.: tools archive
Ghost costs way too much to license, so I have chosen to use the amazingly cheap Image for Windows
(and Image for DOS) tools for imaging workstations. Sadly, one needs to keep up-to-date with updates in order to make sure they can mount new Dell machines...
In addition, to support network shared drives, Bart's Boot Disk
works wonders once I can get it set up.
by LonerVamp 08.24.04 at 8:40 PM in /tools
A new SSH brute force tool
attempts to crack into a box by brute forcing root through an listening SSH service. The tool even includes its own dictionary, where as most other tools of this type rely on a separate user-defined dictionary. Impressive. At any rate, this just further illustrates a security practice that should be used for all SSH Linux boxes: don't allow root to log into SSH. Force a user account to be used, and then su to root.
by LonerVamp 08.24.04 at 9:07 PM in /tools
is the next Microsoft Authentication-killer. Basically this crack generates every possible NTLM hash. These can then be put into a database and searched against. Instead of a crack tool brute forcing a particular hash by comparing it, one by one, with every computed value, this tool precomputes all the values and saves them. For complex passwords, this can save days of crack time. For the most complex passwords, it can save weeks. I believe the whole database can be bought for just over a hundred bucks, in some circles, but this free tool will generate it free.
update: Everything I ever wanted to know about passwords and rainbow tables
all in one very recent paper/article. And hey, I didn't even know Cain
comes with a table generator!! W00t!
Been a lot of talk about rainbox tables here and passwords, so here are suggestions on how to withstand even rainbox attacks
. Basically, what this tells me is that passwords/passphrases are flawed, fundamentally.
by LonerVamp 08.24.04 at 9:16 PM in /tools
This quick article talks about running double instances of Snort
in order to capture two opposing sets of data. First one sensor catches "everything" that you can imagine in the rules, basically allowing the operator to get an idea of the state of the Internet as a whole. The second sensor only catches things of immediate interest to the operator, basically filtered so that only those threats that may affect the operator are captured. I like this article due to the explicit instructions on installing and running Snort.
by LonerVamp 09.21.04 at 8:22 PM in /tools
Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads - etc. There are many potential applications.
This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called "cutter" that automates the process.
by LonerVamp 09.29.04 at 10:54 PM in /tools
I may have an old post about NetFlow elsewhere, but this is another article on using NetFlow to monitor bandwidth
on a network. Files this away to read at some point, still have not read it or tried it, but would really like to.
Detecting abnormal traffic using NetFlow papers, part 1
and part 2
by LonerVamp 09.30.04 at 12:53 PM in /tools
is one of the more exciting simple tools I've seen in the past few months. PortPeeker is a Windows program that requires an installation. It then sets up a listening port on the port of your choosing. This listening port is bannerless and open to connection from other computers/devices. PortPeeker reports these connections and any data that is sent to this port both in a realtime display on the screen and also a log file. What is even more exciting, is that multiple copies can be opened to listen on multiple ports....although currently used ports cannot be used.
Why is this exciting? On a local network that might not be secure or that I am in charge of monitoring, a box can be set up that listens and captures traffic on particular ports. In a network like mine with multiple possibly insecure MSDE/SQL instances, being able to quickly see port 1433/1434 port probes would be very helpful. The only additional item I could wish for is a light or systray icon or sound to be played when a connection is made on a port being sniffed.
Update: Oh man, the uses are numerous! I have found out that the tool actually does allow the editing of banner information upon connection. On the link, scroll to the bottom to see captured traffic from various attacks and worms. Not only can this tool report connections on a port, but it display the data being transmitted to that port. For something like an SQL server connection attempt, the userid and password are cleartext in the hex output.
by LonerVamp 12.17.04 at 11:12 PM in /tools
is a port listener for Windows XP. The tool installs and then listens on particular ports. This tool listens on multiple ports in one instance, drops to the systray, and also logs to files. It does not log in real time, but it does accrue connection totals (aggregated for all ports) on the main window. There are options to change colors and show alerts for various warning levels, but they seemed useless to me. Also, you can set a banner or connection reply to be sent back to connecting sessions, but that didn't appear to work for me either...however, I do like the systray and multiple port options.
by LonerVamp 12.17.04 at 11:41 PM in /tools
Netsh is an oft-overlooked tool to configure tcp/ip settings in Windows from the command-line. This small post
illustrates how to effectively use the app.
by LonerVamp 06.01.06 at 8:52 PM in /tools
Been working on WSUS as a work project (second job in a row for it), and I just wanted to spill out a bunch of links about WSUS.
