Information security articles related to Backtrack Linux, information gathering, Windows, exploitation tools, OSX, reverse engineering, Ubuntu, maintaining access, CentOS, vulnerability assessments, etc.
I recently presented at Hack3rcon in West Virginia on the subject of using Oclhashcat and a fingerprint attack to crack password hash’s.The original article by Atom can be found here. This is the video I made for a back up of my talk in case the live demo failed.
Yesterday I wrote an article about securing your /tmp and /var/tmp directories on a Linux server because I had found some files uploaded to the /tmp directory via the apache user. After locking down those directories I wanted to verify that there were no other issues on the server so I installed Rootkit Hunter and…
In this article, I’ll try to explain as much as I can about hashes and collisions and my latest discovery of a triple hash collision while keeping things as simple as possible. What Is A Hash: It’s a cryptographic function, which takes some data as input, and generates a string, usually composed of hex characters. Now,…
Recently I was doing a security audit on a Linux server and noticed some Apache and PHP items that needed to be modified to make the server more secure. One of the items that should be disabled is allow_url_fopen because the risk that it can be abused. The issue is that allow_url_fopen is on by…
The below article explains how I used password fingerprinting to crack 500,000 password hashes in less than half a day completly automated. This article shows each command step by step, but only to describe the details of how password fingerprinting with oclHashcat works. The reality is that the password fingerprinting process can easily be automated…
I have been using Hashcat and oclHashcat a lot in recent weeks but have been limited to primarily using it on Linux servers so I decided to give it a shot on a couple Windows machines. Below I describe how I got oclHashcat operational on Windows 7 Ultimate 32-Bit on a desktop computer with a…
Recently I have started using Hashcat-gui a lot more to test the strength of various passwords for certain clients. One of the things I wasn’t sure of at first was how to save charsets in the Bruteforce Settings window and while it would be nice if you could have a text file that included various…
Hashcat is an excellent tool to use or security audits of passwords. I will be doing a series of articles relating to anything from simple brute forcing such as the article to more complex techniques using Hashcat, oclHashcat, and the Hashcat-gui on both Windows and Linux operating systems. The goal is to make people more…
Pyrit was recently upgraded on a server that I use and when I logged in to run it manually from the CLI I noticed an error. The error, which is explained in more detail below, complains that the libpcap is to old. The server that this pyrit installation is installed on is CentOS 5.4. CentOS…
Dmitry or Deepmagic Information Gathering Tool is an all in one host information tool included in Backtrack 4’s Information Gathering section. Personally I prefer doing most info gathering using tools built into Linux however it is nice to run a tool like this in the background and come back later if you are multi-tasking. Before…