linux and Mac OS.

(Note that the Mac OS specific release is coming soon, but the Linux release is actually cross platform and will work fine on Macs)

And if you want to learn a bit more about the changes then read on...

We can only cover the new features at a high level in one blog post, but the plan is to host a Google hangout demonstrating many of these features at 17:00 UTC on Friday 8th Feb. Details to be announced via https://twitter.com/zaproxy

Simon will also be presenting a talk at FOSDEM on Feb 2nd: Practical Security for developers, using OWASP ZAP

New features

An integrated add-ons marketplace

ZAP can be extended by add-ons that have full access to all of the ZAP internals. Anyone can write add-ons and upload them to the ZAP Add-on Marketplace (OK, so its a Google code project called zap-extensions, but you get the idea).

More importantly you can now browse, download and install those add-ons from within ZAP. Most add-ons can be dynamically installed (and uninstalled) so you wont even need a restart.

You can choose to be notified of updates, and even be automatically updated. And as the scan rules are now implemented as add-ons you can get the latest rules as soon as they are published.

A replacement for the 'standard' Spider

The ‘old’ Spider was showing its age, so its been completely rewritten, and is much faster and more comprehensive than the old one. This is still a 'traditional' spider that analyses the HTML code for any links it can find.

A new 'Ajax' spider

In addition to the 'traditional' spider we've added an Ajax spider which is more effective with applications that make heavy use of JavaScript. This uses the Crawljax project which drives a browser (using Selenium) and so can discover any links an application generates, even ones generated client side.

Web Socket support

ZAP now supports WebSockets, so ZAP can now see all WebSocket messages sent to and from your browser. As with HTTP based messages, ZAP can also intercept WebSocket messages and allows you to change them on the fly.

You can also fuzz WebSockets messages as well using all of the fuzzing payloads included in ZAP from projects like JBroFuzz and fuzzdb. And of course you can easily add your own fuzzing files.

Quick Start tab

The first main tab you will now see is a ‘Quick Start’ tab which allows you to just type in a URL and scan it with one click.

This is an ideal starting point for people new to application security, but experts can easily remove it if they find it distracting.

Session awareness

ZAP is now session aware, so it can recognise and keep track of multiple sessions. It allows you to create new sessions, switch between them, and applies to all of the other components, like the Spider and Active Scanner.

User defined Contexts

You can now define any number of ‘contexts’ - related sets of URLs which make up an application. You can then target all URLs in a context, for example using the Spider or Active Scanner. You can also add the contexts to the scope, and associate other information, such as authentication details.

Session scope

The session scope allows you to specify which contexts you are interested at any one time. You can restrict what you see in various tabs to just the URLs in scope, and prevent accidentally attacking URLs not in scope by using the Protected mode.

Different modes

ZAP now supports 3 modes:

Safe, in which no potentially dangerous operations permitted
Protected, in which you can perform any actions on URLs in scope
Standard, in which you can do anything to any URLs

A scripting console

This allows you to access any internal ZAP data structures dynamically using any scripting language that supports JSR 223,

Authentication handling

You can now associate authentication details with any context, which allows ZAP to do things like detect if and when you are logged out and automatically log you back in again. This is especially useful when used via the API in security regression tests.

More API support

The REST API has been significantly extended, giving you much more access to the functionality ZAP provides.

Fine grained scanning controls

The active scan rules can now be tuned to adjust their strength (the number of attacks they perform) and the threshold at which they report potential issues.

New and improved active and passive scanning rules

We have uploaded the results from running ZAP 2.0.0 against wavsep (the most comprehensive open source evaluation project we are aware of) to the ZAP wiki: http://code.google.com/p/zaproxy/wiki/TestingWavsep

Many stability and usability fixes

Source-

http://owasp.blogspot.in/2013/01/owasp-zed-attack-proxy-v-200.html
For more information - http://code.google.com/p/zaproxy/ https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Easy-Creds 3.7 Install Script 0.1 - BackBox Scripts

2013-02-11T16:33:00.003-08:00

Easy-Creds 3.7 Install Script 0.1 - BackBox Scripts
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

Easy-Creds 3.7 Install Script 0.1

This script (inst-0.1.sh) will :

Add easy-creds to main BackBox menu
Add nice start icon for Easy-Creds
Remove install script from /opt/easy-creds directory
Make symbolic link to run easy-creds from terminal with sudo easy

To do :

Add remove function for other files after installation download.
Check all directories, then remove.
Add all download files to github repository.

How to use script ?

To get full install, easy-creds need to be installed in /opt directory.

Open terminal and type :

wget https://github.com/downloads/ZEROF/BackBox-Scripts/inst-0.1.sh

chmod +x inst-0.1.sh

sudo ./inst-0.1.sh

About tool and author ?

https://github.com/brav0hax/easy-creds/blob/master/README

source-
https://github.com/ZEROF/BackBox-Scripts

LPVS : Package Vulnerability Scanner - A fast way to find out which packages on your system are insecure...

2013-02-11T16:28:00.001-08:00

LPVS : Package Vulnerability Scanner - A fast way to find out which packages on your system are insecure...

This Linux package vulnerability scanner (LPVS) uses public security news feeds provided by Linux distributions vendors to detect out-of-date packages that could pose a threat to your server. The scanner

currently runs on
Ubuntu
CentOSAdditional distributions might be added...

Limitations
Please know that the scanner works by comparing complex package version numbers and therefore is limited to do overly exact matches. It works best on an almost up-to-date installation. For example where you run the latest Ubuntu LTS release and do weekly or on demand updates. The current goal of the scanner is to avoid false positives and to be useful for daily analysis of a large number of systems. Note: When on Debian use debsecan instead! On FreeBSD usePortaudit.

