Firefox addons!

Torbutton provides a button to securely and easily enable or disable the browser’s use of Tor

TestGen4Web -Just like your VCR – for Firefox. It records what you do, stores it, and plays it back on demand.

Resurrect Dead pages, broken links, the scourge of the internet. Powerhouse sites like Slashdot and Digg can bring a server to its knees. What do we do when a page is dead but we still want to see it? Call in the clerics, and perform a resurrection…

Digger Navigate “up” easily in sites with hierarchical URLs, e.g from http://example.com/foo/bar to http://example.com/foo

FireShot is a Firefox extension that creates screenshots of web pages

Scroogle SSL search (lets you search with Google anonymously)

GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization

Cookie Editor that allows you add and edit “session” and saved

PassiveRecon provides information security professionals with the ability to perform “packetless” discovery of target resources utilizing publicly available information

Advanced Dork: gives quick access to Google’s Advanced Operators directly from the context menu…

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page…

Tamperdata to view and modify HTTP/HTTPS headers and post parameters

Advertisements

user passwords

<
Password cracking seems like a difficult task but these techniques make it as simple. We’ll show you some software which cracks windows, mac, and linux user account passwords in a just a few minutes. The programs basically do all the hard work for you as noted in this tutorial.

Breaking into a computer is an illegal activity but it does help to know how to re-access your own equipment. So, this post is for informational and ethical purposes only! This how-to covers three OS we use and the methods to crack the log-in passwords.

Windows

For Windows OS, Ophcrack is the tool of choice. It is a free Windows Password cracker based on Rainbow Tables. It has a GUI which makes it easier to run. The software can decipher passwords up to 14 characters in length in a quick 10 seconds.

To use Ophcrack one needs to download the Ophcrack ISO and burn it to a CD (or load it via a USB drive). Run the CD by loading it in the tray and restarting the computer with the power switch. Switch to the BIOS options and set the computer to boot from the CD Drive. The computer boots up and reads the Ophcrack CD which then proceeds to break the password. Use this password to log into the machine.

Ophcrack is a multi-platform software and so can be used for Mac and Linux too.

Mac OS X

Apart from Ophcrack, another simple method involves using the Mac OS X installation CD (for v10.4). Insert and reboot to display UTILITIES. Choose RESET PASSWORD to get a new one. Login using this password. To reset the password in Mac OS X 10.5, reboot the computer and press COMMAND + S.

At the prompt type in:

sck -fy
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

dscl . -passwd /Users/UserName newpassword

Login with the new reset password.

Linux

Power on the computer, press the ESC key and on the boot loader (GRUB) screen select the ‘Recovery Mode’. Press the ‘B’ Key to enter the single user mode. At the default prompt, type in ‘passwd’ and key in your new password. For access to a single account on the system type ‘passwd username’ replacing ‘username’ with the login name for the account you would reset the password for.

A lesson in cracking is also a lesson in security. Joe Tech’s article advocates the use of encryption (Blowfish or AES-128) as a failsafe against password breach.

OSSTMM

The Open Source Security Testing Methodology Manual 

It documents more than 100 attacks to for security testing. including-

information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.