hacking progs
- Thread starter Gooberlx2
- Start date
ethereal and tcpdump/windump are a couple of the best free sniffers out there. What kind of passwords do you want to crack? And do you have permission to do this?
.you use vnc? how do you like it....i am intrested in knowing how the password crack check on that one will wurk out.
I've written my own programs to do this very thing. I have 3 that I use that do the following:
- Ping sweep for hosts on the local network to which you're attached
- Enumerate accounts/shares/locate sid 500 for admin account (for NT hosts) of NetBIOS supported hosts
- If desired, perform a dictionary attack of the shares
I enumerate the hosts by way of the ipc$ share. I also have an application that I've written which exploits html forms-based authentication; it does the following:
- Attempts a wide number of sql injection techniques to login
- If the above fails, it will perform a dictionary attack by sending http get/post requests using the username/password fields extrapolated from the html login form.
I extended it to work w/ HTTP basic authentication but ran into problems. Finally, I have another that works with standard windows applications using login mechanisms that indicate to the user whether login succeeded/failed. It does the following:
- Performs a dictionary attack against the login form by doing a SendMessage() to each respective textbox for the username and password. It'll press the command-button and look for either a label indicating failure, or a window indicating failure. If either is present, it assumes failure and tries again. This isn't a very general app as I often have to change/recompile depending on the target application.
I have all of the above in source form if you're interesting in seeing them. I will not distribute them in binary form. I call them wnetbrute, webrute, and winbrute, respectively. They're written in either C, C#, or Java; some all 3. They're just brute forcing apps, there's no intelligence to them. I have other tools for that...
n0cMonkey's suggestion was about the best; ethereal is probably the best (free) sniffer I've used, and it supports the same filtering syntax as tcpdump. Also, if you're wanting to do vulnerability scans, look at nessus. Next, look at nmap. You could write a simple script which launched nmap to do a ping sweep and os ident, write that to an xml file, and translate that xml file into a format that you could feed into nessus. The result is an entirely automated scan of only valid hosts...
I hope the above information wasn't entirely useless.
- Ping sweep for hosts on the local network to which you're attached
- Enumerate accounts/shares/locate sid 500 for admin account (for NT hosts) of NetBIOS supported hosts
- If desired, perform a dictionary attack of the shares
I enumerate the hosts by way of the ipc$ share. I also have an application that I've written which exploits html forms-based authentication; it does the following:
- Attempts a wide number of sql injection techniques to login
- If the above fails, it will perform a dictionary attack by sending http get/post requests using the username/password fields extrapolated from the html login form.
I extended it to work w/ HTTP basic authentication but ran into problems. Finally, I have another that works with standard windows applications using login mechanisms that indicate to the user whether login succeeded/failed. It does the following:
- Performs a dictionary attack against the login form by doing a SendMessage() to each respective textbox for the username and password. It'll press the command-button and look for either a label indicating failure, or a window indicating failure. If either is present, it assumes failure and tries again. This isn't a very general app as I often have to change/recompile depending on the target application.
I have all of the above in source form if you're interesting in seeing them. I will not distribute them in binary form. I call them wnetbrute, webrute, and winbrute, respectively. They're written in either C, C#, or Java; some all 3. They're just brute forcing apps, there's no intelligence to them. I have other tools for that...
n0cMonkey's suggestion was about the best; ethereal is probably the best (free) sniffer I've used, and it supports the same filtering syntax as tcpdump. Also, if you're wanting to do vulnerability scans, look at nessus. Next, look at nmap. You could write a simple script which launched nmap to do a ping sweep and os ident, write that to an xml file, and translate that xml file into a format that you could feed into nessus. The result is an entirely automated scan of only valid hosts...
I hope the above information wasn't entirely useless.
Those that responded to the icmp echo requests and can be deterministically scanned.
I understand that's not fool-proof, but those who are targeting specific hosts won't be ping sweeping anyway. I also use this same idea to attach myself to a network when a dhcp server is not available. I can simply ngrep for a host, discern it's netmask, ping sweep that segment, and assign myself an ip for the first one that doesn't respond. Again, not fool-proof, but it works.
I can email them to you if you like. I wrote them all in C# w/ the exception of two lesser versions in C and Java. The Java version is just a JNI layer over the exported functions from the library written in C.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter