Tools of the trade
These are some tools that are extremely useful, But remember i am providing the knowledge and how you use them is up to you. Also if you don't know how to you these you should decently do some research, There is no tool that will just Hack for you, find exploits on your own is half the fun. these tools if not used properly can get you n a lot of trouble.
› Tools of the trade.
DeCSS 1.2b is used as a cracking tool, is highly engineered software that has been designed in order to modify the other software with an intention to remove the usage restriction. A worth mentioning instance is a "patch generator", which replaces bytes at specific location of a file, giving it a licensed version. The DeCSS 1.2b was originated in the year 1999, October and requires storage of minimum 253 KB. Coldlife 4.0is another tool for website hacking that falls in the category of flooder. This is a program that has been designed to overload the connection by certain mechanisms like a fast pinging that causes a sudden DoS attack.
Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).
Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impactand Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.
There are many tools around.
let me give u some real direct links
Tools
These tools can be used for good and bad. They are all readily available on the Web. So,
if you're one of the good guys : find out how long your passwords will resist a dictionary or brute force attack, see what information your computers would reveil when asked the right way, and check your network before the bad guys do ... network tools Password tools Get some practise
| Online DNS lookup, Whois, a.o. | KLOTH Services | WWW implementations of common network tools such as whois and nslookup / dig. Although they're in fact network troubleshooting tools, services / tools like these are often used to gather information about a 'target' or 'victim' (re. Hacking Exposed : a mini howto). Which goes to show that toold can be used for good and for bad ... | E | |
| nmap | www.insecure.org | simply the best port scanner, with some added functionality (e.g. remote OS guess) | E | |
| nessus | www.nessus.org | extremely complete vulnarability checker / security audit : scans a remote system for open ports (using nmap), then attempts to exploit the services listening at those ports and returns a detailed report. Open Source Quality. | E | |
| hping | www.hping.org | when ping and traceroute return timeouts because you can't trace 'behind' a router or firewall, hping might help. | E | |
| Same Spade | www.samspade.org | client for multiple protocols and integrated network query tool for Windows 95, 98, NT & Windows 2000 | E | |
| Look@Lan | www.lookatlan.com | freeware network enumeration and monitoring tool | E | |
| NBTEnum, NetBIOS User Enumartion Tool, | copy available atpacketstorm.linuxsecurity.org | nbtenum and other enumeration tools should be available at , but that site is apparently offline | E | |
| Hacking Exposed : the tools | the tools discussed in the book "Hacking Exposed" | E | ||
| Arne Vidstrom : The Toolbox - Freeware security tools for Windows | www.ntsecurity.nu, Arne Vidstrom | collection of freeware security tools, written by Arne Vidstrom, including a.o. a key logger, ping sweep, a tool to enumerate user accounts on a Windows system, a Microsoft SQL Server dictionary attack... | E | |
| Wireless Security software | Hideaway.Net | tools that can locate, audit, and even sniff wireless networks | E | |
| Unix Penetration Rootkits | Packet Storm | a collection of UNIX / Linux penetration rootkits | E | |
| Windows NT Penetration Tools | Packet Storm | a collection of Windows NT (2000, XP, etc.) penetration tools | E | |
| Astalavista Tool Box | Astalavista Secutity Group | An extensive collection of enumeration, sniffing cracking and exploiting tools. | E | |
| Oreilly Network tools | Collection of network hack and crack tools, mainly tar archives | E | ||
| www.insecure.org | www.insecure.org | www.insecure.org, of nmap fame, also caries extensive lists and (links to) forums on exploits, penetration testing, (exploitable) bugs, know security holes etc | E | |
| Brutus | Password cracker for HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3, FTP, SMB, Telnet servers. Originally created to check routers for default passwords. Brute Force / Dictionary approach | E | ||
| Hydra | The Hacker's Choice | THC-Hydra - login hacker for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is included in Nessus. | E | |
| l0phtcrack | Once the best tool for Windows NT cracking, and freely available. Now commercialized by Symantec. You may want to try and get a copy from astalavista :-) | E | ||
| John The Ripper | The famous John The Ripper password cracker | E | ||
| Cain and Able | finds passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols | E | ||
| TSCrack | Password Cracker for Windows Terminal Server. TSCrack is said to use Artificial Intelligence / Artificial Neural Networks to be able to interprete de bitmaps sent by the terminal server and generate an appropriate response. | E | ||
| "I forgot the Administrator password" | 'Linux on a floppy' boot disk that allows to blank out the administrator password and reset accounts on Windows NT systems | E | ||
| SIW - System Information for Windows | Not a password cracker per se, but a tool to collect system information on Windows systems. As it happens, this system information includes cached credentials, product keys and other 'secrets' | E | ||
| Default Passwords | Who says you need to crack anything ? Lot's of network devices are installed without any configuration, so they still have the user name / passwords that the vendor put there. And these passwords are very well known ... | E | ||
one of my favourite links for thr SQL injection
click here [ open dis window on a new page]
Post a Comment