Installation + Running
Download the scanner script, put it anywhere you like and run it like this

./lpvs-scan.pl

No need to run as root, any user will do. It just needs

Perl 5
Perl module XML::LibXSLT
Perl module XML::LibXML
and internet access

Please keep in mind that this is an experimental script which might report false positives and negatives!

Screenshots
Below you find a screenshot from a CentOS setup. Green lines indicate security advisory covering packages that are installed and up-to-date. Yellow lines indicate security advisories not applicable as the related packages are not installed. Red ones of course indicate a vulnerability.

Download Releases -

version 0.2 (09.12.2012)

New silent switch (-s)
New verbose switch (-v)
Works with older distros now
Fixes false positives

version 0.1 (initial)

Source-
http://lzone.de/lpvs/

SecLists - Collection of multiple types of lists that can be used during security assessments

2013-02-11T16:27:00.001-08:00

SecLists - Collection of multiple types of lists that can be used during security assessments

SecLists is a github-based collection of multiple types of lists that can be used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. The idea is that when preparing to test from a given system one can simply pull this repository and instantly have all the lists you'll need for finding sensitive data, fuzzing, breaking authentication, simulating whitebox testing for common frameworks, etc.

If you have any ideas for things we should include, please send them to daniel@danielmiessler.com. Also note that any lists that have been meticulously assembled by someone else will only be used with permission of the creator. This project is maintained by Daniel Miessler and Jason Haddix.

Download as zip file

Download from github

Source-
http://danielmiessler.com/projects/tools/seclists/
https://github.com/danielmiessler/SecLists

SRAT - Security Requirements Assessment Tool

2013-02-11T16:25:00.004-08:00

SRAT - Security Requirements Assessment Tool

SRAT - Security Requirements Assessment Tool
Before engaged to Security Assessment your can simple prepare report with severity of security points.

Steps to start the tool -
Download the zip file.
Download as zip file
Exact the zip file to folder.
Start SRatTool.rar file from Apps Directory.
Fill the required details

Your can customize some details by modifying QuestionList.xml file in apps directory.

Download as zip file
Download from GitHub

Platform supported -
Window with JRE installed

Source-
https://github.com/bgmemo/SRAT

Screenshot -

The Social-Engineer Toolkit (SET) v4.4 “The Goat” and Artillery 0.6.6 released!

2013-02-11T16:24:00.001-08:00

The Social-Engineer Toolkit (SET) v4.4 “The Goat” and Artillery 0.6.6 released!

The Social-Engineer Toolkit (SET) version 4.4 Codename: “The Goat” has been released. This version is a large leap forward on the java applet side of the house with a newly designed payload delivery system as well as the new multi-pyinjector supporting a dynamic cipher key exchange for AES 256 encryption. The multi-pyinjector is a payload that allows you to specify as many payloads as you want and will dynamically be loaded into memory. This is useful for situations where you do not know what egress ports are allowed outbound and don’t want to fail. This version was completely rewritten, scaled back, and optimized to perform better, handle abnormalities, as well as added encryption and obfuscation.

In addition, a number of enhancements have been made on the powershell injection technique which is also much more reliable and stable within the toolkit.

Lastly, the Java applet source code has been re-opened to open source and located within the SET directory structure. In order to download the toolkit, ensure you have git installed and type:

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/

If you already have the latest github version of SET, simply type git pull or run the set-update tool.

Full change log below:

~~~~~~~~~~~~~~~~
version 4.4
~~~~~~~~~~~~~~~

* Added new folder structure under src/webattack/java_applet – this includes again the source code of the Java Applet.
* Added compile program for making applets in the java_applet directory.
* Recompliled the Java Applet to add better obfsucation.
* Edited payloadgen to utilize more base64 encoded techniques.
* Added better stability to the multi injector payload when ports are not found
* Added new core library that called EncryptAES which allows you to encrypt specific string data
* Added obfsucation into the Java Applet and placed new params to pull
* Rewrote multipyinjector for better error handling and performance
* Added AES 256 encryption to the multi-pyinjector – before it would write out the shellcode to tmp files, instead it encrypts the entire data via 256 aes then pulls via command line and does not write out the files
* Added ability for SET and Java Applet to handle multi-pyinjector AES encrypted payloads through the pycrypto modules
* Modified the payload creation to encrypt payloads on the fly with a randomized cipher key exchange – each new payload generated will be a completely different AES cipher key
* Fixed a bug that would cause powershell to not fire properly when using multi-pyinjector. It now prompts for an additional port and appends it to the meta_config_multi_pyinjector answer file for metasploit
* Fixed a bug that would cause pyinjector to not properly execucute when not using powershell injection
* Updated the Java Applet to include the new multi pyinjectir cipher key addition once executed
* New encrypted binary multi pyinjector in place
* Added time delay between firing multiple payloads. When executing multiple instances stdapi.rb freaked out and wouldn’t load. This didn’t hinder the shell but you would manually need to add the lib in order to get the standard libraries within meterpreter. This has since been fixed.
* Large redesign of multi-pyinjector which is now streamlined to be as effecient as possible
* Added better checking for multi pyinjector when using powershell to add new detections around port.options

Artillery 0.6.6 has also been released. This release incorporates a bug fix that would cause Artillery to not properly start under certain conditions. In addition, the setup installation file has been updated to create required folder structures prior to running artillery.

