Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.

Ncrack was started as a “Google Summer of Code” Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool.

Ncrack is available for many different platforms, including Linux, *BSD, Windows and Mac OS X. There are already installers for Windows and Mac OS X and there is a universal source code tarball that can be compiled on every system.

Example: A representative Ncrack scan

Downloads:
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.tar.gz
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA-setup.exe
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.dmg

Ncrack Man Page: http://nmap.org/ncrack/man.html

Ncrack Home: http://nmap.org/ncrack

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

New Features:

• Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
• Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
• Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
• Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
• Fixed a bug of RSA SecurID Calculator within XML import function.
• Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data.
• Executables rebuilt with Visual Studio 2008.
• Added Windows Firewall status detection on startup.
• Added UAC compatibility in Windows Vista/Seven.
• Winpcap library upgrade to version 4.1.1.

Download: ca_setup.exe

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.

Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it into a code book that can be used to decode conversations and any data that gets sent to and from the phone.

Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.

“We’re not creating a vulnerability but publicizing a flaw that’s already being exploited very widely,” he said in a phone interview Monday.

This weakness in the encryption used on the phones, A5/1, has been known about for years. There are at least four commercial tools that allow for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the software to work, said Nohl, who previously has publicized weaknesses with wireless smart card chips used in transit systems.

It will take 80 high-performance computers about three months to do a brute force attack on A5/1 and create a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.

Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.

Participants download the software and three months later they share the files created with others, via BitTorrent, for instance, Nohl said. “We have no connection to them,” he added.

Once the look-up table is created it would be available for anyone to use.

Source: CNET News

What is Medusa?
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
The author considers following items as some of the key features of this application:
* Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
* Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
* Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

It currently has modules for the following services:
* AFP
* CVS
* FTP
* HTTP
* IMAP
* MS-SQL
* MySQL
* NCP (NetWare)
* NNTP
* PcAnywhere
* POP3
* PostgreSQL
* rexec
* rlogin
* rsh
* SMB
* SMTP (AUTH/VRFY)
* SNMP
* SSHv2
* SVN
* Telnet
* VmAuthd
* VNC

It also includes a basic web form module and a generic wrapper module for external scripts.

Download :
http://www.foofus.net/jmk/medusa/medusa.html

WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.

Tool Capabilities :
The current tools are Perl based, and are composed of the following scripts:
1) WeakIVGen.pl – This script allows a simple emulation of IV/encrypted output that one might observe with a WEP enable 802.11 Access Point. The script generates IV combinations that can weaken the secret key used to encrypt the WEP traffic

2) prism-getIV.pl – This script relies on output from Prismdump [or from Ethereal captures if libpcap has been patched for 802.11 monitor mode], and looks for IVs that match the pattern known to weakned secret keys. This script also captures the 1st byte of the encrypted output and places it and the weak IVs in a logfile.

3) WEPCrack.pl – This script uses data collected or generated by WeakIVGen to attempt to determine the secret key. It will work with either 40bit or 128bit WEP.

Additionaly, a script prism-decode.pl is included that will decode most 802.11 frame types. This tool is intended to be used with prismdump, but could also be used against Ethereal 802.11 saved captures. It might be useful for capturing SSIDs, AP MAC addresses, or authentication data.

Download :
http://sourceforge.net/projects/wepcrack/

More Info :
http://wepcrack.sourceforge.net/