- Click here to download the original properly formatted document.
- There are many tools and resources available to everyone with a few clicks of the mouse. These tools can be used for numerous objectives such as simply understanding your own network/system better, spying on neighbors, attacking large networks, and even preventing attacks on networks. While it may seem strange, attack tools can actually be used to protect our networks. In this piece, I discuss a few of these tools and how they can be used for both attacking and prevention methods.
In this final project we will be taking a look at a few attack tools which can be used for good or bad. The good being that you can find vulnerabilities and the like in your system and or network and fix them before someone else notices them. The bad though is that someone else could use these tools and find vulnerabilities in your system and or network which could result in not so good consequences. I will be explaining what each of these tools do, the installation, and using them against my own machine and show the results. The tools are as followed: Languard, Metasploit Framework, Netstumbler, and L0phtcrack.
The tool GFI LANguard is a nicely setup vulnerability scanner which can be used to see what, if any, vulnerabilities are on a computer or network. There is also Nessus but I personally have found Languard to be a bit more simplistic for me to use and to show me more information.
Downloading the program was pretty easy except that it had me input my name, company, e-mail, etc. which to me tends to be annoying but other then that it was alright. Installation wasn’t a problem either, one exe file and the installation went through. Upon first loading it downloading some new updates I think which took a bit of time but all is well. Now this program is in evaluation mode which has restricted features but that is fine for this demonstration.
Upon loading the program you start with a wizard that gives you a few choices. The first one is the type of Scan you want to do and you have a few options. I chose to do a complete/combination scan which takes more time but consists vulnerability scanning, network and software auditing, and patching status. In the next options I just chose Full Scan which is for LAN there is another full scan for WAN but we do not need that here. Then we come to stage 3 which is another scan type and you have options like, scan a single computer, scan a range of computers, scan a domain, etc. Once again it is always good to have options like this. I chose to scan a single computer and the next options are to scan this computer or another, we will scan this computer. Step 5 just has you specify the credentials if needed but I will just be choosing to use the currently logged on user. Now we push scan and let the fun begin:
Above is a screenshot right after running the test. Initially it doesn’t look like I am too safe!
Here is a bit more information showing I have a high vulnerability level.
In detail there are some vulnerabilities that I need to fix. Now because this is an evaluation mode, it won’t show them all. I need to update to service pack 3 which I plan to after I’m finished with this. I don’t see the AutoRun enabled really a big issue for me right now. I don’t just put any CD or DVD in my drive. Also that I’m not in a public setting with my laptop like an office where someone could stick a malware disc in my drive, makes this not as high risk.
So what we are seeing here is how this tool can be used. It isn’t going to send out evil things to a computer but it will show the problems in a computer or network. It gives a person an edge in both areas. If you are using this to look at problems with your network and to get them fixed up then that’s great. However, someone could very well use this to see these problems on a computer and have a general idea on where to go from there. Like a blueprint if you really think about it.
Next up is a tool called Metasploit Framework. This is a pretty good tool for vulnerability exploitation. This was released in 2004 and comes loaded with exploits that you can send against yourself or network for testing purposes or you can use these against a someone in a black-hat way. This program seems to be regarded well for testing and hacking alike. With all the exploits that it is able to do, someone could really, really, have good testing done to ensure security.
Installation consisted of one exe file and was simple to install. Running it just like a normal Windows program and has a decent GUI. From here you have your choices of exploits to pick from and there are a lot of exploits for Unix, Linux, Mac, and Windows! I have been playing with this for a bit now and haven’t really found anything to hit me. My firewall popped up once and I told it to unblock it but nothing crazy, which is good! Here is a screen of it running:
So I sent a few exploits just to give it a try but as I said nothing has happened (and I can’t even do a lot of these because I may not have the proper application installed). I consider that a good thing but I did not want to go too crazy on running jobs here! This is just to show this running and how it could be used to do some real damage or some nice testing. I am thinking that you could somewhat use this with a tool like Languard or Nessus. Since they will find vulnerabilities and list what they are, you could technically use that as your aiming device and Metasploit as your gun.
The next tool up is a fun little tool that I have used before called NetStumbler(or network stumbler). This is a sniffer type tool that can find wireless signals in range. Many people use tools like this for wardriving and no doubt it makes it really, really, easy.
