11/29/12

Bypass Trial Limits in Software, Use it for Lifetime


You download lot of softwares and a considerable part of them is available as trial wares of 30, 60, 90 days. So after this time period you can’t use the software. It will display trial version expired. So what you gonna do? You search for cracks, keygens etc. And most of this will gift you a Trojan to steal your data. More over using pirated version of softwares is illegal. Things are out of hope now.
So for a relief there is a nice piece of software called RunAsDate.

What as RunAsDate?

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.
You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally.

DOWNLOAD: http://www.nirsoft.net/utils/run_as_date.html

How does it work ?
RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.

How to use?
  • Browse and select your application.
  • Select a previous date and time.
  • Click Run.

11/28/12

Some Easy Ways to Make Your Network More Secure

Believe it or not, there are IT Security improvements you can introduce to your network that are seamless, low-cost , don’t present a new burden to your users, and/or are easy to implement. So, in between your major IT Security projects that may or may not happen, why not improve you security posture and lower your overall risks?


Warning: These suggestions may cause your IT staff to work a little harder.

Implement email TLS encryption between business partners, others

Enabling opportunistic TLS on your email servers is really just a matter of turning on a switch. Hit the “ON” radio, set it to opportunistic mode so that TLS will be negotiated when available between hosts. It’s really that simple and no one even notices, except you.

If you have a large enough network, implement VLANs within your network

Help contain the spread of broadcast-based viruses. The key here is to decrease the size of your broadcast domains. Look, implementing VLANs on an existing flat network is not a big deal and you can always move things gradually to their own assigned VLANs. All you need are switches/routers that support VLANs and VLAN routing/trunking. Follow these simple ITSEC segmentation guidelines for your internal network:

•Workstations in their own VLAN (could also be divided, depending on your size)
•File Servers in their own VLAN
•Internal Web Servers in their own VLAN
•Database Servers in their own VLAN
•SOX, PCI, HIPPA and/or other “servers containing sensitive information” servers in their own VLAN (this makes it much easier to implement additional security controls and logging, AND because it makes it easier for everyone to identify those “kid gloves” resources)
•You know, VLANs are free so, use them.

Prevent rogue wireless access points and other rogue LAN devices/computers

Implement port security, or at least turn off the ports that are not in use. You only want your company devices on your network, not personal devices, personal hubs or switches or wireless access points. This will lessen your risk of malware infection or even malicious intent significantly. No one should be able to walk into your business and plug something in without your permission. Just as well, no one should be able to connect to your private wirelsss.

Put at least ONE Intrusion Prevention/Anti-Malware appliance in-line

Put an IPS on your Internet edge, and put it in blocking mode! I installed IPS appliances ten years ago and turned on blocking right at the start. I never had any serious issues. But WOW! the things that were blocked… This will add a significant security layer to your network and even allows you to decrease your overall risk score. IPS appliances are not very expensive and yet here is a device that can lower your risk score overall. Just remember it wouldn’t be very effective against internal malware versus internal targets, but it helps mitigate the risks associated with any malware reaching the internal network in the first place.

Patch Management

Develop a patching process/procedure that works for all machines, all operating systems, all services. The more you stay patched, the less chances there are of being exploited. Again, this just takes time and effort, and not really a whole lot of money.

Encryption
Not a really high risk, but just for best practices, no one should be running telnet, ftp, or anything involving clear-text logins. Even on the internal network. Use the encrypted alternatives.

Do not make your users local admins of their workstation.

And if users are already admins, plan to move them out.
This is probably the most annoying, ugly, and/or nasty recommendation I would make. It can be highly burdensome on the users. It may also be annoying, but sometimes that is necessary. If you value your company data, your customers’ data, you would heed this advice. You can save your company a lot of money and heartache by making this simple, necessary, step, if it’s feasible (and usually it is). You can easily take your time and migrate the users gradually.

Get checked out

And finally, you wouldn’t believe how many things I find wrong with customers’ websites and even internal networks that have allowed me to just waltz right in… You can never know how easy or difficult it is to get into your network unless you hire reliable people to occasionally scan you, internally and externally. And it’s not very expensive at all. Hire a reliable, third-party, penetration testing organization (such as the company I work for Redspin.com, or make your own choice) that will put your controls to the test. With the results, you can prioritize and concentrate on the areas that need the most work.


Ref:- Infosecisland

11/27/12

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)


web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework.
Current Functionality
  • -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
  • -Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.
  • -auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?
  • -cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)
  • -I – searches the responses for interesting strings
  • -Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
  • -Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
  • -proxy – send all http reqs via a proxy. example: 255.255.255.254:8080
  • -e – run all the scans in the scanner
web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).
Examples
basic:
perl Wsorrow.pl -host domain.com -S
look for login pages:
perl Wsorrow.pl -host domain.com -auth

most intense scan possible:
perl Wsorrow.pl -host domain.com -e

You can download web-sorrow here:  Wsorrow_v1.3.0.zip
Or read more here.

