linux poison RSS
linux poison Email

High Speed Network Authentication Cracking Tool - Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.

Ncrack was started as a "Google Summer of Code" Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool and can be downloaded from the section below. Be sure to read the Ncrack man page to fully understand Ncrack usage.
Download Ncrack - here
Compile and install Ncrack using following command
tar -xzf ncrack-0.2ALPHA.tar.gz
cd ncrack-0.2ALPHA
su root
make install
Using Ncrack:
The only Ncrack arguments used in this example are the two target IP addresses along with the the corresponding ports for each of them. The two example ports 21 and 22 are automatically resolved to the default services listening on them: ftp and ssh.
$ ncrack

Discovered credentials for ftp on 21/tcp: 21/tcp ftp: admin hello1
Discovered credentials for ssh on 22/tcp: 22/tcp ssh: guest 12345 22/tcp ssh: admin money$

Ncrack done: 2 services scanned in 156.03 seconds.
Ncrack finished.
Ncrack can also be extensively fine-tuned for special cases, though the default parameters are generic enough to cover almost every situation. It is built on a modular architecture that allows for easy extension to support additional protocols. check man pages for more options.

Read more

How To Extract data from .deb file in Linux

A Debian "package", or a Debian archive file, contains the executable files, libraries, and documentation associated with a particular suite of program or set of related programs.

.deb package are just the tar archives but with a proper structural format of  files. You can see and extract any deb package with archive manager tool. From the dpkg-deb man page: “dpkg-deb packs, unpacks and provides information about Debian archives. .deb files can also be manipulated with ar and tar alone if necessary

Use following command to get the list of files within .deb package (Use the ‘x’ option to extract the files)

# ar tv python2.4-setuptools_0.6a1-2_all.deb
rw-r--r-- 0/0      4 Aug 24 22:10 2005 debian-binary
rw-r--r-- 0/0   2024 Aug 24 22:10 2005 control.tar.gz
rw-r--r-- 0/0 168407 Aug 24 22:10 2005 data.tar.gz

The ‘data.tar.gz’ file contains all the files that will be installed with their destination paths:

Read more

How to Compress / Uncompress files using bzip2 in Linux?

bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors.

bzip2 and bunzip2 are file compression and decompression utilities. The bzip2 and bunzip2 utilities are newer than gzip and gunzip and are not as common yet, but they are rapidly gaining popularity. The bzip2 utility is capable of greater compression ratios than gzip. Therefore, a bzip2 file can be 10-20% smaller than a gzip version of the same file. Usually, files that have been compressed by bzip2 will have a .bz2 extension.

Uncompressing a bzip2 File Using bunzip2
To uncompress a bzip2 file, execute the following command:
bunzip2 filename.txt.bz2     (where filename.txt.bz2 is the name of the file you wish to uncompress)
The result of this operation is a file called filename.txt. By default, bunzip2 will delete the filename.txt.bz2 file.

Compressing a File Using bzip2
To compress a file using bzip2, execute the following command:
bzip2 filename.txt     (where filename.txt is the name of the file you wish to compress)
The result of this operation is a file called filename.txt.bz2. By default, bzip2 will delete the filename.txt file.

Read more

Penetration Testing Tool box - PenTBox

PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3.


Below are the list of tools PenTBox contains:
Cryptography tools
  Base64 Encoder & Decoder
  Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512)
  Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512)
  Secure Password Generator
  Files en/decryptor Rijndael (AES) 256 bits – GOST – ARC4

Network tools
  TCP Flood DoSer
  TCP Flood AutoDoSer
  Spoofed SYN Flood DoSer [nmap - hping3]
  Port scanner
  PenTBox Secure Instant Messaging

  L33t Sp3@k Converter

You can download PenTBox v1.3.2 here:
Windows version (Ruby included) –
Linux version – pentbox_1.3.2.tar

Using PenTBox on Linux:
Untar the package using command: tar -xvf pentbox_1.3.2.tar
Go inside the extracted directory using command:  cd pentbox_1.3.2
Type following command to start the PenTBox suite: ruby pentbox.rb

Read more

Convert Flv to Mp3 in Linux - FlvToMp3

FlvToMp3 is a Flash FLV MP3 Converter is a free tool to convert FLV to MP3 audio files.

It allows you to extract audio file from flash FLV and convert FLV files to MP3 format. It features a built-in MP3 splitter to extract/convert only part of FLV file to MP3 audio file. 
The user interface is pretty simple and easy to use as well.

Download FlvToMp3 - here
Untar the package using command: tar -zxvf FlvToMp3_1.2.1_kubuntu.tar.gz
Go inside this directory using command: cd FlvToMp3
Type following command to start the application: ./FlvToMp3

Read more

Hostnames and Virtual Hosts Discovery tool - Hostmap

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
- Sun Tzu, The Art of War
As Sun Tzu said, you have to know your enemy. During an hacking engagement, like a penetration test, you need to retrieve as much information as possible from your target in order to be successful.

