Scanning helps one to know what services are running on a machine. This will show the open ports on which services are listening for connections. First we will determine whether the target machine is alive or not. This can be done by sending a icmp echo request packet to the server. The server would respond with a icmp echo reply showing that it’s alive. The process to do this on a range of hosts or ipaddresses is known as ping sweep. Of the many methods used, we will look on ICMP ping and echo port ping.
ICMP ping
Your machine will send an icmp echo request (type 8) to the target machine and it would respond with an icmp echo reply(type 0) if it is alive. You can use the Unix ping command to do this:
[root@ns2 root]# ping -c 3 66.218.71.86
PING 66.218.71.86 (66.218.71.86) from 203.41.193.140 : 56(84) bytes of data.
64 bytes from 66.218.71.86: icmp_seq=1 ttl=51 time=207 ms
From 203.41.193.137: icmp_seq=2 Redirect Host (New nexthop: 202.5.165.81)
64 bytes from 66.218.71.86: icmp_seq=2 ttl=51 time=204 ms
64 bytes from 66.218.71.86: icmp_seq=3 ttl=51 time=203 ms
--- 66.218.71.86 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2019ms
rtt min/avg/max/mdev = 203.938/205.171/207.287/1.503 ms
[root@ns2 root]#
At the end it will give you a summary, showing statistics of number of packets received and sent and the %age of packet loss.
Echo port ping
This makes use the echo service running on the target machine which runs on port 7. Whatever you send it, will be echoed back to you. So if you see that it echoed back what you sent, then you can be sure that the target machine is alive.
Two interesting tools on Linux is Fping and Nmap
Fping
Fping sends multiple icmp request packets simultaneously and processes the reply as they occur. This makes ping sweeps faster. Fping can be feeded with an ipaddress or can be given a list of ipaddress on a file.
[root@Krishna]# fping -a -g 203.122.1.0 203.122.1.80
203.122.1.9
203.122.1.26
203.122.1.37
203.122.1.47
203.122.1.54
203.122.1.42
203.122.1.68
203.122.1.80
[root@Krishna]#
Type fping -h for a full listing of available options.
Nmap
Nmap is a powerful tool that can do a lot more than ping sweep.
To use nmap for ping sweeping use the –sP argument.
[root@ns2 root]# nmap -sP 203.122.58.0/24
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host (203.122.58.1) appears to be up.
Host (203.122.58.2) appears to be up.
Host (203.122.58.5) appears to be up.
Host (203.122.58.6) appears to be up.
Host (203.122.58.9) appears to be up.
Host (203.122.58.10) appears to be up.
Host (203.122.58.13) appears to be up.
Host (203.122.58.14) appears to be up.
caught SIGINT signal, cleaning up
[root@ns2 root]#
If ICMP is blocked on the firewall of the target machine, additional techniques can be used to determine whether systems are alive.
Nmap provides a advanced option called TCP ping scan. It is initiated with the argument –PT with a port number such as port 80, since packets to this port is allowed by many firewall and border routers to the systems on their demilitarized zone (DMZ).
[root@ns2 root]# nmap -sP -PT80 203.122.58.0/24
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host (203.122.58.1) appears to be up.
Host (203.122.58.2) appears to be up.
Host (203.122.58.5) appears to be up.
Host (203.122.58.6) appears to be up.
Host (203.122.58.9) appears to be up.
Host (203.122.58.10) appears to be up.
Host (203.122.58.13) appears to be up.
Host (203.122.58.14) appears to be up.
caught SIGINT signal, cleaning up
[root@ns2 root]#
Icmpenum
This tool from Simple Nomad (http://www.nmrc.org/project/misc/icmpenum-1.1.1.tgz) .
Even if the border router or firewall blocks ICMP echo packets , the systems status of being alive can be determined by looking for a different ICMP type, like icmp time stamp request and icmp info requests.
[krishna]# icmpenum –i2 –c 192.168.1.0
In the above example, we enumerated the entire 192.168.1.0 class C network using an icmp time stamp request . Icmpenum can send spoofed packets to avoid detection. Use the s argument to send spoofed packets and passively listen for responses with the p switch.
