Information Security

dictstat – Backtrack 5 – Privilege Escalation – Password Attacks – Offline Attacks – dictstat

The dictstat Python script is a great little tool for password cracking results analysis or for regular wordlist analysis. The dictstat application is located in the /pentest/passwords/pack directory on Backtrack 5 R3 and can be run using “python dictstat.py” from within that directory. Written by iphelix during the 2010 Crack Me If You Can password cracking competition and is part of a larger toolset called PACK or Password Analysis and Cracking Kit. Below we show some examples of dictstat in action along with some details of the available parsing mechanisms that are in place.

Information Security

dnschef – Backtrack – Privilege Escalation – Spoofing Attacks – Network Spoofing – dnschef

If you want to spoof some DNS requests then dnschef is the tool to do it. I can never get enough of redirecting innocent Internet surfers to random locations. The main key for dnschef to be extremely useful is the fact that you will have to somehow get the traffic to the Backtrack Linux server running dnschef which could be done by gaining access and modifying DNS entries on a single server or by poisoning the real DNS server on a network. Below we show a couple examples of dnschef in action but overall it is really easy to use and the hard part will be figuring out the method you use to get the DNS (Domain Name Server) traffic to the Backtrack server running dnschef.

Information Security

sqllhf – Backtrack 5 – Vulnerability Assessment – Database Assessment – MSSQL Assessment – sqllhf

It appears that SQLLHF no longer works in Backtrack 5 release 3. When attempting to run this application it throws an error. I may update this article later with more information as I know the author of the software and once I can speak with him I will update accordingly. The good news is SQLLHF doesn’t accomplish any goals that other Microsoft SQL Server tools can accomplish so there is no loss in terms of functionality however at this point its just taking up real estate in the BT5 menu.