Hostmap helps you using several techniques to enumerate all the hostnames and configured virtual hosts associated with an IP address.

In the real world an IP address can be registered in a DNS server with multiple host names, because it can have some aliases or hosting a bunch of websites.
IP address can have following entries in the DNS configuration file CNAME A A A

An user or a penetration tester,that needs to test the security of the IP address machine needs ti know all his host names.

Here the purpose of the hostmap is to discover all the registered DNS hostname or virtual names inorder to get the better knowledge of the target machine.


The major features of Hostmap are:
  * DNS names and virtual hosts enumeration
  * Multiple discovery techniques
  * Results correlation, aggregation and normalization
  * Multithreaded and event based engine
  * Platform independent

Download hostmap from here
Untar the package and type following command to start host-name discoveries: 
ruby hostmap.rb -t and you should see something similar to ....

Read more

Check for security configuration issue on software - YASAT

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
YASAT goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)
Second goal is to document each test with maximum information and links to official documentation.

YASAT does many tests for checking security configuration issue or others good practice.
Don't forget that YASAT is not the only audit tool, You can also use tiger, lynis, sectool, nessus, openvas, Debian's checksecurity, etc... for checking your systems

Installation and Configuration:
Dependencies: sed, cut, grep. YASAT will use also openssl for some tests.
Latest version can be found at
Simply untar the yasat tarball: tar xvzf yasat1.tar.gz
Change directory to yasat directory: cd yasat
and type ./ -s to start system configuration check using YASAT

Read more

IDS/IPS/WAF Evasion & Flooding Tool - Inundator

Inundator is a multi-threaded, queue-driven, IDS evasion tool. Its purpose is to anonymously flood intrusion detection systems (specifically Snort) with traffic designed to trigger false positives via a SOCKS proxy in order to obfuscate a real attack.

The general idea is one would launch inundator prior to starting an attack, allow it to run during the attack, and continue to run it a while longer after you’ve accomplished the attack. The goal, of course, is to generate an overwhelming number of false positives so that your real attack is essentially buried within the other alerts, minimizing the chance of your attack being detected. It could also be used to ruin an IDS analyst’s day, or keep an organization’s infosec department busy for a while.

Other Example Scenarios:
  * Before, during, and after a real attack to bury any potential alerts among a flood of false positives.
  * Seriously mess with an IDS analyst and keep an InfoSec department busy for days investigating false positives.
  * Test the effectiveness of an intrusion detection or prevention system. Less alerts means a better product; more alerts means a horrible product.


Downloading and installing Inundator:
The preferred method of installation for all other .deb-based distributions is via software repository. This is by far the best and simplest way of installing Inundator and its dependencies.

Add repository to /etc/apt/sources.list:
deb all/
Next, download and install our GPG key:
apt-key add inundator.asc
Then you can automatically pull in Inundator and all its dependencies:
aptitude update
aptitude install inundator
Read more

Detection & Exploitation Of SQL Injection Flaws - Safe3 SQL Injector

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:
var username;
username = Request.form ("username");
var sql = "select * from OrdersTable where username = '" + username + "'";
The user is prompted to enter the name. If he enters nikesh, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE username = 'nikesh'
However, assume that the user enters the following:
nikesh'; drop table usersTable--
In this case, the following query is assembled by the script:
SELECT * FROM OrdersTable WHERE username = 'nikesh';drop table usersTable--'
The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored.

If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where username is nikesh. Then, SQL Server will drop usersTable.


Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws (as shown above) and taking over of back-end database servers.

Safe3 SQL Injector Features:
  * Full support for GET/Post/Cookie Injection;
  * Full support for HTTP Basic, Digest, NTLM and Certificate authentications
  * Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
  * Full support for Error/Union/Blind/Force SQL injection
  * Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
  * Super bypass WAF 

You can download Safe3 SQL Injector here: Safe3SI.6.2.rar

Read more

How to enable MP3, MPEG-4, AVI, DiVX, etc. in OpenSuse 11.3 Linux

Why doesn’t OpenSuSe support MP3 ‘out of the box’?

OpenSuSe cannot include support for MP3 or DVD video playback or recording. MP3 formats are patented, and the patent holders have not provided the necessary licenses. OpenSuSe also excludes other multimedia software due to patent, copyright, or license restrictions, such as Adobe Flash Player and RealNetworks RealPlayer.

That doesn’t mean you can’t play .mp3 files in OpenSuSe , it just takes a bit of work (not much).

Follow these instructions to get mp3 and other multimedia support on your OpenSuSe 11.3.