Changelog below:

~~~~~~~~~~~~~~~~~~~~~~
version 0.6.6
~~~~~~~~~~~~~~~~~~~~~~

* fixed a typo that would cause artillery not to start in some cases
* added folder create for src/program_junk and databases/ during installation of artillery

Source-

https://www.trustedsec.com/january-2013/the-social-engineer-toolkit-set-v4-4-the-goat-released/

KDE 4.10 Released

2013-02-11T16:04:00.002-08:00

KDE 4.10 Released

KDE, as part of its bi-annual update, has released KDE 4.10 equipped with quite a lot of enhancements and improvements.

The release announcement points to improved support for mobile device, visual refinements that go well with the Plasma Workspaces, improved performance of many KDE Applications and more APIs to Qt Quick among others.

Diving deeper in the improvement aspect, “several components of the Plasma Workspaces have been ported to the Qt Quick/QML framework” in KDE 4.10. The APIs will allow developers to contribute to KDE through the use of Plasma SDK. Developers can write Plasma widgets and widget collections using the the Qt Markup Language (QML).

You can find more information about the new release and the changes at KDE.org.

OWASP Zed Attack Proxy (ZAP) v1.4.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

2013-02-11T07:58:00.002-08:00

OWASP Zed Attack Proxy (ZAP) v1.4.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

The current version of ZAP is 1.4.1

News flash: Simon's slides from AppSec Ireland are now online. He will also be talking about ZAP at OWASP Manchester on 11th September

Latest ZAP Tutorial video: The Initial Setup Guide

ZAP 1.4+ can be easily extended: see the ZAP-extensions project for some of the extensions you can add.

There are 3 ZAP related Google Summer of Code 2012 projects!

Please also see the new Sponsors and Supporters page.

OWASP ZAP is also the Toolsmith Tool of the Year for 2011!

The official OWASP ZAP homepage is on the OWASP site.

This Google Code project is used for the downloads, wiki, online help pages, links to videos, issues and source code.

Want a very quick introduction? See the project pamphlet.

For a slightly longer introduction see the project presentation.

For video introductions to ZAP see the links on the wiki videos page.

For more details about ZAP, including the full user guide, please see the wiki.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Some of ZAP's features:

Some of ZAP's characteristics:

Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Fully Internationalized
Under active development
Open source
Free (no paid for 'Pro' version)
Cross platform
Involvement actively encouraged

It supports the following languages:

English
Brazilian Portuguese
Chinese
Danish
French
German
Greek
Indonesian
Japanese
Persian
Polish

Spanish

ZAP is a fork of the well regarded Paros Proxy.
Details of the changes made are here: Releases

Download Latest version -

ZAP_1.4.1_Mac_OS_X.zip

ZAP_1.4.1_Windows.exe

ZAP_1.4.1_Linux.tar.gz

python-owasp-zap-0.0.1.zip

ZAP-1.4-Client-API-1.zip

Download other versions-

http://code.google.com/p/zaproxy/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount

Screenshot -

Trace Any Email Sender on Gmail, Windows Live Mail or Yahoo! Mail

2013-02-11T07:56:00.000-08:00

Trace Any Email Sender on Gmail, Windows Live Mail or Yahoo! Mail
How to Trace Any Email Sender on Gmail, Windows Live Mail or Yahoo! Mail

Hi Friends,
Daily we receive hundreds of junk or spam emails from unknown senders daily.
These emails fill our inbox with so many unwanted emails.
Email addresses of these emails are mostly invalid but we can trace these emails and disclose the IP and location of the sender from some third party online email tracing services.

To trace any email follow the steps:

Yahoo! Mail

1. Right click the email you want to trace and select “View Full Headers” You’ll see a pop up window containing full header of the email.

2. Copy all the text in email header.

3. Now open IP-address Email Trace.

4. Paste the email header’ text in the given box and hit “Trace Email Sender”.

You’ll be redirect to a new page where all the details; including sender’s location, IP, and ISP details are shown.

Windows Live Mail/ Hotmail

1. Right click the email you want to trace and select “View Message Source”

A new window containing full header of the email will open.

2. Copy all the text in email header.

3. Now open IP-address Email Trace.

4. Paste the email header’ text in the given box and hit “Trace Email Sender”.

You’ll be redirect to a new page where all the details; including sender’s location, IP, and ISP details are shown.

Gmail

1. Click the small arrow in the email and select “Show Original”

A new window containing full header of the email will open.

2. Copy all the text in email header.

3. Now open IP-address Email Trace.

4. Paste the email header’ text in the given box and hit “Trace Email Sender”.

You’ll be redirect to a new page where all the details; including sender’s location, IP, and ISP details are shown.

Mozilla Thunderbird

1. Open the email and click “Other Actions” and select “View Source”

Full email header will be shown in a small window.

2. Copy all the text in email header.

3. Now open IP-address Email Trace.

4. Paste the email header’ text in the given box and hit “Trace Email Sender”.

And You’ll be redirect to a new page where all the details; including sender’s location, IP, and ISP details are shown.

Email Trace Snapshot -

Source-
http://www.ip-adress.com/trace_email/

Email Trace - Email Tracking
IP-Adress.com can help you discover the sender of any email by using that person's IP address information. Typically, the way we can do this is by using the email header to determine the IP information of the device where the email originated, and then using that information to run an IP lookup and figure out the sender's identity.

For More Information -
IP-address.com - What is my IP address and locationFree IP Address Lookup

Common Methods for Hacking

2013-02-11T07:54:00.003-08:00

Common Methods for Hacking :

This comprises of either taking control over terminal(or Server) or render it useless or to crash it.. following methods are used from a long time and are still used..

