WCE v1.3beta 32bit released. (Must needed for Admins)

Download link: http://www.ampliasecurity.com/research/wce_v1_3beta.tgz



Changelog:

version 1.3beta:
March 8, 2012
* Bug fixes
* Extended support to obtain NTLM hashes without code injection
* Added feature to dump login cleartext passwords stored by the Digest
Authentication package


Example:

* Dump cleartext passwords stored by the Digest Authentication package

C:\>wce -w
WCE v1.3beta (Windows Credentials Editor) - (c) 2010,2011,2012 Amplia
Security -
by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.


test\MYDOMAIN:mypass1234
NETWORK SERVICE\WORKGROUP:test


The cleartext passwords dumped include passwords used to login to the
Windows box interactively.

What is WCE?
------------

Windows Credentials Editor (WCE) v1.3beta allows you to

NTLM authentication:

* List logon sessions and add, change, list and delete associated
credentials (e.g.: LM/NT hashes)
* Perform pass-the-hash on Windows natively
* Obtain NT/LM hashes from memory (from interactive logons, services,
remote desktop connections, etc.) which can be
used to authenticate to other systems. WCE can perform this task without
injecting code, just by reading and decrypting information stored in
Windows internal memory structures. It also has the capability to
automatically switch to code injection when the aforementioned method
cannot be performed

Kerberos authentication:

* Dump Kerberos tickets (including the TGT) stored in Windows machines
* Reuse/Load those tickets on another Windows machines, to authenticate
to other systems and services
* Reuse/Load those tickets on *Unix machines, to authenticate to other
systems and services

Digest Authentication:

* Obtain cleartext passwords entered by the user when logging into a
Windows system, and stored by the Windows Digest Authentication security
package


Supported Platforms
-------------------
Windows Credentials Editor supports Windows XP, 2003, Vista, 7 and 2008.


Additional information
----------------------
http://www.ampliasecurity.com/research/wcefaq.html


Thanks,

h@ckfr3ak

Read More

Exploring all DNS Records using DIG Commands

Using dig command you can query DNS name servers for your DNS lookup related tasks. This article explains 10 examples on how to use dig command.

1. Simple dig Command Usage (Understand dig Output)

When you pass a domain name to the dig command, by default it displays the A record (the ip-address of the site that is queried) as shown below.

In this example, it displays the A record of redhat.com in the “ANSWER SECTION” of the dig command output.

$ dig redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             37      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             73      IN      NS      ns4.redhat.com.
redhat.com.             73      IN      NS      ns3.redhat.com.
redhat.com.             73      IN      NS      ns2.redhat.com.
redhat.com.             73      IN      NS      ns1.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         73      IN      A       209.132.186.218
ns2.redhat.com.         73      IN      A       209.132.183.2
ns3.redhat.com.         73      IN      A       209.132.176.100

;; Query time: 13 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:09:49 2012
;; MSG SIZE  rcvd: 164

The dig command output has the following sections:

• Header: This displays the dig command version number, the global options used by the dig command, and few additional header information.
• QUESTION SECTION: This displays the question it asked the DNS. i.e This is your input. Since we said ‘dig redhat.com’, and the default type dig command uses is A record, it indicates in this section that we asked for the A record of the redhat.com website
• ANSWER SECTION: This displays the answer it receives from the DNS. i.e This is your output. This displays the A record of redhat.com
• AUTHORITY SECTION: This displays the DNS name server that has the authority to respond to this query. Basically this displays available name servers of redhat.com
• ADDITIONAL SECTION: This displays the ip address of the name servers listed in the AUTHORITY SECTION.
• Stats section at the bottom displays few dig command statistics including how much time it took to execute this query

2. Display Only the ANSWER SECTION of the Dig command Output

For most part, all you need to look at is the “ANSWER SECTION” of the dig command. So, we can turn off all other sections as shown below.

• +nocomments – Turn off the comment lines
• +noauthority – Turn off the authority section
• +noadditional – Turn off the additional section
• +nostats – Turn off the stats section
• +noanswer – Turn off the answer section (Of course, you wouldn’t want to turn off the answer section)

The following dig command displays only the ANSWER SECTION.

$ dig redhat.com +nocomments +noquestion +noauthority +noadditional +nostats

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +nocomments +noquestion +noauthority +noadditional +nostats
;; global options: +cmd
redhat.com.             9       IN      A       209.132.183.81

Instead of disabling all the sections that we don’t want one by one, we can disable all sections using +noall (this turns off answer section also), and add the +answer which will show only the answer section.

The above command can also be written in a short form as shown below, which displays only the ANSWER SECTION.

$ dig redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +noall +answer
;; global options: +cmd
redhat.com.             60      IN      A       209.132.183.81

3. Query MX Records Using dig -t MX

To query MX records, pass MX as an argument to the dig command as shown below.