MS WSUS Blog
WSUS Beginner's FAQ
Microsoft WSUS newgroup
related scripting site
And if you want to use WSUS but do not have Active Directory (Group Policy) in use, you can still use WSUS
with some manual scripting of registry settings.
by LonerVamp 06.01.06 at 10:08 PM in /tools
Security Wizard/Talisker/NetworkIntrusion.co.uk has a site up giving a round-up of end-point security tools
. This is especially popular due to the heightened emphasis on end-point security lately, in particular laptops and other mobile devices.
This site is more than just a host for their radar
, but also compiles huge lists and summaries of a lot of security tools, in as non-biased a way as they can.
by LonerVamp 06.12.06 at 2:20 AM in /tools
has been released and is a honeypot app for Windows. This is pretty downright cool, and I need to find a box/place to put this up sometime...link found through Darknet
. There's two systems I've wanted to have for sometime: a honeypot to play with people/apps that break in and a firewall/sniffer that just collects traffic and statistics.
by LonerVamp 06.12.06 at 6:49 PM in /tools
Spaceobserver and Treesize
are some interesting and well-equipped tools for storage utilization analysis on systems. Free evaluations are well-worth it.
by LonerVamp 06.12.06 at 7:34 PM in /tools
cURL is a Windows utility in much the same vein as the generic "GET" command in *nix where you can run "http-style" requests from the command line. Pretty nifty!
by LonerVamp 06.14.06 at 6:16 PM in /tools
is not a free app, but is still one of those rare Windows-based SSH servers. A few other tools to download on their site as well.
by LonerVamp 06.14.06 at 7:28 PM in /tools
for the Windows XP firewall sounds like a wonderful idea...if there weren't better firewalls out there that I trusted more, like ZoneAlarm or Sygate. Still, might be cool to try out.
by LonerVamp 06.17.06 at 10:39 PM in /tools
sounds like it can lock IM programs from operating in Windows. I think this can be better solved with software policies and audits, and removing admin rights for users. And the method to get around all of the above, using stand-alone, non-installable "underground" apps for IMs still works regardless of any of these methods. So...might be interesting in case someone wants something like this.
by LonerVamp 06.17.06 at 10:46 PM in /tools
Sometimes you need to regularly runas an admin in Windows, but you might not necessarily want to give the user the local or domain admin password or save it in a cleartext file or shortcut or run over to type it in when needed. These are some options for secure ways of performing a runas. I've once used CPAU and it worked rather well. I had to give a SQL DBA access to production SQL servers and allow him to access other servers through admin shares via Enterprise Manager. Rather than give him a domain admin account or mess with permissions or store it in cleartext in a file or shortcut where he could look it up if he wanted to, I made a "secure" shortcut using CPAU. Pretty slick, and while it may have holes, it likely will stop any insiders from easily obtaining the credentials. This can be used for lesser instances like a user's program that might need some admin rights somewhere and not run otherwise.
Thie page has a bunch of choices for situations where runas needs to be secure
by LonerVamp 06.24.06 at 11:08 PM in /tools
Curious about a DNS server? Fingerprint it using fpdns
by LonerVamp 07.23.06 at 10:43 PM in /tools
This article explains how to tunnel VNC traffic over SSH
to create a secure means to connect back to your home computer from anywhere. I've always wanted to do this and have yet to do it. Basically this is just about poking a hole in your home firewall, setting up an SSH server, and doing a port forware on that SSH server to the internal VNC-equipped system. Nothing rocket-science here, and the technique can be used for pretty much anything. We actually used a similar technique in my old job before we moved to a full VPN solution.
Want to run OpenSSH on a Windows
box? This fun tutorial goes through this (overly complex) process!
by LonerVamp 07.29.06 at 10:54 AM in /tools
This is an awesome tutorial for examining and finding and exploiting the latest RealVNC Auth Vulnerability
. I have a link to a scan tool that scans for this, and I have to find it. I suppose Metasploit will have this packaged already or soon. The fun thing about this is that I imagine most IT shops do not upgrade all their old VNC instances very much and either just use the same executable stored locally or always download a new one. I would bet many admins are still blissfully ignorant of this issue, and thus still have many vulnerable installs still sitting around. I consider this a must-have scan for any VNC instances found on a target network.