1. Denial of Service -

DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic(which can be e-mail or Transmission Control Protocol, TCP, packets).

2. Distributed DoSs -

Distributed DoSs (DDoSs) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

3. Sniffing -

Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

4. Spoofing -

Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping

5. SQL injection -

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It uses normal SQL commands to get into database with elivated privellages..

6. Viruses and Worms -

Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

7. Back Doors -

Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in the network.

So, not interested in these stuffs.. huh??? wait there is more for you.. So, how about the one related to hacking the passwords of email and doing some more exciting stuffs.. The various methods employed for this are:

8. Trojan Horses -

Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the software can take the full control over the system and you can remotely control the whole system.. great..!!! They are also reffered as RATs(Remote Administration tools)

9. Keyloggers -

Consider the situation, everything you type in the system is mailed to the hacker..!! Wouldn't it be easy to track your password from that.. Keyloggers perform similar functionallities.. So next time you type anything.. Beware..!! Have already posted about keyloggers and ways to protect yourself from them..

10. BruteForcing -

The longest and most tiring job.. don't even consider this if you don't know the SET of password for your victim..

11. Secret Question -

According to a survey done by security companies, it is found that rather than helping the legitimate users the security questions are more useful to the hackers.. So if you know the victim well try this..

12. Social Engineering -

Ya this was one of the oldest trick to hack.. Try to convince your user that you are a legitimate person from the system and needs your password for the continuation of the service or some maintainence.. This won't work now since most of the users are now aware about the Scam.. But this Social Engginering concept is must for you to have to convince victim for many reasons..!!!

13. Phishing -

This is another type of keylogging, here you have to bring the user to a webpage created by you resembling the legitimate one and get him to enter his password, to get the same in your mail box..!! Use social engginering..

14. Fake Messengers -

So its a form of phishing in the application format.. getting user, to enter the login info in the software and check your maill..!!!

15. Cookie Stealer -

Here the cookie saved by the sites are taken and decoded and if you get lucky.. You have the password..!!!

Hmmm.. not satisfied with single account at a time..?? so there are ways to hack lots of accounts together.. I know few but there exists many..!! listed are the ones i know and will teach you in coming posts...

16. DNS Poisoning or PHARMING -

So, phisihing is a tough job.. isn't it..?? convincing someone to enter their password at your page..?? what if you don't have to convince..?? what if they are directed automatically to your site without having a clue..?? Nice huh..?? Pharming does the same for you.. More about it in my next post..

17. Whaling -

This method gets you the password of the accounts which are used by the hackers to recive the passwords.. So you just have to hack one ID, which is simplest method( Easy then hacking any other account, will tell you how in coming posts..) and you will have loads of passwords and so loads of accounts at your mercy..!!!

This is for Educational Purpose only........

Havij v1.16 Advanced & Automated SQL Injection Tool Released

2013-02-11T07:52:00.000-08:00

Havij v1.16 Advanced & Automated SQL Injection Tool Released

One of the most preferred and widely used SQL-injector Havij has released another updated version(v1.16). In the middle of last year ITSec team made Havij 1.15 available, so after one year of hard work now we got the next edition of this marvellous SQL-i tool. As per survey Havij is listed as one of the finest and widely used tool used for finding SQL Injection vulnerabilities on a web page. It has been thoroughly used by hackers along with penetration testers over the whole spectrum.

What is Havij?

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

New Features :-

.Multithreading
.Oracle Blind injection method.
.Automatic all parameter scan added.
.New blind injection method (no more ? char.)
.Retry for blind injection.
.A new method for tables/columns extraction in mssql blind.
.A WAF bypass method for mysql blind.
.Getting tables and columns even when can not get current database.
.Auto save log.

Bug Fixed:-
.url encode bug fixed.
.Trying time based methods when mssql error based and union based fail.
.Clicking get columns would delete all tables.
.Reseting time based method delay when applying settings.
.Oracle and PostgreSQL detection

Download Havij v1.16 Click Here

SQL Exploiter Pro v2.15 - The utimate sql injection tool

2013-02-11T07:50:00.002-08:00

SQL Exploiter Pro v2.15 - The utimate sql injection tool

This is the latest release with new functions and improvements.Hacking websites with SQL Exploiter Pro v2.15 is as easy as 1-2-3. Real and Pro hackers are simply going to love it for how easy and organised it is. The SQL Exploiter Pro v2.15 makes sql injection so simple that even novice or beginner hackers can hack shops with it. The SQL Exploiter Pro v2.15 can hack CFM, ASP and PHP exploits as well as download MS access databases of exploitable sites.

Click Here for Manual [PDF]
Download
Download version v2.15
Download from other link

Blackbuntu - Penetration Testing Distribution

2013-02-11T07:49:00.000-08:00

Blackbuntu Penetration Testing Distribution

based on Ubuntu 10.10 which was specially designed for security training students and practitioners of information security.

Blackbuntu is Ubuntu base distro for Penetration Testing with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10.