$ dig redhat.com  MX +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com MX +noall +answer
;; global options: +cmd
redhat.com.             513     IN      MX      5 mx1.redhat.com.
redhat.com.             513     IN      MX      10 mx2.redhat.com.

You can also use option -t to pass the query type (for example: MX) as shown below.

$ dig -t MX redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t MX redhat.com +noall +answer
;; global options: +cmd
redhat.com.             489     IN      MX      10 mx2.redhat.com.
redhat.com.             489     IN      MX      5 mx1.redhat.com.

4. Query NS Records Using dig -t NS

To query the NS record use the type NS as shown below.

$ dig redhat.com NS +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com NS +noall +answer
;; global options: +cmd
redhat.com.             558     IN      NS      ns2.redhat.com.
redhat.com.             558     IN      NS      ns1.redhat.com.
redhat.com.             558     IN      NS      ns3.redhat.com.
redhat.com.             558     IN      NS      ns4.redhat.com.

You can also use option -t to pass the query type (for example: NS) as shown below.

$ dig -t NS redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t NS redhat.com +noall +answer
;; global options: +cmd
redhat.com.             543     IN      NS      ns4.redhat.com.
redhat.com.             543     IN      NS      ns1.redhat.com.
redhat.com.             543     IN      NS      ns3.redhat.com.
redhat.com.             543     IN      NS      ns2.redhat.com.

5. View ALL DNS Records Types Using dig -t ANY

To view all the record types (A, MX, NS, etc.), use ANY as the record type as shown below.

$ dig redhat.com ANY +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com ANY +noall +answer
;; global options: +cmd
redhat.com.             430     IN      MX      5 mx1.redhat.com.
redhat.com.             430     IN      MX      10 mx2.redhat.com.
redhat.com.             521     IN      NS      ns3.redhat.com.
redhat.com.             521     IN      NS      ns1.redhat.com.
redhat.com.             521     IN      NS      ns4.redhat.com.
redhat.com.             521     IN      NS      ns2.redhat.com.

(or) Use -t ANY

$ dig -t ANY redhat.com  +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t ANY redhat.com +noall +answer
;; global options: +cmd
redhat.com.             367     IN      MX      10 mx2.redhat.com.
redhat.com.             367     IN      MX      5 mx1.redhat.com.
redhat.com.             458     IN      NS      ns4.redhat.com.
redhat.com.             458     IN      NS      ns1.redhat.com.
redhat.com.             458     IN      NS      ns2.redhat.com.
redhat.com.             458     IN      NS      ns3.redhat.com.

6. View Short Output Using dig +short

To view just the ip-address of a web site (i.e the A record), use the short form option as shown below.

$ dig redhat.com +short
209.132.183.81

You can also specify a record type that you want to view with the +short option.

$ dig redhat.com ns +short
ns2.redhat.com.
ns3.redhat.com.
ns1.redhat.com.
ns4.redhat.com.

7. DNS Reverse Look-up Using dig -x

To perform a DNS reverse look up using the ip-address using dig -x as shown below
For example, if you just have an external ip-address and would like to know the website that belongs to it, do the following.

$ dig -x 209.132.183.81 +short
www.redhat.com.

To view the full details of the DNS reverse look-up, remove the +short option.

$ dig -x 209.132.183.81

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -x 209.132.183.81
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;81.183.132.209.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
81.183.132.209.in-addr.arpa. 600 IN     PTR     www.redhat.com.

;; AUTHORITY SECTION:
183.132.209.in-addr.arpa. 248   IN      NS      ns2.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns1.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns3.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns4.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         363     IN      A       209.132.186.218
ns2.redhat.com.         363     IN      A       209.132.183.2
ns3.redhat.com.         363     IN      A       209.132.176.100

;; Query time: 35 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:15:00 2012
;; MSG SIZE  rcvd: 193

8. Use a Specific DNS server Using dig @dnsserver

By default dig uses the DNS servers defined in your /etc/resolv.conf file.
If you like to use a different DNS server to perform the query, specify it in the command line as @dnsserver.
The following example uses ns1.redhat.com as the DNS server to get the answer (instead of using the DNS servers from the /etc/resolv.conf file).

$ dig @ns1.redhat.com redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> @ns1.redhat.com redhat.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20963
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             60      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             600     IN      NS      ns1.redhat.com.
redhat.com.             600     IN      NS      ns4.redhat.com.
redhat.com.             600     IN      NS      ns3.redhat.com.
redhat.com.             600     IN      NS      ns2.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         600     IN      A       209.132.186.218
ns2.redhat.com.         600     IN      A       209.132.183.2
ns3.redhat.com.         600     IN      A       209.132.176.100
ns4.redhat.com.         600     IN      A       209.132.188.218

;; Query time: 160 msec
;; SERVER: 209.132.186.218#53(209.132.186.218)
;; WHEN: Thu Jan 12 10:22:11 2012
;; MSG SIZE  rcvd: 180

9. Bulk DNS Query Using dig -f (and command line)

Query multiple websites using a data file:

You can perform a bulk DNS query based on the data from a file.
First, create a sample names.txt file that contains the website that you want to query.