Icmpquery
Icmpquery can be found at http://packetstormsecurity.com/UNIX/scanners/icmpquery.c
Ping sweeps makes use of icmp echo packets , but there are a lot more types of icmp packets which can be used to gather valuable information about the system. For example you can request the time ona system by sending an ICMP type 13 message (TIMESTAMP) and you can request the netmask of a particular device with the ICMP type 17 message (ADDRESS MASK REQUEST).
To query a routers time, you can run the command:
[root@ns2 files]# ./icmpquery -t 213.206.75.252
213.206.75.252 : Sun Jun 8 16:46:30 2003
[root@ns2 files]#
and to query a routers netmask, use
[Krishna]# icmpquery –m 213.206.75.252
Windows tools:
To do ping sweeps in windows, try the freeware pinger from Rhino9 (http://nmrc.org/snt). Some other tools for windows are Ping Sweep from Solarwinds (http://www.solarwinds.net)
WS_Ping ProPack (http://www.ipswitch.com) NetScan Tools (http://www.nwpsw.com)
Port Scanning:
Port scanning is the process of connecting to TCP and UDP ports on the target system to determine what services are running or in a listening state. Identifying listening ports is essential to determine the type of operating system and application in use on the system.
Types of port scanning:
1.) TCP connect scan: This type of scan connects to the target port and completes a full three way handshake (SYN, SYN/ACK and ACK).
2.) TCP SYN scan: This is also called half-open scanning because it does not complete the three-way handshake, rather a SYN packet is sent and upon receiving a SYN/ACK packet it is determined that the target machines port is in a listening state and if an RST/ACK packet is received , it indicates that the port is not listening.
3.) TCP FIN scan: This technique sends a FIN packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
4.) TCP Xmas Tree scan: This technique sends a FIN,URG and PUSH packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
5.) TCP Null scan: This technique turns off all flags and based on RFC 793 , the target system should send back an RST for all closed ports.
6.) TCP ACK scan: This technique is used to map out firewall rulesets. It can help determine if the firewall is a simple packet filter allowing only established connections or a stateful firewall performing advance packet filtering.
7.) TCP Windows scan: This type of scan can detect both filtered and non-filtered ports on some systems due to anomaly in the way TCP windows size is reported.
8.) TCP RPC scan: This technique is specific to UNIX systems and is used to detect and identify Remote Procedure Call (RPC) ports and their associated program and version number.
9.) UDP scan: This technique sends a UDP packet to the target port. If the target ports responds with an “ICMP port unreachable” message, the port is closed, if not then the port is open. This is a slow process since UDP is a connectionless protocol, the accuracy of this technique is dependent on many factors related to utilization of network and system resources.
We will now discuss some of the more popular and time proven port scanners.
Strobe
Download it from ftp://ftp.rpmfind.net/linux/redhat/7.1/en/powertools/i386/RedHat/RPMS/strobe-1.04-8.i386.rpm
It is one of the fastest and most reliable TCP scanners, it can also grab the associated banner of a particular port. Strobe is a TCP scanner and does not provide UDP scanning capability, as such it can be easily detected by the target machine.
[root@ns2 files]# strobe 213.206.75.252
strobe 1.04 (c) 1995-1997 Julian Assange (proff@suburbia.net).
213.206.75.252 21 ftp File Transfer [Control] [96,JBP]
-> 220-FTP server ready.
-> 220 Only anonymous FTP is allowed here
213.206.75.252 80 http www www-http World Wide Web HTTP
www World Wide Web HTTP [TXL]
[root@ns2 files]#
For a UDP port scanner try udp_scan by SATAN(Security Administrator Tool for Analyzing Networks).
Netcat
This is known to be called the Swiss army knife in security toolkit. It provides both TCP and UDP scanning capabilities. The -v and -vv options provide verbose output, the -z option is used for port scanning, and the -w2 option provides a timeout value for each connection. By default nc uses TCP ports, the -u option is so used to specify UDP scanning.