Installation of this program is simple as well. It is made for Windows which makes it less complicating for me! After installation the program loads up and if you wish to scan you will need to let take control of your wireless card. You won’t be able to use the internet at the same time while using this (at least that’s how it is me for because I connect wirelessly). What I decided to do as a demonstration for this is run the program and walk around my house carrying my laptop to see what signals it finds. Below is a screenshot after the walkthrough:
As you can see, just by walking around my house I was able to find five wireless connections! Now I would have also liked to have taken a drive around the neighborhood with the laptop sitting in the seat running this program but alas, my firebird needs a belt change. So I’m more confined to the house. I have used this program before to find hot spots for my brother because he wasn’t able to access the internet. I know it wasn’t the proper thing to do but we really wanted to play Halo that night.
This is another program that I would suspect can be used for good and bad. The good being proper wardriving with a GPS possibly to make aware to people that their wireless connections are not safe. I believe UAT does wardrives to make the public aware of the security issues? The bad being that someone just as easy could find connections to use and abuse them. If someone has an idea of the router (ahem linksys) then it isn’t hard to find out default passwords and IP’s for it: Admin/Admin! I myself was easily able to access the neighbors wireless router at one point from my back porch. I never changed anything at all. I think I just wanted to see if it worked and that was it!
The last tool I would like to talk about is a program called L0phtCrack. This is a password type tool which can be used to figure out passwords on local or network Windows machines. For the good, it is used to test the strengths or weaknesses of your passwords. For the bad, well it will find those passwords! It executes this by using a dictionary and for the more extreme, a brute force attack. Those will be the main focus in this test.
L0phtCrack was originally a product of L0pht Heavy Industries which then merged with @stake in 2000. In 2004 @stake was bought by Symantec in which they stopped selling L0phtCrack in 2006. It is still easy to find floating around the internet except there isn’t a proper way to get an unlock key for it. Since Symantec stopped supporting it, they will NOT sell you a key. I guess you could consider this as abandonware. Without the full version, certain aspects aren’t available to use such as the Brute Force method. However, I wanted it to go full throttle on my system so I was able to find a keygen to unlock it. (I know it isn’t the legal way, but there literally wasn’t much of a choice in order to do that!)
Installation was a breeze, just a single exe file and installation went smoothly. I chose to retrieve from the local machine and then there were four more options. These options were: Quick Password Audit, Common Password Audit, Strong Password Audit, and Custom. It is nice to have these choices and for this example, I am going to choose Strong Password Audit which will perform several types including a brute force attack. After that there are a few more options to choose from on how you want the information displayed and after that we can finally get it running. Below is a screenshot of the final results:
I decided to just be safe and not show my actual passwords that it had found. As we can see it took about five hours to perform the brute force attack! It initially found my administrative password rather quickly. Within two minutes quickly, yikes! However, my main account that I use had taken quite a long time to finally get which isn’t too bad for me. Now I actually started this late at night but war too tired and paused it then continued it the next day. So what can I say, it obviously works and pretty nifty! It did not find the complete password for the HelpAssistant though. As it says, it found the second half but it never did find the first half. To be honest, I have no idea what that really is anyhow? Overall, this was a pretty interesting tool to use and it can definitely help someone if they want to test their passwords. At the same time, this can be brutal on a network where someone is searching for passwords to use against you.
These were only a very few select programs that I thought I would try out for this project. I was going to also add Dsniff to this but unfortunately I had problems getting the old Windows version to run for me. I ended up enjoying this project more then I thought I would. I felt like I understood more why these are created and a little bit more on how to use them. Before this class I really think I would have been more lost in trying to run these. Sometimes IP’s/ports/hostnames just confuse me. It is like I said though; there are so many tools out there and one of my references will be for a website that listed a top 100 security tools! That is quite a lot right there already. I just took a few that sounded like it would work better for me and I think it did and also I had to find ones that worked with Windows properly! Linux and I aren’t getting along at the moment.
There was one more thing I wanted to do but was not able to establish a proper timing with a friend of mine. I was going to do a desktop recording of a staged event between me and him talking on AIM. My plan for this was to attempt to get his IP while chatting with him and sending him a file for a direct connection. After that I was going to go into “Dos” and run a netstat – a command to get his IP. Now I’m not sure if that works 100 percent but from memory it is an easy way to get an IP. From there I was going to use one of these programs with his IP to show off how easy it can be to do. He of course knew what was going on which is why I called it a staged event. We just couldn’t get proper timing together lately to attempt to try this but I thought it was a cool idea in my mind that just a normal command in Windows can be used for retrieving! Once again though, this was an interesting topic to do. I am glad I chose it even though I was nervous, I think it turned out pretty good.
The 100 Top Security Tools. Retrieved Monday, March 24, 2008 from
General Information on Above Tools, Retrieved Monday, March 24, 2008 from
Ethical Hacker (2008)
General Information on Tools, Retrieved Monday, March 24, 2008 from