Update: the scanner
by LonerVamp 08.02.06 at 9:54 PM in /tools
Snagged a bunch of tools and links dealing with reverse engineering malware, particularly Windows, but also other stuff. This is an area I'd love to get into some day, perhaps when I get more into coding as well. Either way, it is always useful to exercise ones ability to figure out what malware is doing, whether you use a live box and lab network or examine the code straight-up.
- the universal first choice in malware analysis
PaiMai and PyDbg
Pydasm and Pydot
by LonerVamp 08.09.06 at 7:52 PM in /tools
While TrueCrypt is still a great tool for Windows, Security Monkey has a nice quick bit of information
on using PointSec for Windows, filevault on Mac, and a link to a method of securing a Linux laptop. Nice quick read, almost like a hand-slap to anyone with a laptop followed by a quick, "do this, moron!"
by LonerVamp 08.12.06 at 11:07 AM in /tools
is the ultimate http proxy tool, and I certainly have to learn it someday.
by LonerVamp 08.15.06 at 7:48 PM in /tools
This site purports to be a list of Mac hacking tools
, but I see it more as a list of lesser-known general tools for Mac, some of which may only be useful to me if I get back into programming at some point. At any rate, a good list of tools with a blitz on what they're used for and common switches.
by LonerVamp 09.06.06 at 11:33 PM in /tools
Here are some nifty SSH tricks
. This tutorial also goes through bypassing firewalls using SSH
, a necessary skill in today's security world.
by LonerVamp 09.08.06 at 8:24 PM in /tools
From Hak5, here is a link to a USB "Switchblade,"
which is basically a Windows-hacking USB key that is really slick. I'm looking into making this right now if I can find a spare key.
The show notes
on this section are helpful as well. I only have one U3 key, so I have been playing with the non-U3 technique. You still have to click something when using a non-U3 key. I may look for a small, cheap U3 key here soon.
Even more info on the forums
by LonerVamp 09.09.06 at 2:29 AM in /tools
Hak5 has an awesome little mention about using FreeNAS
with some spare equipment to create a very cool NAS. It also has some free scripts to do backups. I don't know if I have the hardware right now, but I'd love to try this out with some old parts.
by LonerVamp 09.09.06 at 1:26 PM in /tools
TrueCrypt is a cool encryption tool. NTFS ADS is still a cool and under-known feature. And this tutotial
shows how to use both together.
New users to TrueCrypt can also reference this written tutorial on using truecrypt for the first time
update: Another link from SANS on getting started with TrueCrypt
(I totally cannot read this name without hearing IronGeek's voice...)
by LonerVamp 09.12.06 at 6:52 PM in /tools
SANS has a list of nice links for log analysis
tools and discussion. No need for me to duplicate it, just click the link.
by LonerVamp 09.12.06 at 6:57 PM in /tools
Wow, a free web-based network inventory tool
. Definitely gotta try this out!
by LonerVamp 09.15.06 at 11:36 PM in /tools
Sometimes, you just want to tackle challenges outside your lab, contrived by someone else. Here is a quick rundown (stolen shamelessly from pen-test mailing list on SecurityFocus) of some training programs and sites:
foundstone's hacme series
by LonerVamp 09.25.06 at 8:23 PM in /tools
will provide audit trails for file access in Windows. Thing I like with this tool is that it is relatively cheap for what you get, and you get a tool that just does its one thing, and seems to do it well. Granted, Windows file servers can already do file level monitoring in the event logs by adjusting the auditing on folder properties. However, making reports and doing anything beyond onesy-twosy checks in the logs is not possible without custom scripts or additional tools to parse the logs out and correlate the data. While not free, and not even something I want to use right now, this is still useful to log for my own benefit sometime in the future if I am asked about this issue.
by LonerVamp 10.01.06 at 12:27 AM in /tools
Another area I'd like to delve into in more detail, maybe with Vista's built-in Bitlocker. But here are a couple free tools that provide disk encryption:
Abylon CryptDrive (german)
by LonerVamp 10.13.06 at 3:51 PM in /tools
Mobility has its limits, especially if your ISP prefers you use their DNS servers, but then does not want you to use their DNS servers from IPs that it does not own. What to do? Many tech geeks have ways of finding DNS servers they like, some use their own or DNS servers from their work, but your average home user probably wouldn't know what to do. OpenDNS
sounds like a nice idea to get free DNS use. In fact, it offers up some services that may be of limited (read: better than none) security in blocking phishing sites and doing some spelling correction (for commonly misspelled sites that take you places you'd rather not see). Sounds like a nice enough deal to try out. However, in reading their marketing material about being blazingly fast and such, its really just all talk. It is no faster-feeling than any other DNS server, really. I suppose, however, that this thing can be programmed to adjust ad-ware and spyware and even botnet DNS calls as well, helping to quell botnets and other malware from contacting dynamic home adresses.