Use "1-click" installer to install all the required Codecs pack
If you are using KDE - Download and run (execute) this
If you are using Gnome - Download and execute this
To enable DVD playback - Download and execute this
This will enable you to have:
  Latest Amarok (with MP3 Support) for KDE, or Helix-Banshee for GNOME users
  Encrypted DVD (libdvdcss)
  Extra XINE Codecs, for DivX/Xvid etc. (libxine1)
  K3b with MP3 Support (k3b-codecs)
  Win 32 Codecs (w32codec-all)

Multimedia Players:
Mplayer - Download and run this file.
VLC Player - Download and run this file.

And after successful installation you should be able to play any media files.
Read more

Malware Analysis Linux OS - REMnux

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu

REMnux isn't a fancy distribution that was built from scratch... In simple terms, it's a virtual machine that runs Ubuntu and has various useful malware tools set up on it.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

Malware Analysis Tools Set Up On REMnux
  * Analyzing Flash malware: swftools, flasm, flare
  * Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type "ircd start"; to shut it down "ircd stop". To launch the IRC client, type "irc".
  * Network-monitoring and interactions: Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat
  * JavaScript deobfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n
  * Interacting with web malware in the lab: TinyHTTPd, Paros proxy
  * Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe
  * Dealing with protected executables: upx, packerid, bytehist, xorsearch, TRiD
  * Malicious PDF analysis: Didier's PDF tools, Origami framework, Jsunpack-n, pdftk
  * Memory forensics: Volatility Framework and malware-related plugins
  * Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server

Downloading REMnux
You can download the REMnux distribution as a VMware virtual machine, which is encapsulated in a zip archive file. The file's MD5 hash is dc28330411acafc6b7f595a11e8b7ea4.
Read more

Open Source Web Application Security Assessment Tool - Andiparos

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers...

  * Smartcard support
  * History Filter (URLs)
  * Tag requests in history
  * other small enhancements...

Installation and Using  Andiparo:
Download Andiparos from here
Untar the package into some directory and start the application using command: javaw -jar andiparos.jar

This will start the andiparos on port 8080 (default), now you need to configure your browser to point to port 8080 and start browsing the application using the browser and all the activity (url) will get capture by andiparos, as you can see the image below.

After this you can scan through the requests using application option (Analyse > Scan all) and can generate the report for this scan using option (Report > last scan report)
Read more

Large Text File (logs) viewer - Rowscope

Rowscope is a file viewer for large text files. It can read files larger than 1 GB. It is very fast (a few seconds to examine a 1GB file) and it never blocks.

The idea back Rowscope is that a person cannot read the whole file when it is so large; a person can only read some parts of the file, possibly the ones that contain the information he is looking for.
For example when somebody reads the log file produced by an application, he will probably look for a specific error or for the lines produced in a specific period of the day.

With Rowscope the user:
Localizes the part or parts of the file that he wants to read, using search strings or regular expressions.
Then he can expand one of the rows he has found, which means that he makes Rowscope display the rows immediately before or after that row.

The main features of Rowscope are the following:
  * It never blocks the GUI. The user is able to write text and click buttons when Rowscope is loading a file.
  * It does not monopolize the CPU. There are moments in which Rowscope uses some CPU, but it never blocks the other applications.
  * It does not use a large amount of memory. It uses some MBytes of memory, but it never becomes a problem for the operating system or the other applications.
  * It is always able to stop. It is always possible to stop or close Rowscope, also when it is loading/analyzing a file.

you need to have java installed in-order to use Rowcopy

java -jar rowscope_1_0_linux_gtk_32.jar

Above command will install the Rowscope into your home directory

Read more

How to Enable / Disable Modules into Apache on Linux

Apache is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive.

The module are available in the /etc/apache2/mods-available directory. You can use the a2enmod command to enable a module. You can use the a2dismod command to disable a module. Once you enable the module, the module will be available in the the /etc/apache2/mods-enabled directory.

To enable ssl module, use following command:
sudo a2enmod ssl
To enable suexec module, use following command:
sudo a2enmod suexec
When you’re finished enabling the modules that you want, you’ll need to perform a “force-reload” of Apache using following command: sudo service apache2 restart

Note: Above commands (a2enmod  and a2dismod) will work with any Linux distribution and not only limited to Ubuntu.
Read more

CentOS is now the most popular Linux distribution on web servers

CentOS is a well known Linux distribution with a strong focus on server machines rather than on desktop PCs. For the first time, CentOS is now leading the Linux distribution statistics on web servers with almost 30% of all Linux servers.

