9.10.2009 von matti.

 Can in such a simple picture about a complicated subject be any truth?

See for yourself…

Geschrieben in humour, general | Drucken | Keine Kommentare »

9.10.2009 von matti.

Rapid7 with Nexpose seems to take on the Metasploit framework.

Could get interesting….

Geschrieben in rumours | Drucken | Keine Kommentare »

9.10.2009 von matti.

#!/usr/local/bin/bash
#script for enumerating vpn devices
#uses ike-scan
# 19th of Nov 2008

# read the ip address from stdin or param

if [ $# -eq 0 ];
then
echo “Who do we scan today?”
echo -n “Ok, let us have the ip then ===> ”
read IP
else IP=$1
fi
echo “”
echo “A valid user is needed?”
echo -n “Ok, let us have the name then ===> ”
read USER

#date and IPs and test for the OS
DATE=`date +%F`
HOST=`host $IP`
FILENAME=${IP}_at_${DATE}
START=`date +%H-%M-%S`
touch logfile_${FILENAME}_${START}
OS=`uname`
OWNIP=`ifconfig`

echo “###   Log file   ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### IP address of the scanning system ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$OWNIP” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Hostname of the scanning system ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “`hostname`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### IP address of the target ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$IP” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Start of the scan ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$START at the $DATE” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “### Scanning OS ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$OS” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}

#perform the scans

ike-scan -v $IP > ike-scan_main_${IP}.txt
ike-scan -v -A $IP > ike-scan_aggressive_${IP}.txt
ike-scan -v -M –showbackoff $IP > ike-scan_backoff_${IP}.txt
ike-scan -v -M -A –id=whocares $IP > ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_${IP}.txt
ike-scan -v –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_${IP}.txt
ike-scan -v –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_${IP}.txt
ike-scan -v –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_${USER}_${IP}.txt
ike-scan -v –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_${IP}.txt
ike-scan -v -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_${IP}.txt
ike-scan -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_${IP}.txt
ike-scan -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_${IP}.txt
ike-scan –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_${IP}.txt
ike-scan –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_${IP}.txt

#perform the scans with nat

ike-scan -v –nat-t $IP > ike-scan_main_nat_${IP}.txt
ike-scan -v –nat-t -A $IP > ike-scan_aggressive_nat_${IP}.txt
ike-scan -v –nat-t -M –showbackoff $IP > ike-scan_backoff_nat_${IP}.txt
ike-scan -v –nat-t -M -A –id=whocares $IP > ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –nat-t -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_${IP}.txt
ike-scan -v –nat-t –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_${IP}.txt
ike-scan -v –nat-t –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_${IP}.txt
ike-scan -v –nat-t –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_${IP}.txt
ike-scan -v –nat-t –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_${USER}_${IP}.txt
ike-scan -v –nat-t –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_${IP}.txt
ike-scan -v –nat-t -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_${IP}.txt
ike-scan -v –nat-t -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_${IP}.txt
ike-scan -v –nat-t -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_${IP}.txt
ike-scan -v –nat-t –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_${IP}.txt
ike-scan -v –nat-t –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_${IP}.txt

#tcp version 1 for checkpoint

ike-scan -v –tcp=1 $IP > ike-scan_main_tcp1_${IP}.txt
ike-scan -v –tcp=1 -A $IP > ike-scan_aggressive_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M –showbackoff $IP > ike-scan_backoff_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M -A –id=whocares $IP > ike-scan_Aggressive+ID_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_tcp1_${IP}.txt
ike-scan -v –tcp=1 –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_tcp1_${IP}.txt
ike-scan -v –tcp=1 –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_tcp1_${USER}_${IP}.txt
ike-scan -v –tcp=1 –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_tcp1_${IP}.txt
ike-scan -v –tcp=1 -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_tcp1_${IP}.txt
ike-scan –tcp=1 -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_tcp1_${IP}.txt
ike-scan –tcp=1 -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_tcp1_${IP}.txt
ike-scan –tcp=1 –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_tcp1_${IP}.txt
ike-scan –tcp=1 –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_tcp1_${IP}.txt

