Cracking SMBNT with Medusa

As I am learning more about the SMB protocol for Windows, I came across Medusa.  So first thing I did was try and hook it up with a dictionary and attack my Windows OS which is on Windows 7.  After installing it, (see here to know how), I looked at the arguments and start cracking!  I tried cracking using THC-HYDRA but I had some difficulties at first.  The commands are pretty much the same if you look at it. Read the rest of this entry »

Medusa Parallel Network Login Auditor by Foofus

Something similar to THC-HYDRA, Medusa was written by JoMo-Kun from Foofus.

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing. Read the rest of this entry »

Winfingerprint | Enumeration phase!

Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports.


What is Pass-The-Hash Toolkit?

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).



File Extension Spoofer (FES) by AjuL Inc

Okay, basically you want to try to run a malicious software, something nasty, on someones computer and you don’t want to send over a executable but an image!  I believe many of you have went to distance to find this solution, some even tried a shortcut option for it and compress it in a rar.  Okay here’s the tool by AjuL from and it’s called File Extension Spoofer.  How great this works, I have no idea as I don’t run .NET 4.0 and above on any of my stations.  Check out how it works.

Read the rest of this entry »

Installing VMWare Player on Ubuntu 10.10

Thanks to my friend I’m now able to run a VMWare on my laptop with the link provided below. Below are the commands you have to type in terminal. Change wget‘s parameter to the latest version with bundle extension here.

sudo apt-get install build-essential linux-headers-$(uname -r)
chmod +x VMware-Player*.bundle
gksudo bash ./VMware-Player*.bundle

// Now follow the GUI
// For more information see link below.



User2sid and Sid2user are two small utilities for Windows NT, created by Evgenii Rudny, that allow the administrator to query the SAM to find out a SID value for a given account name and vice versa. User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine and Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions; LookupAccountName and LookupAccountSid respectively. These tools can be called against a remote machine without providing logon credentials except those needed for a null session connection. These tools rely on the ability to create a null session in order to work.



We all know that by using the Windows delete key and removing them from the trash is not going to be sufficient as I have previously written in one of my posts Recovering Deleted Files and Partitions.  SDelete is a tool that is capable of preventing these tools from recovering them!  Mark Russinovich tells us more about SDelete.

“The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file’s on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever.”


Snort | Intrusion Detection & Prevention System

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and more than 300,000 registered users, Snort has become the de facto standard for IPS.