Follow me on Twitter! - http://twitter.com/kameronkenny

Here are some links to a few good wordlists for dictionary attacks.  While I have never been hugely successfull using brute-force attemtps, sometimes it’s good to try.  You never know what you’ll find.

Adult Wordlist 1kb(r)(u)
http://www.0daymedia.net/p/files/id/267

Large English Wordlist 154kb (r) 520kb
http://www.0daymedia.net/p/files/id/269

Misc Wordlist 167kb (r) 467kb (u)
http://www.0daymedia.net/p/files/id/270

1337 Mini Wordlist 4mb (r) 23mb (u)
http://www.0daymedia.net/p/files/id/268

1337 Full Wordlist 16mb (r) 78mb (u)
http://www.0daymedia.net/p/files/id/271

245 mb wordlist 22mb (r) 245mb (u)
http://www.0daymedia.net/p/files/id/273

2 gig wordlist 80mb (r) 2gb (u)
http://www.theargon.com/achilles/wordli … stver2.zip

Milw0rm Cracked Passes list:
http://milw0rm.com/mil-dic.php

Huge archive of wordlists
http://www.theargon.com/achilles/wordlists/

Common Passwords and Accounts
http://packetstormsecurity.nl/Crackers/wordlists/

Phreak Wordlists
http://www.phreak.org/html/wordlists.shtml

I found a VERY cool tool today for automating tasks in windows. You can manipulate just about anything you can with your mouse and keyboard in script with AutoIt. With AutoIt, you can convert your scripts to .exe files for those who don’t already have AutoIt installed and have no plans of installing it in the future.

Download it Here

Security-Freak.net is an attempt to lower the entry barrier for starting computer security research. The author has noticed that during his interactions with security enthusiasts in general and students in particular, he noticed that many lose interest because of the lack of organized learning resources in this area. Click to continue »

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework. Click to continue »

WEP is a protocol for securing wireless LANs. WEP stands for “Wired Equivalent Privacy” which means it should provide the level of protection a wired LAN has. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit. Click to continue »

aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact, aircrack is a set of tools for auditing wireless networks. Click to continue »

HttpBee is a swiss-army-knife tool for web application hacking. It is multi-threaded, embedded with scriptable engine and has both command-line and daemon mode (if executed in daemon mode, HttpBee can become an agent of a distributed framework).

This is a tool for more advanced users and there isn’t much documentation so if anyone feels like writing a more comprehensive guide or tutorial, please do so!

Installing

You will need lua 5.1.x. Grab it at http://www.lua.org/ftp/

You will also need pcre library.

There’s no ./configure script in HttpBee at the moment, so you will need to change Makefile directly before you build it. Look into CXXFLAGS and CFLAGS section. -DOS_X (or -DLINUX, or -DWINDOWS is basically a setting for your platform, plus, ajust the pathes).

Using

The folder ‘modules’ contains lua plugins that HttpBee uses to perform its assessment tasks. You can run HttpBee as ./httpbee -s path/to/modules/script.lua -t 255 -h localhost (specifying different number of parallel threads impacts performance)

Scripting

The way HttpBee’s scripting engine is implemented is relevant to HttpBee architecture itself. HttpBee maintains a pool of threads that it uses for parallel task execution. Therefore execution of HttpBee scripts is not linear. Instead, there are certain functions which are executed at certain steps of scanning process. The global scripting part is executed when the script is initially “scanned”, so HttpBee can pick up tags, description and other data from your script. init function will be executed only when your script is picked up and scheduled for execution (based on tags selection for example).

You can download HttpBee here: httpbee-1.0rc1.tgz

or, read more here: http://o0o.nu/httpbee/ 

TCPDUMP
Descriptions
http://www.tcpdump.org

Tcpdump prints out the headers of packets on a network interface that match the boolean expression.
tcpdump [ -aBdDeflnNOpqRStvxX ] [ -c count ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]

Selected Options
-F
Use file as input for the filter expression. An additional expression given on the command line is
ignored.

-I
Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest
number.

-p Don’t put the interface into promiscuous mode.

-r Read packets from file (which was created with the -w option). Standard input is used if file is “-”.

-w
Write the raw packets to file rather than parsing and printing them out. They can later be printed
with the -r option. Standard output is used if file is “-”.

Expression (BPF Packet Filtering)
expression selects which packets will be dumped. If no expression is given, all packets on the net will be
dumped. Otherwise, only packets for which expression is `true’ will be dumped.

type: (1) host, (2) net, (3) port
direction: (1) src, (2) dst, (3) src or dst, (4) src and dst
protocol: (1) ether, (2) ip, (3) tcp, (4) udp, (5) arp, (6) rarp
logical operator: (1) and, (2) or, (3) not
dst host host destination field of the packet is host.
src host host source field of the packet is host.
host host either source or destination of the packet is host.
ether dst ehost ethernet destination address is ehost.
ether src ehost ethernet source address is ehost.
ether host ehost either the ethernet source or destination address is ehost.
gateway host the packet used host as a gateway.
dst net net destination address of the packet has a network number of net. Net may be either a name from /etc/networks or a network number.
src net net source address of the packet has a network number of net.
net net either the source or destination address of the packet has a network number of net.
net net mask mask the IP address matches net with the specific netmask. May be qualified with src or dst..
net net/len the address matches net a netmask len bits wide. May be qualified with src or dst.
dst port port the packet is ip/tcp, ip/udp and has a destination port value of port.
src port port the packet has a source port value of port.
port port either the source or destination port of the packet is port.
tcp src port port matches only tcp packets whose source port is port.
less length if the packet has a length less than or equal to length. This is equivalent to: len <= length.
greater length if the packet has a length greater than or equal to length. This is equivalent to: len >= length.
ip proto protocol True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol can be a number or one of the names icmp, icmp6, igmp, igrp, pim , ah, esp, udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does not chase protocol header chain.
ether broadcast the packet is an ethernet broadcast packet.
ip broadcast the packet is an IP broadcast packet.
ether multicast the packet is an ethernet multicast packet.
ip multicast the packet is an IP multicast packet.
ether proto protocol if the packet is of ether type protocol. Protocol can be a number or one of the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, or iso. Note these identifiers are also keywords and must be escaped via backslash (\).
expr relop expr expr is an arithmetic expression composed of integer constants (expressed in standard C syntax), the normal binary operators [+, -, *, /, &, |], a length operator, and special packet data accessors.

relop is one of >, <, >=, <=, =, !=.

proto [ expr : size ] Proto is one of ether, fddi, tr, ip, arp, rarp, tcp, udp, icmp or ip6 .
For example, `ether[0] & 1 != 0′ catches all multicast traffic.

Primitives may be combined using: A parenthesized group of primitives and operators (parentheses are
special to the Shell and must be escaped).

Negation (`!’ or `not’).
Concatenation (`&&’ or `and’).
Alternation (`||’ or `or’).

Example: To print traffic between helios and either hot or ace:
tcpdump host helios and \( hot or ace \)

To print traffic among local net 192.168.1.0
tcpdump net 192.168.1.0 mask 255.255.255.0

Stuff you need to know…

- This peice of work is copyright 2007 Kameron Kenny

- This tutorial may not be used for anything illegal.
- I cannot and will not be held responsible for what you may use the information in this tutorial for..
- The contents are intended for network security personnel for the informational purposes of auditing their own networks or the contracted networks of others.

If you agree to the above then go ahead and Click to continue »