#tcp version 2 for cisco

ike-scan -v –tcp=2 $IP > ike-scan_main_tcp2_${IP}.txt
ike-scan -v –tcp=2 -A $IP > ike-scan_aggressive_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M –showbackoff $IP > ike-scan_backoff_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M -A –id=whocares $IP > ike-scan_Aggressive+ID_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M -A –id=$USER $IP >> ike-scan_Aggressive+ID_tcp2_${IP}.txt
ike-scan -v –tcp=2 –trans=5,2,3,2 –multiline $IP > ike-scan_trans_multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 –trans=5,2,1,2 –vendor=00 –multiline $IP > ike-scan_trans_vendor_multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 –aggressive –multiline –id=finance $IP > ike-scan-aggressive-multiline-id_tcp2_${IP}.txt
ike-scan -v –tcp=2 –aggressive –multiline –id=$USER $IP > ike-scan-aggressive-multiline-id_tcp2_${USER}_${IP}.txt
ike-scan -v –tcp=2 –trans=7/256,2,1,2 –aggressive –multiline $IP > ike-scan-trans-aggressive-multiline_tcp2_${IP}.txt
ike-scan -v –tcp=2 -M `perl -e ‘print “–trans=2,3,4,5 ” x 19 . “–trans 5,2,1,2″;’` $IP >> ike-scan-perl-long-trans_tcp2_${IP}.txt
ike-scan –tcp=2 -r 1 –trans=”(4=2,3=3,2=2,1=5)” -M $IP > ike-scan-r1-M_tcp2_${IP}.txt
ike-scan –tcp=2 -r 1 –trans=”(1=5,2=2,3=3,4=2)” -M $IP > ike-scan-r2-M_tcp2_${IP}.txt
ike-scan –tcp=2 –trans=”(1=7,14=256,2=2,3=3,4=2)” -M $IP > ike-scan-r3-M_tcp2_${IP}.txt
ike-scan –tcp=2 –trans=”(1=7,14=256,2=2,3=3,4=2,11=1,12=0×0000007b,11=2,12=0×000001c8)” -M $IP > ike-scan-r3-M_tcp2_${IP}.txt

# Encryption algorithms:
# DES, Triple-DES, AES/128, AES/192 and AES/256
ENCLIST=”1 5 7/128 7/192 7/256″
# Hash algorithms: MD5 and SHA1
HASHLIST=”1 2″
# Authentication methods:
# Pre-Shared Key, RSA Signatures, Hybrid Mode and XAUTH
AUTHLIST=”1 3 64221 65001″
# Diffie-Hellman groups: 1, 2 and 5
GROUPLIST=”1 2 5″
for ENC in $ENCLIST
do
for HASH in $HASHLIST
do
for AUTH in $AUTHLIST
do
for GROUP in $GROUPLIST
do
ike-scan –trans=$ENC,$HASH,$AUTH,$GROUP -M $IP >> ike-scan-transform-loop_${IP}.txt
done
done
done
done

cat ike-scan-transform-loop* | grep -B 2 -A 2 “Handshake returned” > ike-scan-transform-loop-success_${IP}.txt

END=`date +%H-%M-%S`
# this will go at the end of the log

echo “### Files produced ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “`ls -la ike-scan*`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “###   End of the test   ###” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}
echo “$END at `date`” >> logfile_${FILENAME}_${START}
echo “” >> logfile_${FILENAME}_${START}

echo “done”
echo “Scan took place from $START to $END”
echo “Look at the logfile and at the directory $DIRNAME”
echo “Have a nice day!”
exit;

Geschrieben in hacking | Drucken | Keine Kommentare »

9.10.2009 von matti.

#!/usr/local/bin/bash
#
# Usage example:./netnmap hosts.txt
#

# Some vars
nmap=/usr/local/bin/nmap

# Command line
filename=$1

# Local fuctions
function usage() {
echo “”
echo “nmap scanner helper script”
echo “usage  : ./netnmap <filename>”
exit 1
}

# Input control
if [ -z “$1″  ]; then
usage
fi

if [ “`cat $filename 2>/dev/null`” = “” ]; then
echo “err: corrupted hosts file?”
exit 1
fi

# Perform the port scan (full tcp scan)
for current in `cat $filename`
do
$nmap -n –min-rate 1000 -vvvv –max-rtt-timeout 1000 –initial-rtt-timeout 400 –max-retries 4 -p1-65535 -PN -oA $current.scan $current &
sleep 60
done

exit 0

Geschrieben in hacking | Drucken | Keine Kommentare »

9.10.2009 von matti.

