Astalavista's Security Toolbox DVD v4.0
This DVD is the swiss army knife for people with interests in IT secutity and Hacking. And alot of other stuff too, you wont believe the range!
Astalavista's Security Toolbox DVD v4.0 is considered to be the largest and most comprehensive Information Security archive.
Contained are 5944 tools in 352 categories all displayed and accessable within a user friendly interface that is descriptive and educational. You also have a choice of 10 languages:- English
Deutsch
Espanol
Italiano
Francais
Nederlands
Esperanto
Portugues
Africaans
Svenska
A resource for all of your security and hacking interests, in an interactive way!
The Information found on the Security Toolbox DVD has been carefully selected,
so that you will only browse through quality information and tools.
When looking at the hot security topics of the day, penetration testing AKA ethical hacking has got to be near the top of everyone's list. With the onslaught of compliance regulations, this self-testing process is virtually required by law. As with any technical process (even one as sexy as legal hacking for a living), there is bound to be standards, training and, of course, certifications to go along with it. This one is no different. As we all know, a certification is not the end all - be all in the IT world. And as most know, I am fond of saying that a certification is a baseline of knowledge and by no
This "SOFTWARE" is also available for download using torrents.
To download torrent : "Download this torrent"
Code:
http://rapidshare.com/files/55420011/ds-astd4.nfo
http://rapidshare.com/files/55422724/ds-astd4.r00
http://rapidshare.com/files/55423678/ds-astd4.r01
http://rapidshare.com/files/55422735/ds-astd4.r02
http://rapidshare.com/files/55422819/ds-astd4.r03
http://rapidshare.com/files/55426905/ds-astd4.r04
http://rapidshare.com/files/55426314/ds-astd4.r05
http://rapidshare.com/files/55426164/ds-astd4.r06
http://rapidshare.com/files/55426318/ds-astd4.r07
http://rapidshare.com/files/55426154/ds-astd4.r08
http://rapidshare.com/files/55564386/ds-astd4.r09
http://rapidshare.com/files/55564310/ds-astd4.r10
http://rapidshare.com/files/55564427/ds-astd4.r11
http://rapidshare.com/files/55564374/ds-astd4.r12
http://rapidshare.com/files/55564394/ds-astd4.r13
http://rapidshare.com/files/55574112/ds-astd4.r14
http://rapidshare.com/files/55573989/ds-astd4.r15
http://rapidshare.com/files/55573875/ds-astd4.r16
http://rapidshare.com/files/55574095/ds-astd4.r17
http://rapidshare.com/files/55574050/ds-astd4.r18
http://rapidshare.com/files/55577788/ds-astd4.r19
http://rapidshare.com/files/55577651/ds-astd4.r20
http://rapidshare.com/files/55577566/ds-astd4.r21
http://rapidshare.com/files/55577506/ds-astd4.r22
http://rapidshare.com/files/55577516/ds-astd4.r23
http://rapidshare.com/files/55583801/ds-astd4.r24
http://rapidshare.com/files/55583778/ds-astd4.r25
http://rapidshare.com/files/55583827/ds-astd4.r26
http://rapidshare.com/files/55583867/ds-astd4.r27
http://rapidshare.com/files/55583719/ds-astd4.r28
http://rapidshare.com/files/55586908/ds-astd4.r29
http://rapidshare.com/files/55587024/ds-astd4.r30
http://rapidshare.com/files/55586958/ds-astd4.r31
http://rapidshare.com/files/55587003/ds-astd4.r32
http://rapidshare.com/files/55587056/ds-astd4.r33
http://rapidshare.com/files/55586978/ds-astd4.r34
http://rapidshare.com/files/55589900/ds-astd4.r35
http://rapidshare.com/files/55589909/ds-astd4.r36
http://rapidshare.com/files/55589830/ds-astd4.r37
http://rapidshare.com/files/55589882/ds-astd4.r38
http://rapidshare.com/files/55587751/ds-astd4.r39
http://rapidshare.com/files/55589846/ds-astd4.rar
Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
PROTOCOL SUPPORT
It currently supports the following services:
* FTP
* HTTP (Basic)
* HTTP (Form)
* IMAP
* MSSQL
* MySQL
* POP3
* SMB-NT
* SMTP
* SNMP
* SSH2
* Telnet
The major change is both tools now support 64-bit targets! Good news for us.
