Jul 072014
 

The TP-Link WR703N Expander is an open source hardware extension to the TP-Link WR703N. It was created by Kean Electronics (http://www.kean.com.au/) and can be purchased from Seeed Studio (http://www.seeedstudio.com/).  I won’t go into the details of what the Expander includes and what you can do with it.  This article details how I created my own enclosure for the Expander since I don’t have a 3D printer and I didn’t want to purchase the enclosure from one of the 3D printer fabrication sites.

Continue reading »

 Posted by at 8:35 pm
Feb 052014
 

Install the latest John the Ripper 1.7.9 with the Jumbo 7 patch. Before downloading John you will need to install the CUDA development files. See this blog article for instructions on how to install the latest Nvida drivers for Ubuntu 13.10 and latest CUDA development files.
Continue reading »

Jan 212014
 

You can probably get by with leaving off that last part of the title and still succeed with this attack.  Today we will be making a Password Pwn Stew.  Add a little Ettercap (link), with a dash of Metasploit (link), a smidgen of password cracking with Rcrack (link) and Rainbowtables (link), and if required a pinch of Hashcat (link) to taste.  You will have yourself some tasty pwnage.

Note, your mileage may vary with this stew.  I’m not Martha Stewart.  Also the stew analogy ends here :-)
Continue reading »

Jan 022014
 

When you obtain a NetLM password hash with the known challenge of 1122334455667788 you are able to utilize the HALFLMCHALL rainbowtable to identify the first seven (7) characters of the password. The second half is left to identify. Tutorials exist (including my site, as well as here and here) on how to capture the NetLM hash using Metasploit. Metasploit comes with a Ruby script in the tools folder that will bruteforce the remaining characters of the password when you provide the complete NetLM hash and the first seven (7) characters of the recovered password. However, for passwords that are 11+ characters it is time prohibitive to bruteforce the remaining characters as show below.
Continue reading »

Jan 012014
 

Download the Rcracki_mt Linux binary from http://sourceforge.net/projects/rcracki/files/rcracki_mt/rcracki_mt_0.7.0/

$ sudo apt-get install p7zip links
$ cd ~/tools
~/tools$ links http://sourceforge.net/projects/rcracki/files/rcracki_mt/rcracki_mt_0.7.0/rcracki_mt_0.7.0_linux_x86_64.7z/download
~/tools$ p7zip -d rcracki_mt_0.7.0_linux_x86_64.7z
~/tools$ cd rcracki_mt_0.7.0_linux_x86_64/

Download the HALFLMCHALL Rainbowtables from https://www.freerainbowtables.com/tables/

$ mkdir -p RainbowTables/halflmchall
$ cd RainbowTables/halflmchall
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_0/halflmchall_alpha-numeric%231-7_0_2400x57648865_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_0/halflmchall_alpha-numeric%231-7_0_2400x57648865_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti.index
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_1/halflmchall_alpha-numeric%231-7_1_2400x56281894_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_1/halflmchall_alpha-numeric%231-7_1_2400x56281894_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti.index
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_2/halflmchall_alpha-numeric%231-7_2_2400x58928524_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_2/halflmchall_alpha-numeric%231-7_2_2400x58928524_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti.index
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_3/halflmchall_alpha-numeric%231-7_3_2400x58924114_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti
~/RainbowTables/halflmchall$ wget http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/halflmchall/halflmchall_alpha-numeric%231-7_3/halflmchall_alpha-numeric%231-7_3_2400x58924114_1122334455667788_distrrtgen%5bp%5d%5bi%5d_0.rti.index

Dec 112013
 

So Tenable has made a bunch of changes and additions to the XML (.nessus) file and I’ve tried my best to incorporate them into the project.  First off they did something awesome which is alphabetize the XML elements.  So I’ve done that as well in the Nessus parse and report scripts.  It makes it so much easier to manage.  So with new elements comes new table columns.  If using this code base you should know that you need to clear all data from the DB.  I made the exploit table even less crappy and included the new XML elements around core, canvas, and d2 elliot frameworks.  I added “Show more/Show less” options for the vulnerability site indexes (CVE, BID, etc)  I noticed that listing them all out can create one long report and who really needs to have the links for all 30 CVEs around java anyway :-)  I include any JS and CSS in the HTML instead of linking to a file.  I know…goes against all HTML teachings.  But this makes one neat file/report when you save the HTML as a file in any browser.  No more stupid folder with all the “files”.  I’ve also made some changes to the Executive report.  You now have an option to report on Nessus Plugin or CVE total.  Look for BID, OSVDB, etc in the near future.

Code here. (http://www.jedge.com/docs/projectRF.12.11.2013.zip)

Oh, and lastly…the Nessus Vuln Matrix is broken as I need to update the code to reflect all the changes.  It mostly centers around the CVSS field breaking out into four elements.

Sep 012013
 
ISACA Atlanta Geek Week Logo

ISACA Atlanta Geek Week

The 6th annual Atlanta Chapter of ISACA GEEK WEEK conference was held the week of August 19 – 23, 2013. GEEK WEEK is a track-oriented, full week Conference focusing on providing training, networking, and roundtable sessions on IT governance, audit & security.

I conducted the presentation Compliance Based Penetration Testing: You’re Doing it Wrong. You can find the presentation slides here. For links and information on the other presentations you can go here.