I had a bet with my friend about getting #1 on the Crazy Taxi high score page (== motivation for this post). For those who have not been introduced to it yet, it’s a Facebook/Flash/2.0 resurrection of a much older game. Not having extreme timing skills, I quickly gave up on getting the 2,000,000 points required to make it the “normal” way: My first try was modifying the outgoing HTTP traffic using the Tamper Data plugin for Firefox (to catch the obvious ones).
Yes, I just called everyone who works at Apple an Oompa Loompa, but I digress: I was reading Brooke Crothers’ story on the Apple ‘gag’ order  and couldn’t help but think of how Apple has created an almost similar situation. Everyone wants to know what Apple is up to, can’t stop talking about it. Buzz Out Loud  even had people call and email asking them to see if they could do a show without mentioning Apple or the iPhone.
I’ve been debating making this kind of post for about a week, and I apologize for the RSS spam. But it was getting a bit repetitive telling people via DM, email or other communication what happened. When I took my hiatus from Twitter, I zero’d out my followers, so, if you care to, please check to see if you are still following me. I will be watching my follows closely and will refollow people I might have missed in my initial run through.
CKTricky over at http://cktricky.blogspot.com has been running an awesome Burp Tip of the Day series on his blog. After seeing him use Nikto through Burp. I decided to see if I could just export the list of checks to a text file so that I could use them over and over in Intruder. After a bit of awk and sed hell I figured it out, and submited it to him for acceptance to his BTotD series.
So this is a pretty crafty way of getting packet captures on a target system. Definitely could be streamlined with some meterpreter scripting fu, but awesome job on the video. Metasploit meterpreter Windump/Winpcap sniffer from siles on Vimeo.
The site has been down for a while, there were a lot of factors that played into that, but mostly it was focus on some family, as I had some in town. I also came to the conclusion that it’s time to move to “the cloud” so I moved over to SquareSpace (using the coupon code: DEFCON </end shameless plug>). I have an actual web designer looking at hooking this thing up right.
Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a word list against the hash, if that doesn’t work, try rainbow tables (if they happen to have the tables for that specific hash type), and then the full on brute force. Some would say those first two steps are reversed, and it really is the choice of the the person doing it and the word lists they have to work with.
I recently upgraded my video card and had a rough time finding programs that fit the hype of GPU password cracking, so here is what I found so that you won’t have as hard a time. Ivan Golubev’s SHA1/MD5/MD4 cracker: http://www.golubev.com/hashgpu.htm Ivan Golubev’s RAR pass cracker: http://www.golubev.com/rargpu.htm CUDA Multiforcer (down at the time of this posting) http://www.cryptohaze.com/bruteforcers.php BarsWF - MD5 Cracker: http://3.14.by/en/md5 GPU MD5 Crack: (Included in BackTrack 4 repos “gpu-md5-crack”)
Update I can’t say with 100% certainty that Nessus ever used NMAP as it’s base scanner, I was going off of memory. I apologize for not being perfect. Update 2 Since people can’t seem to let it go, I would say that I was totally wrong and the nmap was absolutely never used in nessus ever, but then I would be caught in another absolute that I can’t confirm. According to their wiki, the nmap nasl script were taken out because people were No, I haven’t listened to the latest episode of Securabit in which Paul comes on and talks about Nessus.
Here is a quick no nonsense PTH video I made for the guys over at SecurityAegis Music is Scott Brown’s contribution to the Happy 2b Hardcore Chapter Four album called “Elysium”