For Blackbuntu 0.3 we are supporting both x86 and x86_64 architectures.Security and Penetration Testing tools available in Blackbuntu :-

· Information Gathering
· Network Mapping
· Vulnerability Identification
. Penetration
· Privilege Escalation
· Maintaining Access
· Radio Network Analysis
· VoIP Analysis
· Digital Forensic
· Reverse Engineering
· Miscellanious

System requirements :-

1GHz x86 processor
768 MB of system memory (RAM)
10 GB of disk space for installation
Graphics card capable of 800×600 resolution
DVD-ROM drive or USB port

Community Edition 0.3 Final
For Blackbuntu 0.3 we are supporting both x86 and x86_64 architectures. You can download the Blackbuntu Community Edition 0.3 ISO DVD with the following link:

GNOME
ISO Image(From sf.net)
Blackbuntu Community Edition 0.3 x86_64

ISO Image(Torrent)
Blackbuntu Community Edition 0.3 x86 torrent
Blackbuntu Community Edition 0.3 x86_64 torrent

VMWARE (Torrent)
Blackbuntu Community Edition 0.3 x86 torrent
Blackbuntu Community Edition 0.3 x86_64 torrent

Virtual Box Image(Torrent)
Blackbuntu Community Edition 0.3 x86 torrent
Blackbuntu Community Edition 0.3 x86_64 torrent

Website - http://www.blackbuntu.com/

For More Information - http://sourceforge.net/projects/blackbuntu/?source=directory

Visit Blog - http://www.blackbuntu.com/blog

ScreenShot of Blackbuntu

HoneyBox v0.1 - Honeypots in a box!

2013-02-11T07:48:00.000-08:00

HoneyBox v0.1 - Honeypots in a box!

Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

HoneyBox is a virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.

DOWNLOAD:

The latest version (0.1) contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work. Due to its size the file is hosted at SourceForge:http://sourceforge.net/projects/honeybox/

Please also take a look at the README.txt file at SourceForge (also included inside the disk) to learn the specific features and where everything is located.

INSTALLATION:

After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.

Download HoneyBox.7z (508.6 MB)

Specification - OS: Ubuntu Server 11.10 32-bit HDD: VMDK 15GB (2GB split) Localization: English (UK), UK layout, GMT Extra: Automatic security updates Software: OpenSSH (port: 2222) & LAMP server [System] Connectivity: DHCP Hostname: honeybox User: HoneyBox User Username/Password: honeybox/honeybox MySQL root password: honeybox + phpMyAdmin [Kippo] Path: /home/honeybox/kippo/ Port: 22 MySQL db: kippodb MySQL user: kippouser MySQL pass: kippopass [Kippo-Graph] Path: /var/www/kippo-graph [Kippo-Scripts] Path: /home/honeybox/ + kippo2mysql.pl + kippo-sessions.sh + kippo-stats.pl Kippo2MySQL db: kippo2mysql Kippo2MySQL user: kippouser Kippo2MySQL pass: kippopass

Visit Website -
http://bruteforce.gr/honeybox

http://sourceforge.net/projects/honeybox/

For more information on Honeypot

Sources -

http://en.wikipedia.org/wiki/Honeypot_(computing)

http://www.sans.org/security-resources/idfaq/honeypot3.php

http://www.insecure.in/honeypots.asp

http://www.honeynet.org/

http://www.seminartime.com/seminar_rpt/ct_rpt/honeypots/honeypots_1.php

http://www.hackersonlineclub.com/honeypot

Honey pot Diagram Source -

http://www.sans.org/security-resources/idfaq/honeypot3.php

http://www.hackersonlineclub.com/honeypot

Dequiem v-1.8 - Python DDoS Tool

2013-02-11T07:27:00.000-08:00

Dequiem v-1.8
Dequiem is a DDoS tool written in python 2.7

Features

DDoS
Find a website's IP
Port Scanning

Requirement :

Python v2.7 or higher

Download
Dequiem1.8.py (8.6 kB) from Here

For More Information

http://sourceforge.net/projects/dequiem/
http://sourceforge.net/p/dequiem/blog/

Release Changes in Ver 1.8

Patch notes :
-portscan mode added
-help mode changed
-interface is better now

Warning -
Never Use it for attack on the servers that is not your own server or don't use it without permission from Owner.

This Information is shared from Education Purpose Only.

Cisco Packet Tracer - Powerful network simulation program

2013-02-11T07:26:00.000-08:00

Cisco Packet Tracer - Powerful network simulation program

Cisco Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions. As an integral part of the Networking Academy comprehensive learning experience, Packet Tracer provides simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching and learning of complex technology concepts.

Packet Tracer supplements physical equipment in the classroom by allowing students to create a network with an almost unlimited number of devices, encouraging practice, discovery, and troubleshooting. The simulation-based learning environment helps students develop 21st century skills such as decision making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curricula, allowing instructors to easily teach and demonstrate complex technical concepts and networking systems design.

The Packet Tracer software is available free of charge ONLY to Networking Academy instructors, students, alumni, and administrators that are registered Academy Connection users.

Cisco Networking Academy is pleased to announce the release of Cisco Packet Tracer version 5.3 in Feb2012, a minor release that includes the following new protocol support and enhanced functionality:

* Improved Linksys models, added WEP wireless security algorithm, Cable and DSL enhancements
* Call Manager Express (VOIP support)
* FTP server and routers/switches – server and client
* Email system (SMTP and POP3) – server and client
* Border Gateway Protocol (BGP) – limited implementation that allows for a more realistic representation of the Internet for scenarios
* Generic IP end devices – to create more versatility in device creation
* Activity Wizard Initial Tree enhancements – more scenario variations

The new protocol support and activity wizard enhancements in version 5.3 will enable instructors to teach concepts in CCNA Discovery, CCNA Exploration, and CCNP courses more effectively, including the following:

CCNA Discovery
* Networking for Home and Small Businesses: Improved Linksys models and wireless security protocols and algorithms, generic IP end devices
* Working at a Small-to-Medium Business or ISP: Better DNS, improved DHCP, wireless security, new FTP, SMTP, POP3
* Introducing Routing and Switching in the Enterprise: Improved multi-area OSPF, EIGRP, BGP
* Designing and Supporting Computer Networks: New VOIP, Call Manager Express

CCNA Exploration
* Network Fundamentals: Improved HTTP, DNS, DHCP; new FTP, SMTP, POP3
* Routing Protocols and Concepts: Improved multi-area OSPF, EIGRP, new BGP
* LAN Switching and Wireless: Improved Linksys models, wireless security algorithms, 802.11
* Accessing the WAN: New PPPoE, enhanced IPSec, Cable and DSL enhancements

CCNP
* Improved multiarea OSPF, EIGRP, new BGP

We recommend upgrading to the new version to take advantage of the many improvements included in this release. To learn more about how Packet Tracer can be used in each Networking Academy course, please view this new Packet Tracer 5.3 Curricula Support chart.