The only thing to keep in mind is what this service's business model is. It is a free service, but nothing is ever really free, no? Perhaps they gather statistics on DNS queries and sell that gathered information in creative ways. Perhaps they will be able to log your queries and better tailor things to you, such as crafted DNS queries much like Google puts relevant ads on gmail or based on various searches. Either way, there shouldn't be too much "badness" involved in something like this, and even if there is, it is only IP address and DNS query badness. For someone like me who will use this on a laptop that roams around, I'll end up fairly anonymous as it is.
by LonerVamp 10.15.06 at 6:05 PM in /tools
Finally, open source apps for this stuff! The article explains how to turn your webcams into security cams
. I really need to put this on my project list someday, as I have at least two webcams gathering dust in a box somewhere that are decent cams and almost never used.
by LonerVamp 10.15.06 at 6:07 PM in /tools
Cookies are a very old (in tech terms) method of messing with a website and/or circumventing security or obscurity. Nonetheless, never underestimate them or overlook the low-hanging fruit. InformIT has a quick illustration on playing with cookies
on a large website.
Sometimes it is just nice to see examples and how tools are used. For more cookie playing, I'd like to check out this firefox extension for adding and editing cookies
(supposedly AnEC like the one shown in the article?).
by LonerVamp 12.20.06 at 4:11 PM in /tools
There is a problem in IT and security with home users and small businesses. Security and any sort of halfway solid IT infrastructure is simply not possible without buying an outside service or having the luxury of an employee or employee friend with IT aptitude (and even they can be detrimental to security). Devices and software are expensive, and open source tools tend to be more advanced than many small businesses can handle (consultants that know licensed Microsoft tools are a dime a dozen, but an open source/linux guru will cost ya).
So I liked reading what Untangle
(formerly Metavize) is doing. They have a server device that you can run and it looks rather robust for a tool they are offering free to small shops with 10 or less computers (that would include me at home!). This is like Smoothwall, but with other features. I look forward to checking this out, but if it is as easy and solid as it looks from the website, I'll be quite enthused to recommend it for people without a budget or IT support.
The server appears to provide firewall, antispam, antispyware, antivirus, web filtering, and various other services that make sense to be packaged into one single chokepoint device on a network. I think I will try to segment off a part of my home network and drop this in with a test laptop behind it and see how it works. I just need to find a spare system that is close to the required specs, and I think my old server that I just phased out a few weeks ago may be just the ticket.
by LonerVamp 12.21.06 at 3:48 PM in /tools
Tail is an excellent tool for watching a log file. Tail in cygwin on Windows is ok, but the display really does kinda suck. Baretail
is a similar program for Windows that can tail a log file quite nicely. The program doesn't even use an installer and is just a bare standalone executable and works quite nicely to watch logs on Windows. Excellent little tool.
by LonerVamp 01.21.07 at 2:55 PM in /tools
I may not get to try everything out, despite my intentions, I still like to post things here in case I want to reference them later on. This site isn't a blog
, but it does have some interesting tools
. I got pointed here to check out wfuzz a web fuzzer/bruteforcer
. But I really want to try out the Geoedge
script which will do a geographical lookup on IPs (yeah, even automating a few clicks is worth it if you do a lot!). There is also an Intro to Reversing on a Mac that is only one page
but at least illustrates a few simple things for Mac users. And Metagoofil
will pull out meta data from docs. Now that is pretty neat. What ever happened to talking about info leakage via doc metadata?
by LonerVamp 05.29.07 at 2:22 PM in /tools
One paper on netcat uses is fine, but two sites in two days exceeds my Recollection Buffer and defaults back to needing a post.
Dean De Beer offered up a paper on Netcat for the Masses
which gives some good initial infomation on playing with netcat.
And I found Luke posted even more uses for netcat
by LonerVamp 08.10.07 at 2:22 PM in /tools