#!/usr/local/bin/bash
# script for mass scans to keep track

# vars

HOSTS=`grep ‘Nmap done at’ *.nmap|wc -l | grep -oE ‘[0-9]{1,}’`
PORTS=`cat *.gnmap | grep -o ‘open’ | wc -l | grep -oE ‘[0-9]{1,}’`
HOSTS_NUMBER=`cat *.gnmap | grep open | grep -oE ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’ | wc -l | grep -oE ‘[0-9]{1,}’`
HOST_PROBLEMS=`cat *.nmap | grep ‘Skipping host’ | wc -l | grep -oE ‘[0-9]{1,}’`
NMAPS=`ps -ef | grep nmap | grep vvvv | wc -l | grep -Eo ‘[0-9]{1,}’`
PORTS_CLOSED=`cat *.gnmap | grep -o ‘open’ | wc -l | grep -oE ‘[0-9]{1,}’`
HOSTS_NUMBER_CLOSED=`cat *.gnmap | grep open | grep -oE ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’ | wc -l | grep -oE ‘[0-9]{1,}’`

#output

echo “”
echo “$HOSTS hosts have been scanned and $PORTS open ports discovered”
echo “”
echo “These were discovered on the following hosts: ”
cat *.gnmap | grep open | grep -oE ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’
echo “”
echo “This makes in total $HOSTS_NUMBER hosts”
echo “”
echo “Open ports that were discovered are : ”
cat *.nmap | grep ‘ open ‘ | cut -d ” ” -f 1 | sort -g | uniq
echo “”
echo “”

echo “Also $PORTS_CLOSED closed ports were discovered”
echo “”
echo “These were discovered on the following hosts: ”
cat *.gnmap | grep closed | grep -oE ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’
echo “”
echo “Closed ports that were discovered are : ”
cat *.nmap | grep ‘ closed ‘ | cut -d ” ” -f 1 | sort -g | uniq
echo “”

echo “Problems because of time out on $HOST_PROBLEMS differnt hosts!”
echo “”
echo “At the moment $NMAPS NMAP scans are running”
echo “”
exit 0

Geschrieben in hacking | Drucken | Keine Kommentare »

9.10.2009 von matti.

http://www.phenoelit-us.org/dpl/dpl.html / net devices

http://www.packetstormsecurity.org/Crackers/wordlists/

http://cirt.net/passwords

http://www.virus.org/default-password/

http://www.routerpasswords.com/index.asp

Added:

http://reusablesec.googlepages.com/passwordcrackingtools

Geschrieben in link, hacking, general | Drucken | Keine Kommentare »

9.10.2009 von matti.

http://cntlm.awk.cz/

check it out

Geschrieben in link, hacking | Drucken | Keine Kommentare »

9.10.2009 von matti.

.bat file:

::requires http://www.elifulkerson.com/articles/net-snmp-windows-binary-unofficial.php
::requires http://unxutils.sourceforge.net/
@echo off
snmpwalk.exe -O v -v 1 -c %2 %1 “.1.3.6.1.2.1.1.5″ | sed “s/STRING: /HOSTNAME:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.4.1.77.1.4.1″ | sed “s/STRING: /DOMAIN:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “.1.3.6.1.2.1.1.1″ | sed “s/STRING: /DESCRIPTION:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.1.3″ | sed “s/Timeticks: /UPTIME:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.4.1.77.1.2.25″ | sed “s/STRING: /USER:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.4.1.77.1.2.27″ | sed “s/STRING: /SHARE:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.4.1.77.1.2.3.1.1″ | sed “s/STRING: /SVC:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.25.4.2.1.2″ | sed “s/STRING: /PROCS:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.6.13.1.3″  | sed “s/INTEGER: /TCP:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.7.5.1.2.0.0.0.0″  | sed “s/INTEGER: /UDP:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.25.2.3.1.3″ | sed “s/STRING: /DISK:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “1.3.6.1.2.1.25.6.3.1.2″ | sed “s/STRING: /INSTALLED:/” | sed “s/\”//g”
snmpwalk.exe -O v -v 1 -c %2 %1 “.1.3.6.1.2.1.4.20″ | grep “IpAddress” | sed “s/IpAddress: /IP:/” | sed “s/\”//g”
snmpwalk.exe -v 1 -c %2 %1 “.1.3.6.1.2.1.4.21″ | grep “NextHop” | sed “s/.*NextHop./ROUTE:/” | sed “s/= IpAddress:/via/”

Geschrieben in hacking | Drucken | Keine Kommentare »

9.10.2009 von matti.

Just a reminder:

With the NMAP installation there are also other binaries that get installed.

One to mention is NCat. To make it short netcat with nice extra options like ssl support….

http://nmap.org/ncat/guide/index.html

Geschrieben in hacking | Drucken | 2 Kommentare »

9.10.2009 von matti.

Hello World!

This is a blog, so guess what will happen here

Kind Regards

Matti

Geschrieben in general | Drucken | Keine Kommentare »