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.
fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily.
I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.
fgdump now has:
* Better 32/64 bit detection. This is not as easy as it sounds, at least not remotely! If someone has a sure-fire way for 100% reliably detecting the target OS, please let me know. In the mean time, if fgdump is unsure, it will report it and default to 32-bit.
* The -O [32|64] flag will manually override the target OS architecture. So, for example if fgdump is reporting a host as 32-bit and you KNOW it is 64-bit, you can use -O 64 (or vice-versa, of course). Note that this flag will apply to ALL hosts you are dumping! You might want to single out any hosts you need to override.
Read more here and here.
[Source: Darknet ]
Read more on this article...
This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.
TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.
TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.
tsgrinder-2.03.zip
Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:
roboclient.zip
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
* Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
* New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
* New -a switch for whosthere/iam: specify addresses to use.
* New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
* genhash now outputs hashes using the LM HASH:NT HASH format
Read more on this article...
We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.
This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.
The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.
Example : Password cracker output for “Administrator” account
* LM password is ADMINISTRAT0R.
* NT password is ?????????????.
We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.
This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.
Note :
* Password length : 13 characters.
* Details : 1 number + 12 case-sensitives letters.
* Possibilities : 2^12 = 4096 choices.
In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.
Read more on this article...
Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan
Nemesis can natively craft and inject packets for:
* ARP
* DNS
* ETHERNET
* ICMP
* IGMP
* IP
* OSPF
* RIP
* TCP
* UDP
Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.
Unix-like systems require: libnet-1.0.2a, and a C compiler (GCC)
Windows systems require: libnetNT-1.0.2g and either WinPcap-2.3 or WinPcap-3.0
[Read More]
[Source: Darknet ] Read more on this article...
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better get a copy of hping.
This method is invoked when you add nmap the -sS parameter… so let’s start…
3 Way Handshake
If you didn’t know a tcp connection is based on a method called the three way handshake, that goes like this:
[host] syn flagged packet ———> [destination] receives packet
[destination] syn-ack flagged packet ———> [host] receives packet
[host] ack flagged packet ———> [destination] receives packet [connection established]
This is the methodology of a TCP connection, just upon a successful execution of this section a real connection is done… You probably can see a weak point in this method, can’t you. For every sent packet the host (and destination) waits a period of time for the next packet. If you can send really fast spoofed syn packets you can DoS a target in no time, this is the oldest DoSing method ever known to man (and women) =)
SYNner
Firstly let’s see what happens if we hit a closed port, try out the following command (and result after it):
____________________________________________________________________________
C:\\>hping -p 81 -S lx.ro
HPING (XPSP2) lx.ro (SiS 900 PCI Fast Ethernet Adapter -
Packet Scheduler Miniport 81.181.218.80): S set, 40 headers + 0
data bytes
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=0
win=0 rtt=70.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=1
win=0 rtt=20.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=2
win=0 rtt=30.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=3
win=0 rtt=40.0 ms
_____________________________________________________________________________
As you can see on an unsuccessful port scan we get a Reset-Acknowledge , which tels us, as already mentioned, that we hit a closed port…
Now for the moment we all were waiting for:
____________________________________________________________________________
C:\\>hping -p 80 -S lx.ro
HPING (XPSP2) lx.ro (SiS 900 PCI Fast Ethernet Adapter -
Packet Scheduler Miniport 81.181.218.80): S set, 40 headers + 0
data bytes
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=30.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=0.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=1
win=5840 rtt=50.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=0.0 ms
____________________________________________________________________________
As you can see we hit an open port… If you weren’t attentive till now a syn-ack flag means an open port, half-way connected…
Epilogue
Nowadays this method isn’t as stealthy as it was years ago, because now firewalls most often drop unwanted packets or sees them as pre-DoS syn packets…
More about TCP :: www.rhyshaden.com
[Source: Darknet ]
Read more on this article...
FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:
* FakeNetbiosDGM (NetBIOS Datagram)
* FakeNetbiosNS (NetBIOS Name Service)
Each tool can be used as a standalone tool or as a honeyd responder or subsystem.
FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate Windows hosts bradcasts. It sends periodically NetBIOS announces over the network to simulate Windows computers. It fools the Computer Browser services running over the LAN and so on.
FakeNetbiosNS is a NetBIOS Name Service daemon, listening on port UDP 137. It responds to NetBIOS Name requests like real Windows computers: for example ‘ping -a’, ‘nbtstat -A’ and ‘nbtstat -a’, etc.
[Source: Darknet ]
Read more on this article...
Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better get a copy of hping.
This method is invoked when you add nmap the -sS parameter… so let’s start…
3 Way Handshake
If you didn’t know a tcp connection is based on a method called the three way handshake, that goes like this:
[host] syn flagged packet ———> [destination] receives packet
[destination] syn-ack flagged packet ———> [host] receives packet
[host] ack flagged packet ———> [destination] receives packet [connection established]
This is the methodology of a TCP connection, just upon a successful execution of this section a real connection is done… You probably can see a weak point in this method, can’t you. For every sent packet the host (and destination) waits a period of time for the next packet. If you can send really fast spoofed syn packets you can DoS a target in no time, this is the oldest DoSing method ever known to man (and women) =)
SYNner
Firstly let’s see what happens if we hit a closed port, try out the following command (and result after it):C:\\>hping -p 81 -S lx.ro
As you can see on an unsuccessful port scan we get a Reset-Acknowledge , which tels us, as already mentioned, that we hit a closed port…
HPING (XPSP2) lx.ro (SiS 900 PCI Fast Ethernet Adapter -
Packet Scheduler Miniport 81.181.218.80): S set, 40 headers + 0
data bytes
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=0
win=0 rtt=70.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=1
win=0 rtt=20.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=2
win=0 rtt=30.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=81 flags=RA seq=3
win=0 rtt=40.0 ms
Now for the moment we all were waiting for:C:\\>hping -p 80 -S lx.ro
HPING (XPSP2) lx.ro (SiS 900 PCI Fast Ethernet Adapter -
Packet Scheduler Miniport 81.181.218.80): S set, 40 headers + 0
data bytes
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=30.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=0.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=1
win=5840 rtt=50.0 ms
len=46 ip=81.181.218.80 ttl=54 DF id=0 sport=80 flags=SA seq=0
win=5840 rtt=0.0 ms
As you can see we hit an open port… If you weren’t attentive till now a syn-ack flag means an open port, half-way connected…
Epilogue
Nowadays this method isn’t as stealthy as it was years ago, because now firewalls most often drop unwanted packets or sees them as pre-DoS syn packets…
Read More: www.rhyshaden.com
[Source: Darknet ]
Read more on this article...
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.
fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily. I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.
Read more on this article...
Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution.
This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server 2000 and 2005 versions. It seems pretty serious though as it also appears that this vulnerability if exploited properly could lead to remote code execution.
Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
Again I wonder how far behind the curve Microsoft is with this? Usually these kind of bugs have been discovered by the more malicious parties way before Microsoft has any idea that their software is vulnerable.
It claims that the code hasn’t been used in online attacks, but honestly if it was used well by a smart party who would even know? SQL injection could lead to this attack being executed and the code is published online so I find it unlikely that it hasn’t been used.
The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.
This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”
The bug was discovered by someone in April this year, so that’s at least 7 months someone has known about it..but only know when the vendor discloses it then Microsoft chooses to say something about it.
It is a fairly low risk vulnerability due to the requirements needed to execute it effectively, but still it’s another chink in the Microsoft armour to add to the (long long) list.
Read more on this article...
