Wednesday, April 30, 2014

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features
The following features are new (or have been significantly updated) since version 1.11.1:
  • Qt port:
    • The About dialog has been added
    • The Capture Interfaces dialog has been added.
    • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
    • The Export PDU dialog has been added.
    • Several SCTP dialogs have been added.
    • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
    • The I/O Graph dialog has been added.
    • French translation has updated.
The following features are new (or have been significantly updated) since version 1.11.1:
  • Mac OS X packaging has been improved.
The following features are new (or have been significantly updated) since version 1.11.0:
  • Dissector output may be encoded as UTF-8. This includes TShark output.
  • Qt port:
    • The Follow Stream dialog now supports packet and TCP stream selection.
    • A Flow Graph (sequence diagram) dialog has been added.
    • The main window now respects geometry preferences.
The following features are new (or have been significantly updated) since version 1.10:
  • Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The “Number” column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • “malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

RAWR - Rapid Assessment of Web Resources


Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in usable formats. RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!

Features
  • A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
  • An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
  • a CSV Treat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
  • Default password suggestions using a list compiled from several online sources.
  • Supports the use of a proxy (Burp, Zap, W3aF)
  • Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
  • Customizable crawl of links within the host’s domain.
  • PNG Diagram of all pages found during crawl
  • List of links crawled in tiered format.
  • List of documents seen for each site.
  • Automation-Friendly output (JSON strings)
Requirements
  • nmap – at least 6.00 – required for SSL strength assessment
  • graphviz – site diagram from crawl (optional)
  • python-lxml – parsing xml & html
  • python-pygraphviz – site layout from crawl (optional)
  • phantomJS – tested with 1.9.1, can be downloaded/installed in local folder during –check-install

Tuesday, April 29, 2014

BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers


BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs.

Changelog v2014.04.21

  • added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools, irssi, makepasswd, mercurial, mplayer, rtorrent, scrot, strace, tor-browser-en
  • added .Xresources with entries for xterm
  • added wicd to system start (systemctl)
  • added wicd and wicd-gtk networkmanager
  • removed ‘xset r rate 150 100′ entry for X
  • updated menu entries
  • added more than 150 new tools
  • replaced zathura pdf reader with mupdf
Main Features
  • Support for i686, x86_64, armv6h and armv7h architectures
  • Over 750 tools (constantly increasing)
  • Modular package groups
  • A live ISO with multiple window managers, including dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm.
  • An installer with the ability to build from source.

BluetoothLogView - Creates a log of Bluetooth devices activity around you


BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following information: Device Name, Device Address, Event Time, Event Type ('Device Arrival' or 'Device Left'), Device Type, and the company that created the device. BluetoothLogView also allows you to specify a description for every device (according to its MAC address) that will appear under the 'Description' column.


OWASP ZAP v2.3.0 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications



OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.0, highlights

  • A ZAP ‘lite’ version in addition to the existing ‘full’ version
  • View, intercept, manipulate, resend and fuzz client-side (browser) events
  • Enhanced authentication support
  • Support for non standard apps
  • Input Vector scripts
  • Scan policy – fine grained control
  • Advanced Scan dialog
  • Extended command line options
  • More API support
  • Internationalized help file
  • Keyboard shortcuts
  • New UI options
  • More functionality moved to add-ons
  • New and improved active and passive scanning rules

oclHashcat v1.20 - Worlds fastest password cracker


oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.


GPU Driver requirements:
  • NV users require ForceWare 331.67 or later
  • AMD users require Catalyst 14.4 or later

Changelog v1.20

  • Added algorithms
  • AMD Catalyst v14.x (Mantle) driver
  • Improved distributed cracking support
  • Added outfiles directory
  • Rewrote restore system from scratch
  • Rewrote multihash structure
  • Added debugging support for rules
  • Added support for $HEX[]
  • Added tweaks for AMD OverDrive 6 and better fan speed control
  • Adding new password candidates on-the-fly
  • Rewrote weak-hash check
  • Reload previously-cracked hashes from potfile
Full Changelog: here
Features
  • Worlds fastest password cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 100 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses dictionary based attacks
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 100+ Algorithms implemented with performance in mind

