[Question] Hack ---- Window, linux |
26/12/2006 07:33:42 (+0700) | #1 | 32782 |
|
Hts
Member
|
0 |
|
|
Joined: 15/12/2006 11:01:28
Messages: 193
Location: OEP
Offline
|
|
Các sư phụ ơi cho em hỏi nếu dùng Winow ma muốn hack thì phải kiếm các loại công cụ hả,thế còn linux thì có cần ko(VD cho 1 trang web tỏi chảng hạn).
Nếu cứ phải phụ thuộc vào cả tấn công cụ dò tìm lỗ hổng rồi lại cần 1 tấn khác để chọc ngoáy vào đó thì chán wá nhỉ |
|
|
|
|
[Question] Hack ---- Window, linux |
26/12/2006 09:54:54 (+0700) | #2 | 32795 |
|
nora
Elite Member
|
0 |
|
|
Joined: 20/09/2006 00:08:43
Messages: 360
Location: UK
Offline
|
|
VipHts wrote:
Các sư phụ ơi cho em hỏi nếu dùng Winow ma muốn hack thì phải kiếm các loại công cụ hả,thế còn linux thì có cần ko(VD cho 1 trang web tỏi chảng hạn).
Nếu cứ phải phụ thuộc vào cả tấn công cụ dò tìm lỗ hổng rồi lại cần 1 tấn khác để chọc ngoáy vào đó thì chán wá nhỉ
Tùy theo trình độ của hacker
nhiều lúc đâu cần phải tool, hack cái gì cũng vậy thôi, nếu bạn có trình độ thì viết tool cho riêng mình,
tuy nhiên biết sử dụng những gì mình cần và sự phối hợp liên hoàn giũa tài trí của bạn và các công cụ thì tốt hơn. |
|
|
|
|
[Question] Hack ---- Window, linux |
27/12/2006 13:19:55 (+0700) | #3 | 33030 |
|
quocky711
Member
|
0 |
|
|
Joined: 16/12/2006 11:30:13
Messages: 12
Offline
|
|
Nghe cái tool mà nora nói .. có vẻ cao thủ lắm đây.. hay mình đề nghị thế này ... bạn có thể share cái tool của riêng bạn để mọi người cùng nghiên cứu !!! |
|
|
|
|
[Question] Hack ---- Window, linux |
27/12/2006 14:16:04 (+0700) | #4 | 33041 |
|
BachDuongTM
Member
|
0 |
|
|
Joined: 29/06/2006 17:39:39
Messages: 85
Offline
|
|
quocky711 wrote:
Nghe cái tool mà nora nói .. có vẻ cao thủ lắm đây.. hay mình đề nghị thế này ... bạn có thể share cái tool của riêng bạn để mọi người cùng nghiên cứu !!!
vậy theo các bạn dùng tools có lợi ở điểm gì ??
<nghe có vẻ ngớ ngẩn nhỉ >
thực tế mà nói ,tools giúp chúng ta rút ngắn thời gian trong việc làm gì đó vì chỉ việc nhấn nút là nó tự động thực hiện liên hoàn một số bước nào đó.Cho nên nếu như bạn dựa vào tools và bạn kô hiểu tools đó nó làm thay cho ta điểm gì thì bạn sẽ mãi chỉ là chú lùn mà thôi.
Linux hay win đều là những sản phẩm của rất nhiều con người tài giỏi làm nên,đừng có ảo tưởng rằng nó chỉ là chiếc tàu bay giấy,chỉ có những lỗi vô cùng ngớ ngẩn <do người quản trị hệ thống gây ra> hoặc những lỗi vô cùng nghiêm trọng<do một số người khác phát hiện ra> thì mới có thể khiến cho người ngoài xâm nhập thành công được.
Tools chỉ là công cụ hỗ trợ cho bạn thôi ===> đừng có quá coi trọng tools .
bạn nên chú ý đến việc mình đang định làm gì và quyết định dùng tools nào,google trả lời câu hỏi này .
vd nhé: biết IP máy đích rồi ,scan cổng để kết nối chứ gì lên google mà tìm : scan ports ===> ra 1 đống |
|
|
|
|
[Question] Re: Hack ---- Window, linux |
28/12/2006 21:33:57 (+0700) | #5 | 33190 |
mafia8505
Member
|
0 |
|
|
Joined: 09/07/2006 06:17:45
Messages: 14
Offline
|
|
cẩn thận khi dụng tool này
NetTools
It is a set of network tools useful for everyone which includes: NetStat, NBScan, Shares, LMHosts, NAT, RawTCP, TraceRoute, Ping, NSLookup and ProcMon etc..
Platform: Windows
MegaPing
It is the ultimate must-have toolkit that includes: Scanners: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, Share Scanner. Security scanner provides the following information: NetBIOS names, Configuration info, Missing Security Patchs, Installed Service Packs, open TCP and UDP ports, Transports, Shares, Users, Groups, SNMP, Services, Drivers, Local Drives, Sessions, Remote Time of Date, Printers. Monitors: Host and Port Monitor. System Information: System Info Viewer, Advanced Process Viewer, Network Resources Viewer. Network utilities: DNS list host, DNS lookup name, Network Time Synchronizer, Ping, Traceroute, Whois, and Finger.
Platform: Windows
Sam Spade
It is an integrated network query tool that includes ping, nslookup, whois, IP block whois, dig, traceroute, Finger, SMTP VRFY, web browser, keep-alive, DNS zone transfer, SMTP relay check, Usenet cancel, check website, download website, email header analysis Email blacklist query, Abuse address query, S-Lang scripting, Time. Each tool displays it s output in it s own window, and everything is multi-threaded so you don t need to wait for one query to complete before starting the next one.