Packet Tracer 5.3 is currently available for download from the Packet Tracer resource pageon Academy Connection. To access this page, log in to Academy Connection and click the Cisco Packet Tracer graphic on the left of the page, select Software Downloads, then select the appropriate download package for your needs. The previous version of Packet Tracer, version 5.2.1.8, will continue to be available for download.

Packet Tracer 5.3 supports activities authored in Packet Tracer 5.0, 5.1, and 5.2.x. All activities included in IT Essentials: PC Hardware and Software, CCNA Discovery, CCNA Exploration, and CCNA Security are also fully compatible with Packet Tracer 5.3. Please note that activities authored or saved with Packet Tracer 5.3 can only be used with the version 5.3 software.

For more information, please review the Packet Tracer 5.3 FAQs and the updated resources available on thePacket Tracer resource page on Academy Connection.

Link download packet tracer 5.3.2 Lastest version
Packet tracer 5.3.2

Windows version download -

Packet Tracer v5.3 Application + Tutorial -
This is the complete Packet Tracer program including tutorials as a single downloadable package for Windows 2000, XP and Vista.

(EXE – 73.9 MB)

Packet Tracer v5.3 Application only
This option is just the Packet Tracer program and the help files for Windows 2000, XP and Vista. It does not include the tutorial files. The tutorial files are not necessary to runPacket Tracer.

(EXE – 41.8 MB)

Source -

http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html
http://www.packettracernetwork.com/

For More Information -

http://www.ccna4u.org/2010/05/packet-tracer-version-53-software.html

http://www.ebook4all.org/packet-tracer-version-5-3-software-downloads/

http://en.wikipedia.org/wiki/Packet_Tracer

http://www.ccna4u.org/2012/02/packet-tracer-version-5-3-3-software-downloads-update-08-02-2012.html
http://www.packettracernetwork.com/

Damn Vulnerable Web App (DVWA)

2013-02-11T07:18:00.002-08:00

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.

New updated version is available with new features

The vulnerability help page has been improved.

We now display the logged on username along with the vulnerability level and php-ids status.

Blind SQL injection has been implemented.

We now have official documentation.

You can now compare all vulnerable source code in one page with the ‘view all’ button.

The whole theme has been redesigned, including a new great looking logo.

Many bug fixes and small changes throughout the application.

Damn Vulnerable Web App Web Site

Download -
DVWA is available either as a package that will run on your own web server or as a Live CD
DVWA v1.0.7 (latest) - (1.3MB) Download
DVWA v1.0.7 LiveCD - (480MB) Download

The documentation for DVWA can be downloaded by following this link.

DVWA is available either as a package that will run on your own web server or as a Live CD

For Installation of DVWA , We need to Install Web Server like XAMPP.
Procedure for installing XAMPP Web server is mentioned in my previous post
How to make your own Webserver- Host Webpages on your own computer

After Installation of XAMPP server.Copy DVWA Directory to xamp installation folder.

E.g. C:\xampp\htdocs or E:\ xampp\htdocs
& then start xampp services.
Then browse the dvwa site
by http:\\localhost\dvwa or http:\\127.0.0.1\dvwa

Default user id - admin
Password - password
& your DVWA application is ready for Testing

For More Information & vidoes on DVWA
http://www.dvwa.co.uk/
Tutorgig.info
www.perspectiverisk.com

Microsoft Baseline Security Analyzer (MBSA) 2.0

2013-02-11T07:16:00.003-08:00

Microsoft Baseline Security Analyzer (MBSA) 2.0

is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfiguration and missing security updates on your computer systems.

Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM).

Download MBSA

Source

Microsoft Technet MBSA

For More Info

Wikipedia

Nessus

2013-02-11T07:15:00.001-08:00

Introduction to Nessus

Nessus is a great tool designed to automate the testing and discovery of known security problems. Typically someone, a hacker group, a security company, or a researcher discovers a specific way to violate the security of a software product. The discovery may be accidental or through directed research; the vulnerability, in various levels of detail, is then released to the security community. Nessus is designed to help identify and solve these known problems, before a hacker takes advantage of them. Nessus is a great tool with lots of capabilities. However it is fairly complex and few articles exist to direct the new user through the intricacies of how to install and use it. Thus, this article shall endeavor to cover the basics of Nessus setup and configuration. The features of the current versions of Nessus (Nessus 2.0.8a and NessusWX 1.4.4) will be discussed. Future articles will cover Nessus in more depth.

Nessus is a public domain program released under the GPL. Historically, many in the corporate world have ridiculed such public domain software as being a waste of time, instead choosing "supported" products developed by established companies. Typically these packages cost hundreds or thousands of dollars, and are often purchased using the logic that you get what you pay for. Some people are starting to realize that public domain software, such as Nessus, isn't always inferior and sometimes it is actually superior. Paid technical support for Nessus is even available from www.tenablesecurity.com. Nessus also has a great community of developers anchored by the primary author, Renaud Deraison. When allowed to fairly compete in reviews against other vulnerability scanners, Nessus has equaled or out shined products costing thousands of dollars.

