WCE v1.3beta 32bit released. (Must needed for Admins)

Download link: http://www.ampliasecurity.com/research/wce_v1_3beta.tgz



Changelog:

version 1.3beta:
March 8, 2012
* Bug fixes
* Extended support to obtain NTLM hashes without code injection
* Added feature to dump login cleartext passwords stored by the Digest
Authentication package


Example:

* Dump cleartext passwords stored by the Digest Authentication package

C:\>wce -w
WCE v1.3beta (Windows Credentials Editor) - (c) 2010,2011,2012 Amplia
Security -
by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.


test\MYDOMAIN:mypass1234
NETWORK SERVICE\WORKGROUP:test


The cleartext passwords dumped include passwords used to login to the
Windows box interactively.

What is WCE?
------------

Windows Credentials Editor (WCE) v1.3beta allows you to

NTLM authentication:

* List logon sessions and add, change, list and delete associated
credentials (e.g.: LM/NT hashes)
* Perform pass-the-hash on Windows natively
* Obtain NT/LM hashes from memory (from interactive logons, services,
remote desktop connections, etc.) which can be
used to authenticate to other systems. WCE can perform this task without
injecting code, just by reading and decrypting information stored in
Windows internal memory structures. It also has the capability to
automatically switch to code injection when the aforementioned method
cannot be performed

Kerberos authentication:

* Dump Kerberos tickets (including the TGT) stored in Windows machines
* Reuse/Load those tickets on another Windows machines, to authenticate
to other systems and services
* Reuse/Load those tickets on *Unix machines, to authenticate to other
systems and services

Digest Authentication:

* Obtain cleartext passwords entered by the user when logging into a
Windows system, and stored by the Windows Digest Authentication security
package


Supported Platforms
-------------------
Windows Credentials Editor supports Windows XP, 2003, Vista, 7 and 2008.


Additional information
----------------------
http://www.ampliasecurity.com/research/wcefaq.html


Thanks,

h@ckfr3ak

Read More

BackTrack 4 - Free E Book (Rare)

Today I am writing special review for the latest book - BackTrack 4: Assuring Security by Penetration Testing.  Written by expert authors on Penetration Testing, this book does real justice to its title.
.

.

Here is the core information about the book,

.

• Title: BackTrack 4: Assuring Security by Penetration Testing
• Author: Shakeel Ali & Tedi Heriyanto
• Publisher: Packt Publishing
• Hardcover: 392 pages
• Release Date: Apr 14, 2011.
  

Here is the table of contents

PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
Chapter 2: Penetration Testing Methodology

PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Chapter 4: Information Gathering
Chapter 5: Target Discovery
Chapter 6: Enumerating Target
Chapter 7: Vulnerability Mapping
Chapter 8: Social Engineering
Chapter 9: Target Exploitation
Chapter 10: Privilege Escalation
Chapter 11: Maintaining Access
Chapter 12: Documentation and Reporting

PART III: Extra Ammunition
Appendix A: Supplementary Tools
Appendix B: Key Resources

.
The book is well structured and written with systematic approach towards every stage of Pen Testing – starting with A,B,C…

First part explains how to setup BackTrack on virtual machines (such as Vmware, VirtualBox) and USB disk with step by step pictorial illustrations. Next comes the important step of bringing up network interface where most of has struggled and this book does right job by showing how to set up both wired & wireless interface with neat instructions. Then it goes into theory explaining different types of Pen Testing – Black-box & White-box testing – along with detailed explanation of various Pen Testing methodologies.

.
Second part is where real fun begins as authors delve into practical Pen Testing lessons. It starts with ‘Target Scoping’ where in author describes the process of collecting client requirements, preparing test plan and cross-verifying the same with the client before getting down to the battle field. This is very important part so as to understand scope of pen testing and its perimeters, failing which you may land into legal battle with the client later on.

.
Once the stage is set, author moves on with real Pen Testing phase by explaining passive information gathering using DNS enumeration, traceroute, whois, email harvesting tools from BackTrack. Next chapter focus on the target discovery on client network by identify live hosts and then OS fingerprinting using tools like hping, nbtscan, xprobe2 etc. Next follows detecting open ports and live services running on these discovered targets using NMAP, Amap, Httprint, ike-scan etc. Next comes the “Vulnerability Mapping” where in author shows how to use specialized & fuzzing based auditing tools for discovering vulnerabilities in Cisco, SMB, SNMP, Database & Web applications with very informative examples.

.

Often life does not go as planned and tools does not show the colors, then comes the PLAN B - Social Engineering !

Compared to olden days, now Social Engineering has become very important part of Pen Testing (very well demonstrated by Anonymous in recent HBGary hack). Author adds real juice here by demonstrating power of SET (Social Engineering Toolkit) with scenarios such as ‘targeted phishing attack’, ‘gathering user credentials’ etc.
.

Finally we come to the climax where in you are just a step away from pwning the target system. Chapter on ‘Target Exploitation’ does complete justice by unleashing the power of Metasploit with real life scenarios titled ‘Ninja 101 Drills’. Author showcases around 5 practical scenarios with descriptive explanation surrounding Meterpreter, finally ending with short session on writing Metasploit exploit module.
.

Next chapter on Privilege Escalation deals with gathering user credentials using various password recovery (pwdump, samdump2, dsniff, l0pthcrack, john) & MITM (ettercap, arpspoof) attack tools. Once you have got access to the system, it is important to maintain it through covert mechanisms. So is chapter on ‘Maintaining Access’ explains how to use various protocol tunneling tools such as DNS2tcp, cryptcat, netcat, ptunnel etc to maintain link between source & target systems.
.

