Being a security person, it is important that you keep track of the latest vulnerabilities, news and any sort that is related. Refer securitytracker.com, one of the many places you can get updated.
As I am learning more about the SMB protocol for Windows, I came across Medusa. So first thing I did was try and hook it up with a dictionary and attack my Windows OS which is on Windows 7. After installing it, (see here to know how), I looked at the arguments and start cracking! I tried cracking using THC-HYDRA but I had some difficulties at first. The commands are pretty much the same if you look at it. Read the rest of this entry »
Something similar to THC-HYDRA, Medusa was written by JoMo-Kun from Foofus.
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:
Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports.
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).