Source: here
Read more

How to get Technical and Tag information about a video or audio file - MediaInfo

MediaInfo supplies technical and tag information about a video or audio file.
It is free software (free of charge and free access to source code: GPL or LGPL licence)

With MediaInfo you can easily get the following information:
  * General: title, author, director, album, track number, date, duration...
  * Video: codec, aspect, fps, bitrate...
  * Audio: codec, sample rate, channels, language, bitrate...
  * Text: language of subtitle
  * Chapters: number of chapters, list of chapters

Following are the Video/Audio format supported by Mediainfo:
Video: MKV, OGM, AVI, DivX, WMV, QuickTime, Real, MPEG-1, MPEG-2, MPEG-4, DVD (VOB)...
(Codecs: DivX, XviD, MSMPEG4, ASP, H.264, AVC...)
Audio: OGG, MP3, WAV, RA, AC3, DTS, AAC, M4A, AU, AIFF...
Subtitles: SRT, SSA, ASS, SAMI...

Ubuntu users can install it from the MediaInfo PPA:
sudo add-apt-repository ppa:shiki/mediainfo
sudo apt-get update
sudo apt-get install mediainfo
OpenSuSe user can install MediaInfo - here

Read more

How to Lock / UnLock (Enable / Disable) Linux User Account

Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.

To lock, you can use the follow command:
# passwd -l username (where username is the login id).
This option is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string (by prefixing the encrypted string with an !).

After that, if someone try to loginusing this account, the system will return:
# su - username
This account is currently not available.

To Unlock the same account
Following command re-enables an account by changing the password back to its previous value i.e. to value before using -l option.
# passwd -u username
This removes the '!' in front of the encrypted password
Read more

Merge or Encrypt / Decrypt PDF files using pdftk

Pdftk is a simple command line tool for doing everyday things with PDF documents. Use it to merge PDF documents, split PDF pages into a new document, decrypt input as necessary (password required), encrypt output as desired, fill PDF forms with FDF data and/or flatten forms, apply a background watermark, report on PDF metrics, update PDF metadata, attach files to PDF pages or the PDF document, unpack PDF attachments, burst a PDF document into single pages, decompress and re-compress page streams, and repair corrupted PDF files (where possible).

Ubuntu user can install pdftk using following command: sudo apt-get install pdftk

Using pdftk:
Once installed, we can merge pdf files using following command:
pdftk 1.pdf  2.pdf  3.pdf cat output 123.pdf
Encrypt a PDF using 128-Bit Strength (the Default) and Withhold All Permissions (the Default)
pdftk mydoc.pdf output mydoc.128.pdf owner_pw foopass
Decrypt a PDF
pdftk secured.pdf input_pw foopass output unsecured.pdf
Read more

Install Group of Sofware on Ubuntu using Tasksel

Tasksel is an installation system that is an integral part of the Debian installer (it is also included in Ubuntu). Tasksel groups software packages by tasks and offers an easy way to install all the packages needed for that task. It provides the same functionality as using conventional meta-packages.

Tasksel is present on all versions of Ubuntu's installer

To run tasksel from the command line, type: sudo tasksel
the tasksel menu will be shown:
Already-installed tasks will have an asterisk beside their name. Select a task by scrolling down and pressing space. This will put an asterisk beside the selected task and mark it for installation. Removing an asterisk marks the task for removal. Once "ok" is selected the task installations and/or removals will take place using apt-get.

Command line arguments
You can also directly specify which task to install.
For instance, to add the Apache-MySQL-PHP stack to an existing system:
sudo tasksel install lamp-server
For complete options, see the tasksel manpage: man tasksel
Read more

Search News, Bug fixes, Tips and Tricks, etc. for Ubuntu using Googlubuntu search Engine

Googlubuntu is a search engine created by Google to search news, bug fixes, tips and tricks, etc.. for Ubuntu and Kubuntu Linux

With this tool you can easily search, programs, tutorials, documents, grants, news and much more. For that Googlubuntu indexes sites in both Spanish and English.

Googlubuntu resources are from:,,,,,,,, google groups «ubuntulinux» and «kubuntu»,,,,,,,,, google groups on spanish.

In addition and if you're using Firefox, you can use Googlubuntu firefox plugin to add Googlubuntu search bar.
Read more

Tweet from command line using curl

curl is a client to get documents/files from or send documents to a server, using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction or any kind of interactivity.

curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, SSL (https:) connections, cookies, file transfer resume and more

curl is availabe mostly on all Linux distros but you can download a binary package from cURL's download page if you don't have it installed.

Open the terminal and past the below mentioned command to send the status to the twitter
curl --basic --user username:password --data status="Linux"
command explanation
--basic --user username:password

The above piece of code will authenticate your Twitter username and password.

--data status="Linux"

The above piece of code will send the data to the API i.e your new status which will be in the form of POST HTTP request.

The main part of the code which is the URL of the Twitter API.
Read more
Related Posts with Thumbnails