Hacking Tools Flashcards
Web attack tools
Burp Suite, WebScarab, HTTPrint, BeeF
Mimikatz
Pass the hash tool. Allows you to extract passwords in plain text. Included in metasploit as a module
Link-local Multicast Name Resolution/ NetBios Name Service attack
Victim uses service to find resource. Attacker broadcasts that they are the resource and poisons Victims service. This is multicast. If the interaction require authentication victim sends NTLNv2 user name and hash. offline cracking.
LLMNR/NBT-NS attack tools
NBNSpoof, Responder, Pupy
Mitigations for LLMNR/NBT-NS attack
Disable LLMNR/NBT-NS services in computer security setting or Group Policy. Other security software NOS
Can monitor for at HKLM\software\policies\microsoft\windowsNT\DNSClient “DWORD” = 0 means it is disabled. Watch port 5355 (llmnr) and 137 (NTBIOS)
Password recovery tools
CHNTPW (Linux utility), Stellar Phoenix, Windows Password Recovery Ultimate, ISeePassword, Windows Password Recovery Tool, Passware Kit, PCUnlocker
Password Attacking tools
Cain and Abel (also network sniffer, Password sniffer, arp spoofer, Hamster proxy), ScoopLM (captures LM and NTLM and has a cracker), KerbCrack (sniffer and cracker), THC Hydra (dictionary attack)
remote execution tools
RemoteExec, PDQDeploy, Dameware, Remote support, psEXEC
Six stages of web server attack methodology
Information gathering, web server foot printing, website mirroring, vulnerability scanning, session hijacking, password cracking
Trojan and virus making program
Dark Horse trojan virus maker
Senna Spy Generator
Trojan Horse Construction Kit
Progenic mail Trojan Construction Kit
Pandora's Boxnet view /domian:domianname
Shows all systems in the domain name provided
net view \systemname
Displays a list of domains, computers, or resources that are being shared by the specified computer
net use
List all network drives and mapped shares
net use \target\ipc$ “” /u:”
Sets up a Null session
net use Z: \somename\fileshare
Mounts Z: folder onto the machine if persistent:yes is added mount will stay after reboot
Password recovery tools 7
CHNTPW (Linux utility), Stellar Phoenix, Windows Password Recovery Ultimate, ISeePassword, Windows Password Recovery Tool, Passware Kit, PCUnlocker
Password Attacking tools
Cain and Abel (also network sniffer, Password sniffer, arp spoofer, Hamster proxy), ScoopLM (captures LM and NTLM and has a cracker), KerbCrack (sniffer and cracker), THC Hydra (dictionary attack)
remote execution tools
RemoteExec, PDQDeploy, Dameware, Remote support
Hyena
Windows enumeration tool with GUI
Forbidden Attack
The forbidden attack is a type of man-in-the-middle attack using hijacked HTTPS sessions. It seeks to exploit reusing the cryptographic nonce used during the TLS handshake. After hijacking the session, an attacker may inject malicious code and forged content in order to obtain sensitive information from the victim such as bank information or social security numbers.
FREAK attack
“Factoring RSA Export Keys”) is a security exploit of a cryptographic weakness in the SSL/TLS protocols
CRIME attack
CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression.[1] When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks
