Mar
06
2010
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.
Ncrack was started as a “Google Summer of Code” Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool.
Ncrack is available for many different platforms, including Linux, *BSD, Windows and Mac OS X. There are already installers for Windows and Mac OS X and there is a universal source code tarball that can be compiled on every system.
Example: A representative Ncrack scan
$ ncrack 10.0.0.130:21 192.168.1.2:22
Starting Ncrack 0.01ALPHA ( http://ncrack.org ) at 2009-07-24 23:05 EEST
Discovered credentials for ftp on 10.0.0.130 21/tcp:
10.0.0.130 21/tcp ftp: admin hello1
Discovered credentials for ssh on 192.168.1.2 22/tcp:
192.168.1.2 22/tcp ssh: guest 12345
192.168.1.2 22/tcp ssh: admin money$
Ncrack done: 2 services scanned in 156.03 seconds.
Ncrack finished.
Downloads:
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.tar.gz
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA-setup.exe
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.dmg
Ncrack Man Page: http://nmap.org/ncrack/man.html
Ncrack Home: http://nmap.org/ncrack
ShareThis
Nov
18
2009
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
New Features:
- Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
- Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
- Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
- Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
- Fixed a bug of RSA SecurID Calculator within XML import function.
- Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data.
- Executables rebuilt with Visual Studio 2008.
- Added Windows Firewall status detection on startup.
- Added UAC compatibility in Windows Vista/Seven.
- Winpcap library upgrade to version 4.1.1.
Download: ca_setup.exe
ShareThis
Mar
04
2009
What is Medusa?
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
The author considers following items as some of the key features of this application:
* Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
* Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
* Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
It currently has modules for the following services:
* AFP
* CVS
* FTP
* HTTP
* IMAP
* MS-SQL
* MySQL
* NCP (NetWare)
* NNTP
* PcAnywhere
* POP3
* PostgreSQL
* rexec
* rlogin
* rsh
* SMB
* SMTP (AUTH/VRFY)
* SNMP
* SSHv2
* SVN
* Telnet
* VmAuthd
* VNC
It also includes a basic web form module and a generic wrapper module for external scripts.
Download :
http://www.foofus.net/jmk/medusa/medusa.html
ShareThis
Dec
04
2008
SniffPass is small freeware utility that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly.
SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords).
You can use this utility to recover lost Web/FTP/Email passwords.
Download :
http://www.nirsoft.net/utils/sniffpass.zip
More Info :
http://www.nirsoft.net/utils/password_sniffer.html
ShareThis
Dec
03
2008
Overview :
Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003.
General features of this product:
* Accounts information import:
o import from local computer;
o import from remote computer;
o import from SAM file;
o import from .LC file;
o import from .LCS file;
o import from PwDump file;
o import from Sniff file;
* Passwords recovery:
o dictionary attack;
o hybrid of dictionary and brute force attacks;
o brute force attack;
* Brute force session distribution:
o sessions distribution;
o sessions combining;
* Hashes computing:
o LM and NT hashes computing by password;
o LM and NT response computing by password and server challenge.
SID&User program is SID and user names getting tool for Windows NT/2000/XP/2003.
General features of this product:
* SID getting for a given account name;
* Getting of an account name for single SID or account names for SID range.
Download :
http://www.lcpsoft.com/english/download.htm
ShareThis
