Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports.
Total Hacked Visitors
Missing nm-applet in Ubuntu Maverick
May 12, 2011 — genesisdatabaseAlright, cause I had my nm-applet missing for some forgotten reason, I had to switch to Wicd; an alternative for managing wireless networks. If you came here for Wicd, you can always type
sudo apt-get install wicd
After accidentally removed nm-applet from my top panel, I had to do some googling and I actually suffered not having it for few days! Running nm-applet on terminal shows the message “nm notification something … removed … notification area”. Google told me it might have to do with icon packages which wasn’t the case. After days of using Wicd, I am now officially removing it thanks to the solution I found and tried.
It was a simple, Right Click Panel > Add To Panel > Notification Area.
Installing VMWare Player on Ubuntu 10.10
May 1, 2011 — genesisdatabaseThanks to my friend I’m now able to run a VMWare on my laptop with the link provided below. Below are the commands you have to type in terminal. Change wget‘s parameter to the latest version with bundle extension here.
sudo apt-get install build-essential linux-headers-$(uname -r) wget http://dlm3.vmware.com/software/vmplayer/VMware-Player-2.5.5-328052.i386.bundle chmod +x VMware-Player*.bundle gksudo bash ./VMware-Player*.bundle // Now follow the GUI // For more information see link below.
Source: http://ubuntuguide.net/how-to-install-vmware-player-in-ubuntu-9-10
Finding the right vulnerability and exploit from Nessus report in Metasploit
April 30, 2011 — genesisdatabaseIf you have trouble setting up a database in Metasploit, see here.
Once you have already scanned your target using Nessus, download the report as .nessus file. Run Metasploit and select the .nessus file with db_import /path/to/nessus/file.nessus. I am running on Metasploit framework-3.6.0 while my Nessus is on 4.4.1Ubuntu 8.04 32bit. Basically I got this file from either my friend or professor so I did not realize that it was actually Ubuntu 8.04. It worked so I’m going to stick with it till the end of the month. To get the latest version of Nessus, click here. Agree to the license agreement before proceeding.
Next, type db_autopwn -x -t to see the available exploits from the reference that we have added earlier (the .nessus file). You will see something similar to off below when you have gotten the result. Please be reminded that I am using Ubuntu 10.10.
With the given result above, you can now use the available vulnerabilities listed. This way it is much simpler than analyzing the Nessus report. Metasploit automatically checks whether it have the vulnerability and those that matches with it from the report. You don’t have to consume time finding the right exploit name or ID for it this way. Always test with the given permission, never test this on another computer without the authority to do it, especially when you are in an organization. You never know what kind of trouble you get into.
Not familiar with Nessus itself? See here!
If you are not familiar with Nessus, you can execute it right from Msfconsole! Offensive-security.com explains more here.
And few related offensive-security.com links that are pretty useful
1.) Metasploit Unleashed
2.) Nessus via Msfconsole
3.) SMB Login Check
4.) Vulnerability Scanning
5.) Working with Nessus
Other available resources
1.) Owning with Nessus and Metasploit
2.) Tenable Nessus
3.) Installing the Metasploit Project
4.) Everything Nessus
5.) Everything Metasploit
Tenable Nessus
April 30, 2011 — genesisdatabaseThe Nessus® vulnerability scanner is the world-leader in active scanners with more than five million downloads to date. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.
Source: http://www.nessus.org/products/nessus
How to Install (Ubuntu): http://linhost.info/2009/03/nessus-installation-on-ubuntu/
Run Nessus Server: /etc/init.d/nessusd start
Run Nessus Client: 127.0.0.1:8834 in browser
Stored Folder: /opt/nessus/
THC-HYDRA
April 23, 2011 — genesisdatabaseRead on to find out more on what hydra is and how it is used by hackers to crack password in matter of hours! Be it email, ftp or Facebook! With the right set of skills, you can do whatever you want with it as long as it is in the area you are allowed to. In this article, I will be writing a quick description on how to install it and how to use it on a basic level.
John the Ripper
April 20, 2011 — genesisdatabaseJohn the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches.
Source: http://www.openwall.com/john/
How To Install: http://www.openwall.com/john/doc/INSTALL.shtml
crunch | dictionary , wordlist generator
April 19, 2011 — genesisdatabaseCrunch is a command line utility in backtrack used to create dictionaries for bruteforce attacks! This is handy when it comes to using bruteforcers such as WPA attacks or Hydra or JTR. Needed to keep the links alive somewhere, this will do!
compile using
gcc -lm -lpthread -o crunch.c
execute using
./crunch
Source: http://www.backtrack-linux.org/forums/tool-requests/2798-crunch-2-4-a.html
Download: http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-2.9.tgz/download
Genesis Database 