Month: June 2009

New Wireshark

Anthony ReinkeLeave a comment

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

In this release

  • Wireshark has a spiffy new start page.
  • Display filters now autocomplete.
  • A 64-bit Windows (x64) installer is now provided.
  • Support for the c-ares resolver library has been added. It has many advantages over ADNS.
  • Many new protocol dissectors and capture file formats have been added.
  • Macintosh OS X support has been improved.
  • GeoIP database lookups.
  • OpenStreetMap + GeoIP integration.
  • Improved Postscript(R) print output.
  • The preference handling code is now much smarter about changes.
  • Support for Pcap-ng, the next-generation capture file format.
  • Support for process information correlation via IPFIX.
  • Column widths are now saved.
  • The last used configuration profile is now saved.
  • Protocol preferences are changeable from the packet details context menu.
  • Support for IP packet comparison.
  • Capinfos now shows the average packet rate.

http://www.wireshark.org/

2 Old Tools and 1 New Tool

Anthony ReinkeLeave a comment

Many time you might need to access a system but have been locked out or the password to access the local system has been forgotten. There are many ways to deal with that.

NT Offline
If you just want to get in quickly you can use NT Offline. NT Offline will allow you to blank/clear or change the password of an existing local account.  This boots up in to a linux command line utility.  From here you select the drive the OS is on, the path to the config files, and then which account(s) you would like to modify.

fgdump
Being able to change  a password is great and all but what if you need to get the password.  fgdump will allow you to dump the dump the LSASS.  This will allow you to get the users accounts and their hashed passwords.  How to find the password from the hash is another story.  You might start by looking at RainbowTables.

KonBoot
This is the new tool.  It is getting quite a bit of hype right now.  This tool will boot a different kernel of the OS and then load Windows or Linux during the boot.  Once you get to the login screen, simple select a local user or a cached user and press enter with no password and you are in.  There is not much you can do to the account, but you have access to the machine.

Yes I know that these can be listed as “hacker” tools.  But the “hacker” tools are a administrator’s best friend.

I will post these in the links section also.

Least Privilege Security Model

Anthony ReinkeLeave a comment

I am finding in my daily work that everyone talks about and wants the least privilege security model until want access to something. We can redesign a network share and say that only groups are allowed and that we are not to allow user access to directly to have access and within a month of going live there is a handful of user accounts listed. What I also find funny is how people react when you ask why? Why do you need this access? You would think I am asking them to justify why they exist. My goal is to be able to document and justify why I have granted access to something (share, server, etc.) and they get offended. Using the model of least privilege help to protect everyone and the company.