We have been working on a bunch of Backtrack 4 articles recently and one that I started writing awhile back but never finished was on Dmitry or the Deepmagic Information Gathering Tool. When using the TCP Portscan module combined with the output to a file switch, which is done using the -p switch for the TCP Portscan and -o + filename for the output to a file, you will receive a Segmentation Fault. Below is an example when running Dmitry from within Backtrack 4.
Recently some pretty major advances have come around in the world of GPU based hash cracking. Up untill now there was not much for Linux which would utilize multi GPUs to crack password hashs. This has been changed with the release of Oclhashcat. The release of oclhashcat signifies a signifigant jump in the speed on linux based GPU systems. There is also a cpu based version called hashcat but for this article I will be reviewing oclhashcat
Backtrack 4: Information Gathering: Searchengine: The Harvester – Email, User Names, Subdomain & Hostnames Finder
The next tool on Backtrack 4 I am going to review is The Harvester which was written by the guys over at Edge Security. The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. It’s a really simple tool, but very effective.
The supported sources are:
- Google – emails,subdomains/hostnames
- Bing search – emails, subdomains/hostnames
- Pgp servers – emails, subdomains/hostnames
- Linkedin – user names
Below I will go through a few examples of data mining some common search engines for usernames, email address’s and subdomains. The information gained in passive reconnaissance can be a invaluable resource for the penetration tester.
One of the biggest problems when conducting penetration tests and vulnerability assessments is the organization of all the information obtained on the test. I used to use a program called Leo to organize my information because it had a tree like interface and you well able to create a well mapped out report of all your information. A new tool was released last year which has expanded on this same method and added some other very cool features. Dradis is an open source framework to enable effective information sharing during penetration testing exercises. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Dradis is thus an ideal tool to help in the process of security assesments.
TCtrace is like a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. Once again its a very simple tool like the last few I have reviewed and it has one specific function.