A Web Application Tool

Nikto and W3af

Introduction to Nikto
Features of Nikto
Introduction to W3AF
HTTP UTILITIES
CURL
What is CURL?
OPENSSL
Stunnel
Sidebar – Password Cracking
Windows NT Passwords
Windows NT Security
Cracking
Password Cracking – Off Line
Password Cracking – Off Line
Password Cracking - Starters
Password Cracking – Generic Methods
Password Cracking – Generic Methods
Password Cracking – How Do We get the
Passwords?
NTFSDos and SAMDump
PWDump3
Password Cracking Tools – L0phtCrack
Windows NT Passwords
LM Passwords VS. NT Passwords
LANMAN Passwords
LANMAN Passwords – Easy Cracking
NT Passwords
NT Passwords – Not So Easy Cracking
Unix Passwords – John The Ripper
Unix Passwords – John The Ripper
 THC-Hydra
Number one of the biggest security holes are passwords, as every password


security study shows.

Hydra is a parallelized login cracker which supports numerous protocols to attack.



It is very fast and flexible, and new modules are easy to add.


This tool makes it possible for researchers and security consultants to show how


easy it would be to gain unauthorized access to a system remotely.

Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1,


OpenBSD, OSX, QNX/Blackberry, and is made available under GPLv3 with a

special OpenSSL license expansion.
It supports:


 Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET,

HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ,
IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID,
PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP,
SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and
v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC
and XMPP.

For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and


MD5 digest etc. are supported.

 John The Ripper

John the Ripper is a free password cracking software tool. Initially developed for
the Unix operating system, it now runs on fifteen different platforms (eleven of
which are architecture-specific versions of Unix, DOS, Win32, BeOS, and
OpenVMS).

It is one of the most popular password testing and breaking programs as it
combines a number of password crackers into one package, autodetects password
hash types, and includes a customizable cracker.

It can be run against various encrypted password formats including several crypt
password hash types most commonly found on various Unix versions (based on
DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash.

Additional modules have extended its ability to include MD4-based password
hashes and passwords stored in LDAP, MySQL, and others.

Creating strong passwords seems like an easy task at first glance, but it may
actually take more than one would expect. Since there are many programs
especially created to break such locks, it's probably a good idea to actually test the
strength of a passcode before using it.

Attack Types
 One of the modes John can use is the dictionary attack. It takes text string
samples (usually from a file, called a wordlist, containing words found in a
dictionary or real passwords cracked before), encrypting it in the same format as
the password being examined (including both the encryption algorithm and key),
and comparing the output to the encrypted string.

 It can also perform a variety of alterations to the dictionary words and try these.
Many of these alterations are also used in John's single attack mode, which
modifies an associated plaintext (such as a username with an encrypted
password) and checks the variations against the hashes.

 John also offers a brute force mode. In this type of attack, the program goes
through all the possible plaintexts, hashing each one and then comparing it to
the input hash.

 John uses character frequency tables to try plaintexts containing more frequently
used characters first. This method is useful for cracking passwords which do not
appear in dictionary wordlists, but it takes a long time to run.
 PWDump

pwdump is the name of various Windows programs that output the LM and
NTLM password hashes of local user accounts from the Security Account
Manager (SAM).

In order to work, it must be run under an Administrator account, or be able to
access an Administrator account on the computer where the hashes are to be
dumped.

Pwdump could be said to compromise security because it could allow a
malicious administrator to access user's passwords. Most of these programs are
open-source.

If you have had LSASS crash on you using older tools, this should fix that.

fgdump is a more powerful version of pwdump6.

pwdump tends to hang and such when antivirus is present, so fgdump takes
care of that by shutting down and later restarting a number of AV programs.
 L0phtCrack

L0phtCrack is a password auditing and recovery application originally produced by
Mudge from L0pht Heavy Industries.

It uses multiple assessment methods to assist administrators in reducing security
risks.

L0phtCrack helps to identify and remediate security vulnerabilities that result from
the use of weak or easily guessed passwords and recover Windows and Unix
account passwords to access user and administrator accounts whose passwords
are lost or to streamline migration of users to another authentication system.

It is used to test password strength and sometimes to recover lost Microsoft
Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow
tables.

It was one of the crackers' tools of choice, although most use old versions because
of its low price and high availability.

Additionally, some versions of L0phtCrack can process accounts using pre-
computed password tables that contain trillions of passwords.