One of the very powerful features of Nessus is its client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers. The server portion will run on most any flavor of Unix. It even runs on MAC OS X and IBM/AIX, but Linux tends to make the installation simpler. These features provide a great deal of flexibility for the penetration tester. Clients are available for both Windows and Unix. The Nessus server performs the actual testing while the client provides configuration and reporting functionality.

Features of Nessus

Up-to-date security vulnerability database
The Nessus security checks database is updated on a daily basis and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
Remote AND local security.
Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated.
Nessus 2.1 is the only security scanner that has the ability to detect the remote flaws of the hosts on your network, but their local flaws and missing patches as well - whether they are running Windows, Mac OS X or a Unix-like system.
Scalable
Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network.
Plug-ins
Each security test is written as an external plugin, written in NASL. This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.
NASL
The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.
Smart service recognition
Nessus does not believe that the target hosts will respect the IANA assigned port numbers. This means that it will recognize a FTP server running on a non-standard port (ie: 31337), or a web server running on port 8080. Nessus is the first scanner on the market to have implemented this feature for all the security checks (and has been copied by many since then).
Multiples services
If a host runs the same service twice or more, Nessus will test all of them. Believe it or not, several scanners on the market still consider that a host can only run one server type at once.
Full SSL support
Nessus has the ability to test SSLized services such as https, smtps, imaps, and more. You can even supply Nessus with a certificate so that it can integrates into a PKI-fied environement. Nessus was one of the first security scanner on the market to provide this feature.
Non-destructive OR thorough
Nessus gives you the choice between performing a regular non-destructive security audit on a routinely basis, or to throw everything you can at a remote host to see how will it withstands attacks from intruders. Many scanners consider their users to be too inexperienced to make that kind of choice, and only offer them to perform "safe" checks.
The biggest user base
The most pessimistic computations, based on the number of downloads every day, give Nessus at least 50,000 users worldwide, but there might be even more - after all, Nessus is downloaded over 2,000 times every day
Our huge user base allows us to get the best feedback regarding security checks - and therefore to offer security checks which are reliable, non destructive and not prone to false positives.
Proven maturity
The first public release of Nessus was in 1998. The technology behind it has been extensively tested and proven over time, on huge networks.

Overview of the Nessus Assessment Process While running Nessus you are doing a vulnerability assessment (or audit). This assessment involves three distinct phases.

Scanning
In this phase, Nessus probes a range of addresses on a network to determine which hosts are alive. One type of probing sends ICMP echo requests to find active hosts, but does not discount hosts that do not respond - they might be behind a firewall. Port-scanning can determine which hosts are alive and what ports they have open. This creates a target set of hosts for use in the next step.

Enumeration

In this phase, Nessus probes network services on each host to obtain banners that contain software and OS version information. Depending on what is being enumerated, username and password brute-forcing can also take place here.

Vulnerability Detection

Nessus probes remote services according a list of known vulnerabilities such as input validation, buffer-overflows, improper configuration, and many more.

Nessus Server Installation

One feature of Nessus is its client server technology. Servers can be placed at various points in a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers. The server portion will run on most any flavor of Unix. The Nessus server performs the actual testing while the client provides configuration and reporting functionality.

Nessus offers a easy automated installation:

lynx -source http://install.nessus.org | sh

The above command should also be used periodically to upgrade Nessus as new versions are regularly released. You will be questioned about proxy servers, a download method (www or CVS), and the branch of the development tree to use; most of the time the defaults are the best choice. This is the simplest method of installation however; you are effectively giving the install.nessus.org server temporary root privileges.

For informaiton on how to install Nessus from scratch visit:
http://www.nessus.org/nessus_2_0.html

Configuring Nessus

Once the server is installed, some basic configuration is required. First, if the server isn't started type nessusd -D Then, you need to add a user. A new user can be added by the nessus-adduser command. The script will question you for the authentication method. Authentication can be performed by several means, however a password is the simplest. The next question queries about rules to restrict the user account. When used across an enterprise, a user can be restricted and only allowed to scan specified IP addresses. However, for most uses this will be left blank, allowing the user to scan anything. A certificate also needs to be generated as well to be used to encrypt the traffic between the client and server. The nessus-mkcert command accomplishes this.

Updatting Nessus Plug-Ins

Plug-in updates should be done frequently. New vulnerabilities are being discovered and disseminated all the time. Typically after a new vulnerability is released to the public, someone in the Nessus community writes a NASL plug-in, releases it to the public and submits it to www.nessus.org. It is then reviewed by the developers and added to the approved plug-in list. For high risk, high profile vulnerabilities a plug-in is often released the same day the vulnerability information is publicly released. Updating plug-ins from the maintained list is fairly simple involving a simple command:nessus-update-plugins. This command must be done as root.

Using the Nessus Client

There are three primary Nessus clients. This tutorial will cover using the native Unix GUI version, which is installed at server install time. In the native client, enter the server IP, username and password (created with the nessus-addusercommand) and hit login.