[root@ns2 files]# nc -v -z -w2 203.122.61.154 1-140
ns2.spectra.com [203.122.61.154] 111 (sunrpc) open
ns2.spectra.com [203.122.61.154] 80 (http) open
ns2.spectra.com [203.122.61.154] 53 (domain) open
ns2.spectra.com [203.122.61.154] 23 (telnet) : No route to host
[root@ns2 files]#
[root@ns2 files]# nc -u -v -z -w2 203.122.61.154 1-140
ns2.spectranet.com [203.122.61.154] 132 (?) open
ns2.spectranet.com [203.122.61.154] 131 (?) open
ns2.spectranet.com [203.122.61.154] 130 (?) open
ns2.spectranet.com [203.122.61.154] 129 (?) open
ns2.spectranet.com [203.122.61.154] 128 (?) open
ns2.spectranet.com [203.122.61.154] 127 (?) open
ns2.spectranet.com [203.122.61.154] 126 (?) open
punt!
[root@ns2 files]#
Network Mapper (nmap)
Nmap from http://www.insecure.org/nmap is a all in one tool. To see a possible list of options use
[root@ns2 files]# nmap –h
[root@ns2 files]# nmap -sP 192.168.0.172
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host ns2.krishna.com (192.168.0.172) appears to be up.
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
[root@ns2 files]#
Nmap allows you to enter ranges in CIDR(Classless Inter-Domain Routing) block notation. The –oN will save the output to a human-readable format and use –oM to save it in a tab-delimited file.
[root@ns2 files]# nmap –sF 203.122.58.0/24 –oN outfile
Windows based port scanners
NetScanTools Pro 2000 http://www.nwpsw.com
SuperScan http://www.foundstone.com/rdlabs/termsofuse.php?filename=superscan.exe
WinScan: http://www.prosolve.com
IpEye http://www.ntsecurity.com
NetCat http://www.atstake.com/research/tools/nc11nt.zip
WUPS http://www.ntsecurity.nu
Fscan http://www.foundstone.com/rdlabs/termsofuse.php?filename=fscan.exe
Thanks Bro ...
Krishna
http://www.KrisinDigitalAge.com
Level 1:
aerosol.zip Aerosol (0.65)
abappwd.zip ABAP PW Crack
aircrack.zip Aircrack (2.4)
aircrackng.zip Aircrack-NG (0.6.2)
aircrackpack.zip Aircrack Pack
aire.zip Aire (1.0)
airsnort.zip Airsnort
asleap.zip Cisco Leap (1.0)
aptools.zip AP Tools (0.1.0)
cowpatty.zip Cowpatty
netstumbler.zip Netstumbler AP Detection (0.4.0)
weplab.zip WepLab (0.1.5)
Donwload:
http://rapidshare.com/files/25265188/Feliks_wireless_pack.zip
Level 2:[update]
EasyWifiRadar
HotSpotter-0.4
Kismet 2005-08-R1
Wellenreiter-v1.9
wepwedgie-alpha-0.1
Download:
http://rapidshare.com/files/26345803/Feliks_wireless_pack_2.zip
Tambahan:
+ the WireShark download:
http://wireshark.newworldorder.com.es/win32//wireshark-setup-0.99.5.exe
+The wireshark official site:
http://www.wireshark.org/download.html
AttachMent Best:
http://rapidshare.com/files/36519722/AIO_Wireless_Hack_Toolz.rar
aerosol.zip Aerosol (0.65)
abappwd.zip ABAP PW Crack
aircrack.zip Aircrack (2.4)
aircrackng.zip Aircrack-NG (0.6.2)
aircrackpack.zip Aircrack Pack
aire.zip Aire (1.0)
airsnort.zip Airsnort
asleap.zip Cisco Leap (1.0)
aptools.zip AP Tools (0.1.0)
cowpatty.zip Cowpatty
netstumbler.zip Netstumbler AP Detection (0.4.0)
weplab.zip WepLab (0.1.5)
Donwload:
http://rapidshare.com/files/25265188/Feliks_wireless_pack.zip
Level 2:[update]
EasyWifiRadar
HotSpotter-0.4
Kismet 2005-08-R1
Wellenreiter-v1.9
wepwedgie-alpha-0.1
Download:
http://rapidshare.com/files/26345803/Feliks_wireless_pack_2.zip
Tambahan:
+ the WireShark download:
http://wireshark.newworldorder.com.es/win32//wireshark-setup-0.99.5.exe
+The wireshark official site:
http://www.wireshark.org/download.html
AttachMent Best:
http://rapidshare.com/files/36519722/AIO_Wireless_Hack_Toolz.rar
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-
1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.
2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.
3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.
4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.
6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning
7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.
8) Collecting the Frames for Cracking WEP/WPA/mix :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP/WPA/mix cracking tool is AirSnort ( http://airsnort.shmoo.com ).
9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.
10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.
11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.
12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.
13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.
14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.
15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces
16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.
17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.
18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.
19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.
Tips for Wireless Home Network Security
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely
- thanks kev
Awareness and Training Awareity MOAT
www.awareity.com
Birch Systems Privacy Posters
www.privacyposters.com
Greenidea Visible Statement
www.greenidea.com
Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com
NIST resources
http://csrc.nist.gov/ATE
SANS Security Awareness Program
www.sans.org/awareness/awareness.php
Security Awareness, Inc. Awareness Resources
www.securityawareness.com
Bluetooth BlueScanner
www.networkchemistry.com/products/bluescanner.php
Bluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gz
BlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt
Blooover
http://trifinite.org/trifinite_stuff_blooover.html
Bluejacking community site
www.bluejackq.com
Detailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf
NIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Certifications Certified Ethical Hacker
www.eccouncil.org/CEH.htm
Dictionary Files and Word Lists ftp://ftp.cerias.purdue.edu/pub/dictftp://ftp.ox.ac.uk/pub/wordlists
http://packetstormsecurity.nl/Crackers/wordlists
www.outpost9.com/files/WordLists.html
Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl
Exploit Tools CORE IMPACT
www.coresecurity.com
Metasploit
www.metasploit.com/projects/Framework
General Research Tools AfriNIC
www.afrinic.net
APNIC
www.apnic.net
ARIN
www.arin.net/whois/index.html
CERT/CC Vulnerability Notes Database
www.kb.cert.org/vuls
ChoicePoint
www.choicepoint.com
Common Vulnerabilities and Exposures
http://cve.mitre.org/cve
DNSstuff.com
www.DNSstuff.com
Google
www.google.com
Government domains
www.dotgov.gov
Hoover's business information
www.hoovers.com
LACNIC
www.lacnic.net
Military domains
www.nic.mil/dodnic
NIST National Vulnerability Database
http://nvd.nist.gov
RIPE Network Coordination Centre
www.ripe.net/whois
Sam Spade
www.samspade.org
SecurityTracker
http://securitytracker.com
Switchboard.com
www.switchboard.com
U.S. Patent and Trademark Office
www.uspto.gov
U.S. Search.com
www.ussearch.com
U.S. Securities and Exchange Commission
www.sec.gov/edgar.shtml
Whois.org
www.whois.org
Yahoo! Finance site
http://finance.yahoo.com
Hacker Stuff 2600 @@md The Hacker Quarterly magazine
www.2600.com
Blacklisted 411
www.blacklisted411.net
Computer Underground Digest
www.soci.niu.edu/~cudigest
Hacker T-shirts, equipment, and other trinkets
www.thinkgeek.com
Honeypots: Tracking Hackers
www.tracking-hackers.com
The Online Hacker Jargon File
www.jargon.8hz.com
PHRACK
www.phrack.org
Linux Amap
http://packages.debian.org/unstable/net/amap
Bastille Linux Hardening Program
www.bastille-linux.org
BackTrack
www.remote-exploit.org/index.php/BackTrack
Comprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.php
Debian Linux Security Alerts
www.debian.org/security
Linux Administrator's Security Guide
www.seifried.org/lasg
Linux Kernel Updates
www.linuxhq.com
Linux Security Auditing Tool (LSAT)
http://usat.sourceforge.net
Metasploit
www.metasploit.com
Network Security Toolkit
www.networksecuritytoolkit.org
Red Hat Linux Security Alerts
www.redhat.com/securityupdates
Security Tools Distribution
http://s-t-d.org
Slackware Linux Security Advisories
www.slackware.com/security
SUSE Linux Security Alerts
www.suse.com/us/business/security.html
Tiger
ftp://ftp.debian.org/debian/pool/main/t/tiger
VLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm
Log Analysis ArcSight Enterprise Security Manager
www.arcsight.com/product.htm
GFI LANguard Security Event Log Monitor
www.gfi.com/lanselm
Internet Security Systems Managed Services
www.iss.net/products_services/managed_services
LogAnalysis.org system logging resources
www.loganalysis.org
Malware chkrootkit
www.chkrootkit.org
EICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htm
The File Extension Source
http://filext.com
McAfee AVERT Stinger
http://vil.nai.com/vil/stinger
Rkdet
http://vancouver-webpages.com/rkdet
Wotsit's Format
www.wotsit.org
Messaging Abuse.net SMTP relay checker
www.abuse.net/relay.html
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
Cain and Abel
www.oxid.it/cain.html
DNSstuff.com relay checker
www.dnsstuff.com
GFI e-mail security test
www.gfi.com/emailsecuritytest
How to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.html
mailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows version
Sam Spade for Windows
www.samspade.org/ssw
smtpscan
www.greyhats.org/?smtpscan
NetWare Adrem Freecon
www.adremsoft.com
Craig Johnson's BorderManager resources
http://nscsysop.hypermart.net
JRB Software
www.jrbsoftware.com
NCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gz
NetServerMon
www.simonsware.com/Products.shtml
Novell Product Updates
http://support.novell.com/filefinder
Pandora
www.nmrc.org/project/pandora
Rcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zip
Remote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip
UserDump
www.hammerofgod.com/download/userdump.zip
Networks Cain and Abel
www.oxid.it/cain.html
CommView
www.tamos.com/products/commview
dsniff
www.monkey.org/~dugsong/dsniff
Essential NetTools
www.tamos.com/products/nettools
Ethereal network analyzer
www.ethereal.com
EtherPeek
www.wildpackets.com/products/etherpeek/overview
ettercap
http://ettercap.sourceforge.net
Firewalk
www.packetfactory.net/firewalk
Getif
www.wtcs.org/snmp4tpc/getif.htm
GFI LANguard Network Scanner
www.gfi.com/lannetscan
GNU MAC Changer
www.alobbs.com/macchanger
IETF RFCs
www.rfc-editor.org/rfcxx00.html
LanHound
www.sunbelt-software.com/LanHound.cfm
MAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtml
Nessus vulnerability scanner
www.nessus.org
Netcat
www.vulnwatch.org/netcat/nc111nt.zip
NetScanTools Pro all-in-one network testing tool
www.netscantools.com
Nmap port scanner
www.insecure.org/nmap
NMapWin
http://sourceforge.net/projects/nmapwin
Port number listing
www.iana.org/assignments/port-numbers
Port number lookup
www.cotse.com/cgi-bin/port.cgi
QualysGuard vulnerability assessment tool
www.qualys.com
SNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zip
Sunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfm
SuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htm
TrafficIQ Pro
www.karalon.com
WhatIsMyIP
www.whatismyip.com
Password Cracking BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
Cain and Abel
www.oxid.it/cain.html
Chknull
www.phreak.org/archives/exploits/novell/chknull.zip
Crack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack
Elcomsoft Distributed Password Recovery
www.elcomsoft.com/edpr.html
John the Ripper
www.openwall.com/john
Ophcrack
www.objectif-securite.ch/ophcrack
Proactive Password Auditor
www.elcomsoft.com/ppa.html
Proactive System Password Recovery
www.elcomsoft.com/pspr.html
pwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zip
NetBIOS Auditing Tool
www.securityfocus.com/tools/543
NTAccess
www.mirider.com/ntaccess.html
RainbowCrack
www.antsight.com/zsl/rainbowcrack
RainbowCrack-Online
www.rainbowcrack-online.com
Rainbow tables
http://rainbowtables.shmoo.com
TSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zip
WinHex
www.winhex.com
Patch Management BigFix Enterprise Suite Patch Management
www.bigfix.com/products/patch.html
Ecora Patch Manager
www.ecora.com/ecora/products/patchmanager.asp
GFI LANguard Network Security Scanner
www.gfi.com/lannetscan
HFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspx
Patch Authority Plus
www.scriptlogic.com/products/patchauthorityplus
PatchLink
www.patchlink.com
SysUpdate
www.securityprofiling.com
UpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.asp
Windows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx
Source Code Analysis Compuware
www.compuware.com/products/devpartner/securitychecker.htm
Fortify Software
www.fortifysoftware.com
Klocwork
www.klocwork.com
Ounce Labs
www.ouncelabs.com
SPI Dynamics
www.spidynamics.com/products/devinspect/index.html