The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and The Mole will detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features
  • Support for injections using MySQL, MS-SQL Server, Postgres and Oracle databases.
  • Command line interface.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in Python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.
You can download The Mole v0.3 here:
Or read more here.

spt v0.6.0 – Simple Phishing Toolkit Available For Download


spt is a simple concept with powerful possibilities. It is what it’s name implies: a simple phishingtoolkit.
The basic idea the spt project had was “Wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization: the people?“.
Since the founders of the spt project are themselves information security professionals by day, they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen. A malware outbreak here, a stolen password and loss of critical organizational data there and the costs of dealing with the results of phishing can get to be astronomical pretty darn quickly!
Enter spt. spt was made from scratch, with the goal of giving over-worked and under-staffed information security professionals a simple tool (more like a framework, as they hope to add more features over time) that could be used to identify and train those weakest links. spt is a fully self-contained phishing email toolkit that can be installed, configured and phishing in less than 15 minutes. Its design is modular and open-ended allowing for future expansion and additional features via easy to snap-in modules that are simply uploaded in the administration dashboard. Why not try out spt today and see who your weakest link is?
You can download spt here:
Or read more here.

HconSTF is Open Source Penetration Testing Framewor

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

Features
  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi, XSS, Dorks, OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for OWASP top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)
You can download HconSTF 0.4 beta here: HconSTF_v0.4_Freedom_portable.exe
Or read more here.

chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.


chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack.
The process is as follows:
  1. Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
  2. Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
  3. Submit the CloudCracker token to www.cloudcracker.com
  4. Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )
If you are interested in a much more in-depth, technical explanation – you can read more here:
Using this attack they have a 100% success rate of cracking DES hashes within 23~ hours.
You can download chapcrack here:
Or read more here.

XMPPloit – A Tool to Attack XMPP Connections


XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream.
The tool exploit implements vulnerabilities at the client & server side utilizing the XMPP protocol.
The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks).
Features
  • Downgrade the authentication mechanism (can obtain the user credentials)
  • Force the client not to use an encrypted communication
  • Set filters for traffic manipulation
Filters that have been implemented in this version for Google Talk are:
  • Read all the the user’s account mails
  • Read and modify all the user’s account contacts (being or not in the roster).
You can download XMPPloit here:
Or read more here.

Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool


Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks.
There’s a couple of other tools that focus more on the identification part:
There’s also a pretty cool web app I use often which is – http://builtwith.com/
Features
  • Web Services: Identify a CMS and it’s version number, social media widgets and buttons, hosting provider, CMS plugins, and favicon fingerprints
  • Authentication areas: logins, admin logins, email webapps
  • Bruteforce: Subdomains, files and directories
  • Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host
  • AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing
In some ways it overlaps with other tools too like:
But as always, you should try them all and see which ones suits the way you work best.
You can download Web-Sorrow here:
Or read more here.

Tshark – Network Protocol Analyzer & Traffic Dumper


Tshark is actually part of the Wireshark package, and has some similar functionality. It does some cool stuff though so I thought it’s worthy of its own post.
TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.
Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.
TShark is able to detect, read and write the same capture files that are supported by Wireshark. The input file doesn’t need a specific filename extension; the file format and an optional gzip compression will be automatically detected. Near the beginning of the DESCRIPTION section of wireshark is a detailed description of the way Wireshark handles this, which is the same way Tshark handles this.
Compressed file support uses (and therefore requires) the zlib library. If the zlib library is not present, TShark will compile, but will be unable to read compressed files.
If the -w option is not specified, TShark writes to the standard output the text of a decoded form of the packets it captures or reads. If the -w option is specified, TShark writes to the file specified by that option the raw data of the packets, along with the packets’ time stamps.
When writing a decoded form of packets, TShark writes, by default, a summary line containing the fields specified by the preferences file (which are also the fields displayed in the packet list pane in Wireshark), although if it’s writing packets as it captures them, rather than writing packets from a saved capture file, it won’t show the “frame number” field. If the -V option is specified, it writes instead a view of the details of the packet, showing all the fields of all protocols in the packet.
If you want to write the decoded form of packets to a file, run TShark without the -w option, and redirect its standard output to the file (do not use the -w option).
When writing packets to a file, TShark, by default, writes the file in libpcap format, and writes all of the packets it sees to the output file. The -F option can be used to specify the format in which to write the file. This list of available file formats is displayed by the -F flag without a value. However, you can’t specify a file format for a live capture.

HoneyDrive – Honeypots In A Box


HoneyDrive is a pre-configured honeypot system in virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It currently contains Kippo SSH honeypot. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.
In the future more software will be added such as Dionaea malware honeypot and Honeyd.
You can get the latest version (0.1) of HoneyDrive which contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work.
After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.
You can download HoneyDrive here:
Or read more here.

How to Change JKS KeyStore Private Key Password

Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...