Attack-Modes
  • Straight (accept Rules)
  • Combination
  • Brute-force
  • Hybrid dict + mask
  • Hybrid mask + dict

Algorithms
  • MD4
  • MD5
  • SHA1
  • SHA-256
  • SHA-512
  • SHA-3 (Keccak)
  • RipeMD160
  • Whirlpool
  • GOST R 34.11-94
  • HMAC-MD5 (key = $pass)
  • HMAC-MD5 (key = $salt)
  • HMAC-SHA1 (key = $pass)
  • HMAC-SHA1 (key = $salt)
  • HMAC-SHA256 (key = $pass)
  • HMAC-SHA256 (key = $salt)
  • HMAC-SHA512 (key = $pass)
  • HMAC-SHA512 (key = $salt)
  • LM
  • NTLM
  • DCC
  • DCC2
  • NetNTLMv1
  • NetNTLMv1 + ESS
  • NetNTLMv2
  • Kerberos 5 AS-REQ Pre-Auth etype 23
  • AIX {smd5}
  • AIX {ssha1}
  • AIX {ssha256}
  • AIX {ssha512}
  • FreeBSD MD5
  • OpenBSD Blowfish
  • descrypt
  • md5crypt
  • bcrypt
  • sha256crypt
  • sha512crypt
  • DES(Unix)
  • MD5(Unix)
  • SHA256(Unix)
  • SHA512(Unix)
  • OSX v10.4
  • OSX v10.5
  • OSX v10.6
  • OSX v10.7
  • OSX v10.8
  • OSX v10.9
  • Cisco-ASA
  • Cisco-IOS
  • Cisco-PIX
  • GRUB 2
  • Juniper Netscreen/SSG (ScreenOS)
  • RACF
  • Samsung Android Password/PIN
  • MSSQL
  • MySQL
  • Oracle
  • Postgres
  • Sybase
  • DNSSEC (NSEC3)
  • IKE-PSK
  • IPMI2 RAKP
  • iSCSI CHAP
  • WPA
  • WPA2
  • 1Password, cloudkeychain
  • 1Password, agilekeychain
  • Lastpass
  • Password Safe SHA-256
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
  • SAP CODVN B (BCODE)
  • SAP CODVN F/G (PASSCODE)
  • Citrix Netscaler
  • Netscape LDAP SHA/SSHA
  • Apache MD5-APR
  • hMailServer
  • EPiServer
  • Drupal
  • IPB
  • Joomla
  • MyBB
  • osCommerce
  • Redmine
  • SMF
  • vBulletin
  • Woltlab Burning Board
  • xt:Commerce
  • WordPress
  • phpBB3
  • Half MD5 (left, mid, right)
  • Double MD5
  • Double SHA1
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(unicode($pass).$salt)
  • md5($salt.unicode($pass))
  • md5(sha1($pass))
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(unicode($pass).$salt)
  • sha1($salt.unicode($pass))
  • sha1(md5($pass))
  • sha256($pass.$salt)
  • sha256($salt.$pass)
  • sha256(unicode($pass).$salt)
  • sha256($salt.unicode($pass))
  • sha512($pass.$salt)
  • sha512($salt.$pass)
  • sha512(unicode($pass).$salt)
  • sha512($salt.unicode($pass))

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking


Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

  • combinator: This program is a stand-alone implementation of the Combinator Attack.
    Each word from file2 is appended to each word from file1 and then printed to STDOUT.
    Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
  • cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
  • expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.

    There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:


    All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
    All possible offsets of the word.
    Shifting the word to the right until a full cycle.
    Shifting the word to the left until a full cycle.
  • gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
    The mod value is the number of times you want to split your dictionary.
    The offset value is which section of the split is getting that feed.
  • hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
  • len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
  • morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.
Dictionary = Wordlist used for frequency analysis.
Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.
  • permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
  • prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
  • req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
  • rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
  • rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
  • splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils