This release implements DNS queries against multiple DNS servers, a more efficient threading algorithm and some minor bug fixes.

Quoting from the tool’s official website:

TXDNS main goal is to expose a domain namespace trough a number of techniques:

-Typos
-TLD rotation
-Dictionary attack
-Brute force

TXDNS may be used to:

- Fill the reconnaiscence gap left due to DNS servers hardening, as dns-zone transfers are much like to fail.
- Dig a given domain name for possible phishing variations based on common well-known typo algorithms and return dns queries on both used and not used names.
- Stress-test DNS servers due is configurable aggressive behaviour.

TXDNS provides some cool options, such as:

- Perform queries only for a given Resource Record type:
A, CNAME, HINFO, NS, TXT & SOA
- Perform non-recursive queries.
- Perform queries against a given DNS server.

Read more about the latest version.

Download TXDNS v2.1.5

It is multi threaded and can audit more than one system and account in a given session.

Download SSHatter-0.2

Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.

The methodology for defacing a website is pretty standard. Here is the standard sequence of tasks that normally the crackers/defacers would follow: Footprinting, scanning, enumeration, penetration, attack, covering of tracks and installation of backdoors. As I mentioned before, the motivations for defacing any website are various, whereas when defacing governmental websites, could be a promotion of an ideology, revenge, or just a challenge.

I don’t believe that people who are serial website defacers hold good real-life jobs, or any job at all. This is just my personal opinion which is based on the fact that defacing is illegal in most countries – thus involving a high risk of getting arrested - and requires some basic knowledge, time, and patience. Advanced knowledge of technical and theoretical network security issues is not always required to deface. I think that understanding IT security theories, enhances intelligently your logical application of related practicalities. Achieving a deface could require the application of a complex exploitation methodology. This is enough reason to give up for some defacers without patience and with incomplete knowledge.

Tools assisting each step mentioned in the last paragraph are widely available for free on the internet. Most of the authors coded them for ethical, legal and educational use. Of course some were specifically coded for easily generating domain lists, exploiting security vulnerabilities, and mass-defacing websites. These are not easy to find on the web, nor are that difficult to code. Instead, individual defacers and groups exchange them in IRC channels, private forums  and servers, and through instant messengers.

One example of such an IRC server is irc.gigachat.net.

Script kiddies who deface, prefer to use fancy GUIs for tools rather than command line. Command line tools seem to exceed their learning and memory capabilities, or they don’t have the will and patience to research and analyze effective methodologies used by professionals in netsec pen-testing. They would be more technically skilled and better exercise their brain to remember simple and complex command sequences in multi-OS environments. Plus they would develop their practical skill-set which may be necessary if they choose to follow an IT career at some point – if they don’t end up in jail.

Depending on their ethical and legal attitudes, usually what they want is to quickly accomplish breaking in a network, maybe lookup for confidential data, download them and deface the home pages of hosted sites. Always counting in exceptions, most probably they didn’t use their own exploits, but what was already public.

Now I’m going to quote from another of my posts the following:

“In the mind and soul of the crackers who deface high-profiled websites, there is a false sense of pride. They think that it reflects their cracking skills and status in the defacers scene. For them defacing is more like a game. The messages shown in their defacements are more like an excuse for taking part in this game. The real motivation and reasoning behind their attacks, in most of the cases is not political, patriotic or other; but is just to show off themselves and their country to the world…

They attach a nickname to their personalities and cracking abilities, and they try to raise its status in the scene. They like searching for their nicknames in news websites and showing off the link to other crackers in their IRC channel, other channels, or through their websites.”

You will be ignored if you request mentioned tools or help to deface a website. Comments are welcome of course.

Furthermore, here are the steps which the attacker would follow:

1. Information gathering for the external network
2. Seeking for vulnerabilities & misconfigurations
3. Using flaws to get a shell
4. Information gathering for the internal network
5. Escalating privileges for the internal network
6. Converting internal network to external

Download SuRGeoN’s paper from here: [ srgn-pentest-01.pdf ]

This information is provided to you ONLY for educational purposes. The way that the information in this paper will be used, depends on the individual’s legal and ethical attitudes. YOUR choice!… YOUR risk!…

Comments on the paper are of course welcome. You can also contact SuRGeoN via e-mail: surgeony/\gmail.com (replace /\ with @).

Note: It requires Microsoft .NET Framework 2.0 and Winpcap.

Furthermore, the features of NMapView are the following:

- Automatic composition of the string of command based on selection of checkbox, textbox, ecc.
- Automatic selection of checkbox and textbox, etc. based on tightens of insert comand string.
- In the composition commands, the options of version 4.20 of Nmap are previewed all.
- Supported version NSE (Nmap Scripting Engine) by Diman Todorov. Found doc in http://insecure.org/nmap/nse/
- Of every option or parameter one detailed description through ToolTipHelp is supplied.
- The configuration parameters that preview text are history between the varius sessions. (The story memory use Windows user login section).
- The option and the parameters are distributed in logical section (Targhet specification, Host Discover, Scan Techniques, etc.) based on the documentation of Fiodor.
- Management list of commands throught rows database XML.
- Callback of editor external for .nse script.
- Colorized: coloration and font combination, of the output of nmap, free and of any complexity through editor of Regex (Regular expressions) filters.
- It se possible to start more commands nmap at the same time. You execute yourself in different task and windows.
- One shot clipbord copy Command, for express past in shell dos.
- The historical archives, of the output commands.
- The Windows of command report, the standard flow output, than the flow of error.
- View in hierarchical tree Structure the raw XML data. (output ad file).
- The output file XML , if present, it is intercepted ad loaded in the Tab “XML File Vew” to the end of the command.
- NmapView is freeware software redistribute it and/or modify it under the terms of the GNU LESSER GENERAL PUBBLIC LICENSE.
- Source and info available in FORUM zone.

For more information about NMapView, visit its homepage.

Download NMapView v0.5

To run googlegath.pl, three things are required: the perl interpreter, the Net::Google perl module and Google API. You can use it under Windows with Active Perl interpreter.

Example usages:

./googlegath.pl -a /backup/ -s gov -f txt -m 10
./googlegath.pl -a /cgi-bin/ -s com -k awstats -m 10 -d
./googlegath.pl -a /cgi-bin/ -s de -f pl -m 10 -d
./googlegath.pl -a /scripts/ -s edu -f cgi -m 10 -l logfile.html
./googlegath.pl -s edu -f cgi -m 20 -d
./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html
./googlegath.pl -i “main.php” -k “phpMyAdmin” -s com -m 10

Using googlegath.pl to search for VNC (Virtual Network Computing) desktops running on port 5800:

$ ./googlegath.pl -t “VNC Desktop” -i 5800 -m 10 -d -l logfile.html

[+] inurl:5800 intitle:”VNC Desktop”
http://robot.mc3.edu:5800/ robot.mc3.edu 38.115.60.99
http://129.82.106.115:5800/ 129.82.106.115 129.82.106.115
http://66.97.228.100:5800/ 66.97.228.100 66.97.228.100
http://12.207.102.150:5800/ 12.207.102.150 12.207.102.150
http://12.207.107.126:5800/ 12.207.107.126 12.207.107.126
http://moment.myftp.org:5800/ moment.myftp.org 124.6.20.156
http://69.48.1.32:5800/ 69.48.1.32 69.48.1.32
http://134.241.2.76:5800/ 134.241.2.76 134.241.2.76
http://84.177.42.59:5800/ 84.177.42.59 84.177.42.59
http://203.185.224.34:5800/ 203.185.224.34 203.185.224.34

[+] log file logfile.html created.

In the wrong hands, information gathering – such as the above examples – can be used for malicious purposes. Therefore, the way that googlegath.pl will be used, depends on the individual’s legal and ethical attitudes.

googlegath.pl:

http://www.nothink.org/perl/googlegath/googlegath.txt
http://www.ddosed.com/uploads/information_gathering/googlegath.txt