If you have trouble logging in the try the following steps:

Ensure the server daemon is running. Type: ps -A | grep "nessusd"
If "nessusd" does not exist, start the nessus daemon with the command: nessusd -D (assuming that "nessusd" is in your PATH and you have enough priviliges to start "nessusd".)
If "nessusd" does exist, verify the port number in use. The comand netstat -na may be usefull in this. The traditional port is 3001. The IANA assigned port is 1241.
Make sure that versions of the client and the server are in sync. Running a v1.0.x client against a v1.1.x server will not work

Starting a Nessus Scan After you connect the Nessus client to the server then you should take a look at the different plugins available in the Plugins tab. Use the Filter button to search for specific plugin scripts. For example, it is possible to search for vulnerability checks that have a certain word in their description or by the CVE name of a specific vulnerability. It is up to the author of each specific vulnerability check to make sure he provides all appropriate information and places his script under the proper category. As you will note by looking at the descriptions of some of the vulnerability checks, some authors do not do a good job of filling in this information, so be careful. There are also buttons to "Enable all plug-ins" or just "Enable all but dangerous plug-ins". Note that the author of the plug-in decides if it is dangerous or not. Most of the time, this has been very well chosen. However there are instances where the plug-in causes a DOS but it is not listed as dangerous. The native client denotes dangerous plug-ins with a caution triangle.

When starting a new scan session there are several optional areas to become familiar with (depending on your needs.) The wise decision is to go with the default options and test on non-production devices.
Generating Reports When Nessus finishes its scan, it will present you with a report. You can save it in a variety of formats: HTML (with or without graphics), XML, LaTeX, ASCII, and NBE (Nessus BackEnd). The items with a light bulb next to them are mere notes or tips that provide information about a service or suggest best practices to help you better secure your hosts. The items with an exclamation next to them are findings that suggest a security warning when a mild flaw is detected. Items that have the no-entry symbol next to them suggest a severe security hole. In case you are wondering, the authors of the individual scripts used by the Nessus plugins decide how to categorize the findings.
Conclusion To see how a particular vulnerability scan works, take a look at its corresponding .nasl script file located in /usr/local/lib/nessus/plugins. This can assist you in determining whether or not a finding is actualy a false positive. As mentioned previously, you should always test new scanning preferences on a non-production devices. The author of this tutorial has crashed several production servers by not following this advice (even with safe checks enabled, and no dangerous plugins enabled).

Nessus user guide

Installation and Configuration Guide

Product Documentation

For More Information

Symantec article on Introduction Nessus
pauldotcom.com/Nessus.pdf
www.owasp.org

Source:

Security Focus

Packetsource nessus article

NMAP

2013-02-11T07:13:00.002-08:00

Nmap ("Network Mapper")
is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Nmap is ...
Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.

Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.

Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

Basic commands working in Nmap

For target specifications: nmap <targets' URL's or IP's with spaces between them (can also use CIDR notation)> e.g. : scanme.nmap.org, gnu.org/24, 192.168.0.1; 10.0.0-255.1-254 (The command is nmap scanme.nmap.org and similar)

For OS detection: nmap -O <target-host's URL or IP>

For Version detection: nmap -sV <target-host's URL or IP>

For configuring response timings (-T0 to -T5 :increasing in aggressiveness): nmap -T0 -sV -O <target-host's URL or IP>

Download Nmap

Source
Nmap.org

Wikto - Nikto for Windows Download

2013-02-11T07:11:00.003-08:00

Wikto - Nikto for Windows with some extra features.

Author

Roelof Temmingh

Gareth Phillips < gareth(at)sensepost(dot)com >

Ian de Villiers < ian(at)sensepost(dot)com >

License, version & release date

License : GPLv3

Version : 2.1.0.0

Release Date : 2008/12/15

Description

Wikto is Nikto for Windows - but with a couple of fancy extra features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework.

Wikto to quickly and easily perform web server assessments.

Before we start we need to know what Wikto does and what it does not do. Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site.So – Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. Oh – and Wikto is not just Nikto for Windows. The Nikto scan is only of its many functions (and it does the Nikto scans totally different than Nikto does).

Requirements

WinHTTrack (www.httrack.com)

HTTprint (www.net-square.com)

.Net Framework

Additional Resources

http://www.sensepost.com/cms/resources/labs/tools/pentest/wikto/using_wikto.pdf

More information with Installation

http://searchsecurity.techtarget.com/tip/Screencast-How-to-use-Wikto-for-Web-server-assessment

Websecurify

2013-02-11T07:09:00.001-08:00

Websecurify Security Testing Runtime

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Some of the main features of Websecurify include:

Available for all major operating systems (Windows, Mac OS, and Linux) including mobile devices (iPhone, Android)

Simple to use user interface

Built-in internationalization support

Easily extensible with the help of add-ons and plug-ins

Modular and reusable design based on the Weaponry Framework

Powerful manual testing tools and helper facilities

Powerful analytical and scanning technology

Most handy part is that it can be used as a firefox or chrome plugin. Thus can be run within your browser.

I use it sometimes for fast checking without having to change my screen to another program

The built-in vulnerability scanner and analyzation engine is capable of automatically detecting many types of web application vulnerabilities as you proceed with the penetration test.

The list of automatically detected vulnerabilities include:

· SQL Injection

· Local and Remote File Include

· Cross-site Scripting

· Cross-site Request Forgery

· Information Disclosure Problems

· Session Security Problems

The latest release includes the following key improvements

· Users interface improvements

· Faster, more stable testing platform

· Improved extension development API

· Less false-positives

· Significant testing performance gains

· Improved fuzzing strategies

· User interface features for ignoring unwanted web resources.

Visit Websecurify Website -

http://www.websecurify.com/

More Details about features

http://www.websecurify.com/features

Automated testing with Websecurify -

http://code.google.com/p/websecurify/wiki/AutomatedTesting

Download -

http://code.google.com/p/websecurify/

More Info -

http://code.google.com/p/websecurify/w/list

http://www.ehacking.net/2011/03/websecurify-website-security-testing.html