blog.yeleek.co.uk

Memorable password generator

Ben — Fri, 19 Apr 2013 17:13:51 +0000

This tweet regarding Pafwert by Mark Burnett had me thinking as to how to create a *hopefully* platform agnostic memorable password generator.

Pafwert: Now Open Source bit.ly/174EKvC #passwords

— Mark Burnett (@m8urnett) April 18, 2013

Whilst in very early stages, and obviously inspired by Parwert, I have created a small Python script using a sqlite3 database (which stores the words) to generate memorable passwords using the following format:

(dictionary word) (digit or punctuation character) (dictionary word)

The beauty of Python obviously being its availability on Apple, Windows and Linux platforms.

For any who are interested in this early attempt

#!/usr/bin/env python
import sqlite3
import string
import random
 
def word():
	output_word={}
	#connect to the sqlite3 database
	conn = sqlite3.connect('pw_words')
 
	c = conn.cursor()
 
	#retrieve a single random word from wordstb1 table
	c.execute("SELECT * FROM wordstb1 ORDER BY RANDOM() LIMIT 1")
 
	single_word = c.fetchone()
 
	#isolate it
	output_word = str(single_word[0])
	return output_word
	c.close()
 
#first word
a=word()
#second word
b=word()
#rnd contains all punctuation and all digits
rnd=string.punctuation + string.digits
print "Generated password:"
 
print a.title() + random.choice(rnd) + b.title()

The post Memorable password generator appeared first on blog.yeleek.co.uk.

Insidepro Hash Generator

Ben — Thu, 10 Jan 2013 15:15:29 +0000

Web based hash generator
http://www.insidepro.com/hashes.php

The post Insidepro Hash Generator appeared first on blog.yeleek.co.uk.

YEHG – PHPCharset Encoder / String Encrypter

Ben — Tue, 08 Jan 2013 19:22:09 +0000

YEHG Encoder/Encrypter can be used for simple obfuscation, but as a website also provides many useful SQLi/XSS examples. Highly recommended!
http://yehg.net/encoding/

The post YEHG – PHPCharset Encoder / String Encrypter appeared first on blog.yeleek.co.uk.

Reaver

Ben — Wed, 02 Jan 2013 15:55:18 +0000

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases
http://code.google.com/p/reaver-wps/

The post Reaver appeared first on blog.yeleek.co.uk.

Windows Credentials Editor

Ben — Wed, 02 Jan 2013 15:54:50 +0000

Windows Credentials Editor (WCE) is a security tool that allows the individual to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).

The tool allows users to:

Perform Pass-the-Hash on Windows
‘Steal’ NTLM credentials from memory (with and without code injection)
‘Steal’ Kerberos Tickets from Windows machines
Use the ‘stolen’ kerberos Tickets on other Windows or Unix machines to gain access to systems and services
Dump cleartext passwords stored by Windows authentication packages

http://www.ampliasecurity.com/research/wcefaq.html

The post Windows Credentials Editor appeared first on blog.yeleek.co.uk.

Havij

Ben — Wed, 02 Jan 2013 15:53:06 +0000

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/index.html

The post Havij appeared first on blog.yeleek.co.uk.

BeEF

Ben — Wed, 02 Jan 2013 15:50:58 +0000

BeEF (The Browser Exploitation Framework ) allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.
http://beefproject.com/

The post BeEF appeared first on blog.yeleek.co.uk.

SSLstrip

Ben — Wed, 02 Jan 2013 15:48:50 +0000

SSLstrip will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links
http://www.thoughtcrime.org/software/sslstrip/

The post SSLstrip appeared first on blog.yeleek.co.uk.

Ettercap

Ben — Wed, 02 Jan 2013 14:02:49 +0000

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
http://ettercap.sourceforge.net/

The post Ettercap appeared first on blog.yeleek.co.uk.

The Social-Engineer Toolkit

Ben — Wed, 02 Jan 2013 13:59:59 +0000

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal.
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)

The post The Social-Engineer Toolkit appeared first on blog.yeleek.co.uk.