Tuesday, 25 April 2017

Kali Linux 2017.1 released

Download Kali Linux

Kali Linux 2017.1 rolling release is finally available to download. It brings with a bunch of exciting updates and features. Like all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools. But this release has a few more surprises.

  • Support for RTL8812AU Wireless Card Injection
  • Streamlined Support for CUDA GPU Cracking
  • Amazon AWS and Microsoft Azure Availability (GPU Support)
  • OpenVAS 9 Packaged in Kali Repositories
Please click here to download Kali Linux.

Saturday, 11 February 2017

acccheck

This tool is designed as a password dictionary attack tool, that targets Windows Authentication via SMB protocol. It's a wrapper script around 'smbclient' binary and as a result is dependent on it for its execution.

Server Message Block (SMB) Protocol is a network file sharing protocol and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.

SMB can run on top of the Session Layer:
Directly over TCP, port 445;
Via the NetBIOS API, which in turn can run on several transports;
On UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP);
On several legacy protocols such as NBF (incorrectly referred to as NetBEUI).
The SMB “Inter-Process Communication” (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client first connected to an SMB server.


The simplest way to run acccheck is a follows:

1. ./acccheck 198.168.10.1 
This mode of execution attempts to connect to the target ADMIN share with the username ‘Administrator’ and a [BLANK] for the password.

1. ./acccheck.pl -t 192.168.10.1 -u test -p test
This mode of execution attempts to connect to the target IPC share with the username ‘test’ and a password ‘test’.

Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.

E.g.
1. ./acccheck.pl -T iplist -U userfile -P passwordfile
Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.

Any username/password combinations found are written to a file called ‘cracked’ in the working directory.


Thursday, 2 February 2017

The Kali Linux Certified Professional (KLCP)



After almost two years in the making, it is with great pride to  announce Kali Linux Certified Professional certification– the first and only official certification program that validates one’s proficiency with the Kali Linux distribution.

If you’re new to the Information Security field or are looking to take your first steps towards a new career in InfoSec, the KLCP is a “must have” foundation certification. Built on the philosophy that “you’ve got to walk before you can run”, the KLCP will give you direct experience with your working environment and a solid foundation toward a future with any professional InfoSec work. As we continually see, those entering the Offensive Security PWK program with previous working experience with Kali, and a general familiarity with Linux, tend to do better in the real world OSCP exam.

For those of you who already have some experience in the field, the KLCP provides a solid and thorough study of the Kali Linux Distribution– learning how to build custom packages, host repositories, manage and orchestrate multiple instances, build custom ISOs, and much, much, more. The KLCP will allow you to take that ambiguous bullet point at the end of your resume – the one that reads “Additional Skills – familiarity with Kali Linux”, and properly quantify it. Possession of the KLCP certification means that you have truly mastered the Kali penetration testing distribution and are ready to take your information security skills to the next level.

* The KLCP exam will be available via Pearson VUE exam centres worldwide.