Backtrack 5 - Available for download

Backtrack 5 is finally available for download. It is available in two version Backtrack 5 & Backtrack 5 R1. It now supports three architectures, ARM, 32 bit & 64 bit. To download click here.

WarVOX - Wardialing Tool Suite (Explore, Classify & Audit Telephone Systems)



WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders.

WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

Read More...

VideoJak - IP Video Security Assessment Tool

VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.

VideoJak works by first capturing the RTP port used in a video conversation and analyzing the RTP packets, collecting the RTP sequence numbers and timestamp values used between the phones. Then VideoJak creates a custom video payload by changing the sequence numbers and timestamp values used in the original RTP packets between the two phones. After the user selects a targeted phone to attack in an ongoing video session, VideoJak delivers the payload over the learned RTP port against the target. This attack results in severely degraded video and audio quality.

Read More...

Backtrack 4 Beta Released



The long awaited next beta release of Backtrack is out. Intially it was only released at the Shmoo Convention and got a great response. The iso and Vmware images are available for download.

* Iso Image with md5 and sha512sum
* Vmware Image with md5 and sha512sum

New Features

* Kernel 2.6.28.1 with better hardware support.
* Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.
* Support for PXE Boot - Boot BackTrack over the network with PXE supported cards!
* SAINT EXPLOIT - kindly provided by SAINT corporation for our users with a limited number of free IPs.
* MALTEGO - The guys over at Paterva did outstanding work with Maltego 2.0.2 - which is featured in BackTrack as a community edition.
* The latest mac80211 wireless injection patches are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.
* Unicornscan - Fully functional with postgress logging support and a web front end.
* RFID support
* Pyrit CUDA support…
* New and updated tools - the list is endless!


For more info checkout its official blog http://backtrack4.blogspot.com

MultiInjector v0.3 released

MultiInjector which claims to the first configurable automatic website defacement tool.
Features

* Receives a list of URLs as input
* Recognizes the parameterized URLs from the list
* Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
* Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
* OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
* Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks
* Optional use of an HTTP proxy to mask the origin of the attacks

Read More...

Data Recovery software - Test Disk



TestDisk is OpenSource software and is licensed under the terms of the GNU Public License (GPL).

TestDisk is a powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table).

TestDisk can

* Fix partition table, recover deleted partition
* Recover FAT32 boot sector from its backup
* Rebuild FAT12/FAT16/FAT32 boot sector
* Fix FAT tables
* Rebuild NTFS boot sector
* Recover NTFS boot sector from its backup
* Fix MFT using MFT mirror
* Locate ext2/ext3 Backup SuperBlock
* Undelete files from FAT, NTFS and ext2 filesystem
* Copy files from deleted FAT, NTFS and ext2/ext3 partitions.

TestDisk has features for both novices and experts. For those who know little or nothing about data recovery techniques, TestDisk can be used to collect detailed information about a non-booting drive which can then be sent to a tech for further analysis. Those more familiar with such procedures should find TestDisk a handy tool in performing onsite recovery.

Operating systems supported

* DOS (either real or in a Windows 9x DOS-box),
* Windows (NT4, 2000, XP, 2003, Vista),
* Linux,
* FreeBSD, NetBSD, OpenBSD,
* SunOS and
* MacOS

Read More...

Advanced application-level OS fingerprinting

Today i want to share an article which i stumbled online. The following whole is thing is by Dan Crowley.


Advanced application-level OS fingerprinting: Practical approaches and examples
Dan Crowley

The current state of OS fingerprinting involves, for the most part, layer 3 & 4 requests and responses. This includes tools like nmap, nessus, p0f, and sinFP. These tools make specific queries and examine the response for things like TCP/IP stack settings, TCP option support, the number of syn+ack packets sent before a timeout, the time interval between syn+ack packets, and the presence of a rst packet sent at timeout. Many of these things are manipulated or deformed by intermediary devices, and much of it can be fairly easily spoofed using freely available tools like IP Personality and Security Cloak.

Application-level OS fingerprinting, on the other hand, relies on data gleaned from an application running on the target host. The current methods include the identification of OS-specific applications, such as Remote Desktop, and "banner grabbing", which involves connecting to a cross-platform application and recording what operating system it claims to be running, usually in the welcome banner (thus the name). Banner grabbing is trivial to fool, usually requiring nothing more complicated than a change in a configuration file. It's not unheard of, for instance, for Apache servers to report that they are running on a Commodore 64.

Considering this, I present an alternate approach to application-level OS fingerprinting. The general idea is that there are certain requests that can be made to cross-platform applications which result in OS-dependant responses. This can be in the form of the data returned by the application, the lack of response, or timing differences in the response, although this is almost certainly not a comprehensive list. One example of existing usage of this technique is in [5]. Based on known differences in responses and known OSes associated with specific responses, one can determine the OS of a host running a service for which such signatures exist.



Hope all like it.

Read More...