Platform: Windows
scan
Nessus
It is a powerful and free remote vulnerability scanner. It offers a wealth of configuration and scanning options, though some users might find them overwhelming. One may need to devote a significant amount of time learning the intricacies of the application to use it most effectively. Based on a client/server architecture, Nessus lets users run the administrative console, which executes vulnerability scans and holds databases on a machine other than the server. Client front ends are available for Java, Win32, and X11, making Nessus a true cross-platform tool that can scan Linux, Windows, and Unix hosts. Nessus provides an astonishing quantity of customized tests called plug-ins. These include interesting scans that look for vulnerabilities in routers from Cisco and other companies, CGI scripts, buffer overruns, remote-access connections, back doors, RPC, and SNMP.
Platform: Windows / *NIX / Linux
MBSA
Microsoft Baseline Security Analyzer (MBSA), is a Windows-only scanner that searches for vulnerable configurations that need patching or updating. It is designed for finding security weaknesses in all Microsoft's products. Considering how vulnerable an unsecured Windows machine can be, MBSA is valuable to Windows IT administrators who can't afford the third-party vulnerability scanners reviewed elsewhere in our roundup.
Platform: Windows
ISS
ISS's Internet Scanner™ is the network security industry's preferred solution for network vulnerability analysis and decision support. Internet Scanner performs scheduled and selective probes of your network's communication services, operating systems, key applications, and routers in search of those vulnerabilities most often used by unscrupulous threats to probe, investigate, and attack your network. Internet Scanner then analyzes your vulnerability conditions and provides a series of corrective action, trends analysis, conditional, and configuration reports and data sets.
Platform: Windows
NStealth
N-Stealth® is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities. It can audit both local and remote web servers. Simply plug in your IP address and let it run - within minutes, you'll have a full report outlining all the potential security holes on the server.
Platform: Windows
Retina
Retina Network Security Scanner is an advanced vulnerability scanner. It can scan every machine on your network - including a variety of operating system platforms (e.g. Windows, Unix, Linux), networked devices (e.g. firewalls, routers, etc.), databases and third-party or custom applications - in record time. After scanning, Retina delivers a comprehensive report that details all vulnerabilities and appropriate corrective actions and fixes.
Platform: Windows
LanGaurd
GFI LANguard Network Security Scanner (N.S.S.) checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, services packs, open shares, open ports, unused user accounts and more. With this information (displayed in customizable reports), you can easily lock down your network against hackers. It. can also remotely deploy missing patches and service packs in applications and OS.
Platform: Windows
Shadow Security Scanner
SSS (Shadow Security Scanner)) scans servers built practically on any platform, successfully revealing breaches in Unix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris and, of course, Windows. It also detect faults with CISCO, HP, and other network equipment.
Platform: Windows
NeXpose
NeXpose performs state-of-the-art network vulnerability assessment like any other advance vulnerability scanner. It offers a unique set of features that together provide the best available protection against network penetration attempts.
Platform: Windows / *NIX / Linux
SAINT
SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
Platform: Windows / *NIX / Linux / Solaris 2.x / Mac OS X
SARA
The Security Auditor's Research Assistant (SARA) is a third generation security analysis tool that is based on the SATAN model which is covered by the GNU GPL-like open license. It is fostering a collaborative environment and is updated periodically to address latest threats.
Platform: Windows / *NIX / Linux / Solaris 2.x / Mac OS X
Tự động hack
Core Impact
CORE IMPACT is the first commercial grade penetration testing product for assessing specific information security threats to an organization. It safely and efficiently shows you exactly how an attacker can get control of your valuable information assets. By automating the previously manual and expensive penetration testing process, CORE IMPACT helps you improve your security while reducing costs.
With just a point and click, CORE IMPACT allows you to actively exploit vulnerabilities within your own network, replicating the kinds of access an intruder could achieve. CORE IMPACT makes it easy for any network administrator or security engineer to perform a penetration test and precisely identify compromisable network assets.
Platform: Windows
CANVAS
CANVAS contains a number of vulnerability modules, each exploiting a particular vulnerability or set of vulnerabilities. While no exploit is perfect, these modules have been tested and shown to work on Immunity's testbed vulnerable systems. You may use these modules to analyze the risk posed to your systems by a hacker exploiting these weaknesses. Unlike a vendor's vulnerability announcement, these modules will demonstrate the actual risks you suffer, and allow you to test your defenses in depth, IDS systems, or other remedial measures. It is 100% pure Python, and every license includes full access to the entire CANVAS code base.
Platform: *NIX
down film về coi :
<http://www.immunitysec.com/downloads/c5.0.swf>
Bruce-force
Brutus
Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more.
Platform: Windows
THC-Hydra
This tool allows for rapid dictionary attacks against network login systems, including FTP, POP3, IMAP, Netbios, Telnet, HTTP Auth, LDAP NNTP, VNC, ICQ, Socks5, PCNFS, and more. It includes SSL support and is apparently now part of Nessus.
Platform: UNIX
TSGrinder
TSGrinder is the first production Terminal Server brute force tool. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts. It is a "dictionary" based attack tool, but it does have some interesting features like "l337" conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection.
Platform: Windows
crack pass
John The Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches.
Platform: Windows / *NIX / Linux
L0phtCrack (LC)
It is a Windows password auditing and recovery application. L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc).
Platform: Windows
|
|
|
|
|
|