Security Standards Center for Internet Security's Benchmarks/Scoring Tools
www.cisecurity.org
NIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.html
Open Source Security Testing Methodology Manual
www.isecom.org/osstmm
SANS Step-by-Step Guides
http://store.sans.org
Security Education Kevin Beaver's Security on Wheels podcasts and information security training resources
www.securityonwheels.com
Privacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm
Storage CHAP Password Tester
www.isecpartners.com/tools.html#CPT
CIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zip
GrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip
NASanon
www.isecpartners.com/SecuringStorage/NASanon.zip
StorScan
www.isecpartners.com/tools.html#StorScan
Risk Analysis and Threat Modeling SecureITree
www.amenaza.com
Software Engineering Institute's OCTAVE methodology
www.cert.org/octave
Voice over IP Cain and Abel
www.oxid.it/cain.html
NIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
PROTOS
www.ee.oulu.fi/research/ouspg/protos
SearchVoIP.com
http://searchvoip.techtarget.com
SIP Forum Test Framework
www.sipfoundry.org/sftf/index.html
sipsak
http://sipsak.org
SiVuS
www.vopsecurity.org/html/tools.html
vomit
http://vomit.xtdnet.nl
War Dialing Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweep
Sandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrap
THC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zip
ToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip
Web Applications and Databases 2600's Hacked Pages
www.2600.com/hacked_pages
Acunetix Web Vulnerability Scanner
www.acunetix.com
AppDetective
www.appsecinc.com/products/appdetective
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
HTTrack Website Copier
www.httrack.com
Foundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htm
Google Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviews
Netcraft
www.netcraft.com
NGSSquirrel
www.ngssoftware.com/software.htm
N-Stealth Security Scanner
www.nstalker.com/eng/products/nstealth
Paros Proxy
www.parosproxy.org
Pete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htm
Port 80 Software's ServerMask
www.port80software.com/products/servermask
Port 80 Software's Custom Error
www.port80software.com/products/customerror
SiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htm
SQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx
WebInspect
www.spidynamics.com/products/webinspect/index.html
WebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Windows CORE IMPACT
www.coresecurity.com
DumpSec
www.somarsoft.com
Effective File Search
www.sowsoft.com/search.htm
FileLocator Pro
www.mythicsoft.com/filelocatorpro
Legion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zip
Metasploit
www.metasploit.com
Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx
Microsoft TechNet Security Center
www.microsoft.com/technet/security/Default.asp
Network Users
www.optimumx.com/download/netusers.zip
Rpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm
SMAC MAC address changer
www.klcconsulting.net/smac
Vision
www.foundstone.com/knowledge/proddesc/vision.html
Walksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm
Winfo
www.ntsecurity.nu/toolbox/winfo
Wireless Networks Aircrack
http://freshmeat.net/projects/aircrack
AirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htm
AiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overview
AirSnort
http://airsnort.shmoo.com
Cantenna war-driving kit
http://mywebpages.comcast.net/hughpep
CommView for Wi-Fi
www.tamos.com/products/commwifi
Digital Hotspotter
www.canarywireless.com
Homebrew WiFi antenna
www.turnpoint.net/wireless/has.html
KisMAC
http://kismac.binaervarianz.de
Kismet
www.kismetwireless.net
Lucent Orinoco Registry Encryption/Decryption program
www.cqure.net/tools.jsp?id=3
NetStumbler
www.netstumbler.com
OmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzers
RFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.php
SeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparison
Security of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.html
The Unofficial 802.11 Security Web Page
www.drizzle.com/~aboba/IEEE
Wellenreiter
www.wellenreiter.net
WiGLE database of wireless networks at
www.wigle.net
www.wifimaps.com
www.wifinder.com
WinAirsnort
http://winairsnort.free.fr/
Wireless Vulnerabilities and Exploits
www.wirelessve.org
WPA Cracker
www.tinypeap.com/html/wpa_cracker.html
Sebelumnya maaf jika artikel ini merugikan banyak pihak.