$ vi names.txt
redhat.com
centos.org

Next, execute dig -f as shown below, which will perform DNS query for the websites listed in the names.txt file and display the output.

$ dig -f names.txt +noall +answer
redhat.com.             60      IN      A       209.132.183.81
centos.org.             60      IN      A       72.232.194.162

You can also combine record type with the -f option. The following example displays the MX records of multiple websites that are located in the names.txt file.

$ dig -f names.txt MX +noall +answer
redhat.com.             600     IN      MX      10 mx2.redhat.com.
redhat.com.             600     IN      MX      5 mx1.redhat.com.
centos.org.             3600    IN      MX      10 mail.centos.org.

Query multiple websites from dig command line:

You can also query multiple websites from the dig command line as shown below. The following example queries MX record for redhat.com, and NS record for centos.org from the command line

$ dig redhat.com mx +noall +answer centos.org ns +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com mx +noall +answer centos.org ns +noall +answer
;; global options: +cmd
redhat.com.             332     IN      MX      10 mx2.redhat.com.
redhat.com.             332     IN      MX      5 mx1.redhat.com.
centos.org.             3778    IN      NS      ns3.centos.org.
centos.org.             3778    IN      NS      ns4.centos.org.
centos.org.             3778    IN      NS      ns1.centos.org.

10. Use $HOME/.digrc File to Store Default dig Options

If you are always trying to view only the ANSWER section of the dig output, you don’t have to keep typing “+noall +answer” on your every dig command. Instead, add your dig options to the .digrc file as shown below.

$ cat $HOME/.digrc
+noall +answer

Now anytime you execute dig command, it will always use +noall and +answer options by default. Now the dig command line became very simple and easy to read without you have to type those options every time.

$ dig redhat.com
redhat.com.             60      IN      A       209.132.183.81

$ dig redhat.com MX
redhat.com.             52      IN      MX      5 mx1.redhat.com.
redhat.com.             52      IN      MX      10 mx2.redhat.com.

Read More

NSA opens massive cryptologic center in Georgia

The National Security Agency/Central Security Service officially opened the new NSA/CSS Georgia Cryptologic Center.

The $286 million complex will provide cryptologic professionals with the latest state-of-the-art tools to conduct signals intelligence operations, train the cryptologic workforce, and enable global communications.



NSA/CSS has had a presence in Georgia for over 16 years on Ft. Gordon, when only 50 people arrived to establish one of NSA’s Regional Security Operations Centers.

“This new facility will allow the National Security Agency to work more effectively and efficiently in protecting our homeland,” said Sen. Saxby Chambliss. “It will also attract more jobs to the Augusta area. The opening of this complex means that Georgians will play an even greater role in ensuring the safety and security of our nation.”

The new NSA/CSS Georgia Cryptologic Center is another step in the NSA’s efforts to further evolve a cryptologic enterprise that is resilient, agile, and effective to respond to the current and future threat environment.

NSA/CSS opened a new facility in Hawaii in January 2012 and is also upgrading the cryptologic centers in Texas and Denver to make the agency’s global enterprise even more seamless as it confronts the increasing challenges of the future.

Read More

Get paid 100USD From Amazon, Just do this Survey in Web App Security

So Long time Not blogging at all, since from the day i signed for my CCNA and CCNP Classess, Course are going are pretty good learned a lot with hand on with cisco routers and switches now am back on with some serious deal Here its

if u are a Pen tester or Web App security consultant here its for u, Just answer fr this 25 questions and u could be a lucky winner to win 100USD From amazon

Some of the questions can be perceived as difficult to answer. However, if all this data was known, or easy to identify, there would be no reason to gather estimates on the topic. Consequently, we ask that you complete this survey and provide us with your beliefs and best estimates, even if you are uncertain about the answer to the questions asked. Also, the answer format will enable you to account for this uncertainty. By completing this survey you will: Help the community to quantify the effort required to find vulnerabilities in web applications. Be able to compare your answers to the answers of others. Have a chance to win a 100 USD gift certificate on Amazon. The survey consists of 24 questions spread out over 8 pages (this page being the first). After completing the survey you will receive a link that displays your answers and compares them to aggregates of all answers received. The survey will remain active until the 22nd of March 2012. If you have cookies enabled you will be able to use this browser to return to an uncompleted survey for two weeks. In other cases, the below link can be used to return to your survey at any point in time until the survey closes.

Permanent link to your survey: http://surveys.ics.kth.se/WASecurity/?respondent=088414147114D13BF8FB68D58621B20C

Read More