Finally it is time to submit report or show up presentation on your Pen Testing work.  Now if you don’t have good presentation or report writing skills then all your hard work in pen testing goes for toss. Most of the times it is true that being techsavvy your softkills will be little hazzy. Author takes note of it and describes how to write different kind of reports (Executive, Management & Technical) and offer various tips on how to prepare each of the report and how to present them to the appropriate audience in a right way.  It would have been beneficial if author would have put sample report? for each of the mentioned types, hope they will include it in second edition.

.

At the end, authors have added additional resources in “Appendix Section” to show the usage of some of external tools such as NeXpose, Netcat, WhatWeb etc which are not included in BackTrack. Also you will find some good links related to vuln disclosure, vuln incentive programs, reverse engineering etc.

.

Highlights of the Book

• Well written, easy/enjoyable to read
• Each tool is shown well with detailed usage and practical example
• No real need for live system while reading
• How each tool works internally [like PING uses ICMP packets etc]
• Tips on using right tools at right times.

.
Though this book have written for BackTrack4 – it is very well applicable to any BackTrack version (with little difference with old/new tools) as it follows the practical & systematic approach making it one of the best guide for any Pen Tester.



Here is the Link :

http://www.ziddu.com/download/15169978/backtrack4.rar.html


http://www.filefactory.com/file/ccf05cb/n/BackTrack_4_Assuring_Security_by_Penetration_Testing.pdf   [Will Avail upto the next 15days ]

Link is Available tested(22/6/2011)  If its Broken in Future Mail me suren.click@gmail.com I will Upload once again

After too many flood request fr uploading the book , i took this sunday to upload it back its LIVE NOW 



UPDATED LINKS BT4




GRAB UR COPY


h@ckfr3ak

.

Read More

Mark Zuckerberg Kills What he Eats

Mark Zuckerberg leaned Chinese last year. This year Mark Zuckerberg is pursuing a new “personal challenge”, when he’s not busy connecting people across the world. Its about food. Mark Zuckerberg only eats what he kills. It includes a lobster, chicken, pig and a goat. Zuckerberg even posted a message on his private Facebook page on May 4 saying:

“I just killed a pig and a goat.”

Mark takes a personal challenge each year (in 2009, he wore a tie every day), and this year is about animals and meat.

“This year I’ve basically become a vegetarian since the only meat I’m eating is from animals I’ve killed myself,” Zuckerberg wrote in an email to Fortune.

He told Fortune in an email that:

I spend almost all of my time building Facebook, so these personal challenges are all things I wouldn’t normally have the chance to do if I didn’t take the time. Last year, for example, my personal challenge was to learn Chinese. I blocked out an hour every day to study and it has been an amazing experience so far. I’ve always found learning new languages challenging, so I wanted to jump in and try to learn a hard one. It has been a very humbling experience. With language, there’s no way to just “figure it out” like you can with other problems — you just need to practice and practice. The experience of learning Mandarin has also led me to travel to China, learn about its culture and history, and meet a lot of new interesting people

This year, my personal challenge is around being thankful for the food I have to eat. I think many people forget that a living being has to die for you to eat meat, so my goal revolves around not letting myself forget that and being thankful for what I have. This year I’ve basically become a vegetarian since the only meat I’m eating is from animals I’ve killed myself. So far, this has been a good experience. I’m eating a lot healthier foods and I’ve learned a lot about sustainable farming and raising of animals.

I started thinking about this last year when I had a pig roast at my house. A bunch of people told me that even though they loved eating pork, they really didn’t want to think about the fact that the pig used to be alive. That just seemed irresponsible to me. I don’t have an issue with anything people choose to eat, but I do think they should take responsibility and be thankful for what they eat rather than trying to ignore where it came from.

Read More

How to Use Google Wave , Tool for Hacking

I Thought i was Fooled When Google WAVE Was released On April 1 , After a day only i Fathom that Google Wave Service Exists ..Well Coming to tha Point ,Many security researchers and hackers are familiar with BeEF, a browser exploitation framework by Wade Alcorn. In short, BeEF is a program that brings together various types of code for taking advantage of known vulnerabilities in web browsers. If a target computer loads a certain bit of code within a web page, that code connects to a server control panel which can then execute certain attacks against the “zombie” machine.
After noting potential security issues with the gadgets in Google Wave, I set about to finally setup a BeEF testbed and see if Google Wave was as capable a platform for malware delivery.

Example of a BeEF zombie spawned via Google Wave

The picture above shows the results. I successfully created a Google Wave gadget that creates a new BeEF zombie whenever someone views the wave. This does not allow for the keylogger function of BeEF, but I did send an alert dialog (as shown) and used the Chrome DoS function to crash the browser tab. (I could also detect that the zombie machine had Flash installed – imagine the possibilities of using Flash or PDF exploits in an auto-loaded gadget.)
What’s even more disconcerting is that BeEF can integrate with Metasploit to potentially take over a victim’s machine. I do not currently have Metasploit setup to test using Autopwn, but based on my experiences so far, I’m fairly confident such an attack would succeed.
All of these demonstrations about security and Google Wave point to four general weaknesses in Wave’s current structure:

1. Allowing scripts and iframes in gadgets with no limits apart from sandboxing
2. Lack of control over what content or users can be added to a wave
3. No simple mechanism for verifying gadget sources or features
4. Automatically loading gadgets when a wave is viewed

Any one of these issues would be cause for concern, but taken together they present such alarming possibilities as a user getting their computer hacked simply by viewing a wave. Whatever may be said about Google Wave’s usefulness, I have to conclude that the product is not ready for prime time until these types of problems are addressed.

Read More