penetration testing

UPDATED: Installing THC-Hydra 5.7 on Ubuntu Lucid Lynx 10.04

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu. Here is how I finally did it.

First I installed dependencies.
sudo apt-get install build-essential libssl-dev libssh-dev libgtk2.0-dev libssh2-1-dev

Next, grab the Hydra source code.
wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

I tend to use the packet sniffer Wireshark here and there at work. I use it in its most basic form. I perform a capture without any capture filters. After completing the capture I use Display Filters to squeeze out the information I need. A simple list of examples can be found here:
http://wiki.wireshark.org/DisplayFilters

I mirrored the web page here as a bookmark for myself.
http://wiredbytes.com/external/DisplayFilters.htm

UPDATED: Installing THC-Hydra 5.7 on Ubuntu Lucid Lynx 10.04
UPDATED:HOWTO: Install THC-Hydra 5.4 in Ubuntu Karmic Koala 9.10

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu Intrepid Ibex. Here is how I finally did it.

First installed dependencies. Note: I couldn't compile xhydra but I am including libgtk2.0 anyway. Maybe someone can post a solution.

sudo apt-get install libssl-dev libgtk2.0-dev

Next, grab the Hydra source code.

wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

Today I bumped into an interesting application called pmdump (http://www.ntsecurity.nu/toolbox/pmdump/).

According to the website "PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process."

So how is this useful you may ask? Well, let me show you.

For my test case I decided to look at Google's Chrome Browser since I know I use passwords to log into web sites like my bank's site.

I looked up the PID (process Identification number) of the browser by using Microsoft Sysinternal's pslist command line tool.

C:\hacktools>pslist chrome
...
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
chrome 2440 8 28 582 34892 0:02:13.609 7:59:29.048

UPDATED: Installing Metasploit on Ubuntu Lucid Lynx 10.04

Metasploit is another one of those best of breed applications found in many computer security experts' tool shed. Metasploit.com has instructions for installing Metasploit on Ubuntu/Kubuntu/Debian Linux on their website (http://trac.metasploit.com/wiki/Metasploit3/InstallUbuntu). I find that there are a lot of forums trying to get through the vague instructions.

Here are my steps for getting metasploit installed on Ubuntu Intrepid Ibex. Even the GUI works, which seems to be one of the biggest challenges.

First, install all the dependencies, Ruby on Rails and subversion.

sudo apt-get install build-essential ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby libiconv-ruby libgtk2-ruby libglade2-ruby subversion sqlite3 libsqlite3-ruby irb

Port scanners allow you to scan a network and collect information quickly. NMap (http://insecure.org/) is probably the most used port scanner. The reason for this is that 1) its free as in beer and 2) its a REALLY good product. That being said, you will find a plethora of guides and forum discussion all over the internet.

Getting to know your network is easy with nmap. Need to find all the hosts on your network:

nmap -sP 192.168.1.0/24

What if an IIS worm is creating crazy traffic on your network, locate all the web servers on the network:

nmap -p80 192.168.1.0/24