Begitu banyak trik untuk mendapatkan sebuah keCERDIKAN dalam berkomunikasi,
apalagi atas nama komunikasi secara GRATIS. ya kan....
Dalam hal ini saya tidak akan banyak basa-basi lagi.
I. Trik telphon gratis Lokal (dalam kota)
Fasilitas dan cara yang digunakan:
1. Telphone umum koin yang masih hidup
2. Pencet angka 1551 <--- catatan: angka 1 terakhir di pencet lama
hingga ada nada "tut/nit/nada sela lainnya"
3. Bila tanda itu telah bunyi baru tekan nomor yang dituju ( nomor
telphone lokal)
4. dan anda akan mendapatkan sambungan langsung dari telkom ke no telp
yang dituju, maka anda bisa bicara sepuas bibir anda.
note: UNTUK NOMOR LOKAL YANG TIDAK BISA DIHUBUNGI BIASANYA DIKARENAKAN:
1. TERLALU BANYAK NOMOR YANG KEMBAR
2. TERLALU BANYAK ANGKA DOMINAN BESAR MISAL 8997896/89868789/ dll
3. DAN BILA TELEPHONE YANG DITUJU BELUM TERPASANG
4. TELKOM SEDANG KENA TROUBLE :))
II. TRIK TELEPHONE GRATIS INTERLOKAL (LUAR KOTA)
Fasilitas dan cara yang digunakan:
1. Telphone rumah, kantor atau wartel tipe B (sangat dianjurkan)
2. Telphonelah seperti kita menelephone biasa ke NOMOR TUJUAN LUAR
KOTA (khusus luar kota)
3. Bicaralah sepuas hati dan sebengkak bibir anda
4. Bila telah selesai percakapan ... PERHATIKAN TRIK INI:
TRIK 1. - SEBELUM ANDA MENUTUP TELEPHON, KETIKLAH NOMOR TUJUAN PERSIS
SEPERTI NOMOR YANG DITUJU PERTAMA
misal: tujuan 021888555000 -> bila telah selesai ketikan
021888555000 lagi
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
TRIK 2. - SEPERTI CARA TRIK PERTAMA TADI CUMAN KITA RUBAH NOMOR TUJUAN
AKHIR
misal: tujuan 021888555000 -> bila telah selesai ketikan
031545552222 (BEDA NOMOR TUJUAN)
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
CATATAN: HATI² DALAM MELAKUAKN AKSI INI KARENA SANGAT MERUGIKAN LAIN PIHAK.
JANGAN SEKALI² GUNAKAN WARTEL TIPE A UNTUK MELAKUKAN TRIK II TELEPON
GRATIS KE LUAR KOTA KARENA AKAN KELIHATAN PADA KOMPUTER BILLING
OPERATOR D DAN PASTI ANDA DICURIGAI KARENA PULSA AKAN HILANG BEGITU
SAJA DARI LAYAR MONITOR OPERATOR WARTEL.
JANGAN SERING² MENGGGUNAKAN TRIK INI, KARENA AKAN MERUGIKAN "PIHAK LAIN" =))
Begitu banyak trik untuk mendapatkan sebuah keCERDIKAN dalam berkomunikasi,
apalagi atas nama komunikasi secara GRATIS. ya kan....
Dalam hal ini saya tidak akan banyak basa-basi lagi.
I. Trik telphon gratis Lokal (dalam kota)
Fasilitas dan cara yang digunakan:
1. Telphone umum koin yang masih hidup
2. Pencet angka 1551 <--- catatan: angka 1 terakhir di pencet lama
hingga ada nada "tut/nit/nada sela lainnya"
3. Bila tanda itu telah bunyi baru tekan nomor yang dituju ( nomor
telphone lokal)
4. dan anda akan mendapatkan sambungan langsung dari telkom ke no telp
yang dituju, maka anda bisa bicara sepuas bibir anda.
note: UNTUK NOMOR LOKAL YANG TIDAK BISA DIHUBUNGI BIASANYA DIKARENAKAN:
1. TERLALU BANYAK NOMOR YANG KEMBAR
2. TERLALU BANYAK ANGKA DOMINAN BESAR MISAL 8997896/89868789/ dll
3. DAN BILA TELEPHONE YANG DITUJU BELUM TERPASANG
4. TELKOM SEDANG KENA TROUBLE :))
II. TRIK TELEPHONE GRATIS INTERLOKAL (LUAR KOTA)
Fasilitas dan cara yang digunakan:
1. Telphone rumah, kantor atau wartel tipe B (sangat dianjurkan)
2. Telphonelah seperti kita menelephone biasa ke NOMOR TUJUAN LUAR
KOTA (khusus luar kota)
3. Bicaralah sepuas hati dan sebengkak bibir anda
4. Bila telah selesai percakapan ... PERHATIKAN TRIK INI:
TRIK 1. - SEBELUM ANDA MENUTUP TELEPHON, KETIKLAH NOMOR TUJUAN PERSIS
SEPERTI NOMOR YANG DITUJU PERTAMA
misal: tujuan 021888555000 -> bila telah selesai ketikan
021888555000 lagi
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
TRIK 2. - SEPERTI CARA TRIK PERTAMA TADI CUMAN KITA RUBAH NOMOR TUJUAN
AKHIR
misal: tujuan 021888555000 -> bila telah selesai ketikan
031545552222 (BEDA NOMOR TUJUAN)
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
CATATAN: HATI² DALAM MELAKUAKN AKSI INI KARENA SANGAT MERUGIKAN LAIN PIHAK.
JANGAN SEKALI² GUNAKAN WARTEL TIPE A UNTUK MELAKUKAN TRIK II TELEPON
GRATIS KE LUAR KOTA KARENA AKAN KELIHATAN PADA KOMPUTER BILLING
OPERATOR D DAN PASTI ANDA DICURIGAI KARENA PULSA AKAN HILANG BEGITU
SAJA DARI LAYAR MONITOR OPERATOR WARTEL.
JANGAN SERING² MENGGGUNAKAN TRIK INI, KARENA AKAN MERUGIKAN "PIHAK LAIN" =))
detikinet Microsoft dikabarkan akan melangsungkan proyek Windows Seven di India. Menurut Jon DeVaan, wakil presiden senior Windows Core Operating System Division yang dilansir The Hindu Bussines Line, divisi Microsoft yang ada di India akan berperan penting dalam pengembangan Windows Seven.
DeVaan mengungkapkan bahwa Microsoft Research and Development di India akan turut memproduksi Windows Seven. Microsoft memutuskan hal ini dalam sebuah pertemuan di Redmond.
Tim pengembangan Microsoft di India ini akan dipimpin oleh Sunil Bansali. Tidak dijelaskan pasti mengapa negara India dipilih sebagai salah satu pusat pengembangan Windows Seven yang telah merencanakan peluncuran Windows Seven pada tahun 2010.
Langganan:
Postingan (Atom)
