tools

All posts tagged tools

PercX has been furiously hacking multi-function printers, and the result is a new tool called Praeda. Praeda is used to interrogate printers from a variety of manufacturers in an effort to gain information about a target network, or compromise credentials. You can get it here. It’s written in perl.

Required perl modules:

LWP::Simple
LWP::UserAgent
HTML::TagParser
URI::Fetch
HTTP::Cookies

Praeda syntax:
praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE

TARGET_FILE = List of IP addresses or Host names to enumerated
TCP_PORT = port address of targets to scan ” At present only one port can be specified. This is expected to be modified in future version”
PROJECT_NAME = the name for this project. This will create a folder under the folder where Praeda was executed to contain logs and export info.
OUTPUT_FILE = name of log file for data output

Example:
./praeda.pl  target.lst 80 project1 data-file

The results will create a folder called project1 and save all information in that folder. Praeda will also create a log file called data-file.log to store output and diagnostics.

I’ve updated my Samba modifications for the 3.3.7 release. The patch adds support to Samba utilities for passing-the-hash. For the uninformed, this allows you to leverage hashes gathered with such excellent tools as FgDump, without needing to ever crack the password. You can simply pass-the-hash and mount remote shares, create new accounts, etc. as the targeted account. Another bit of goodness here are some changes to the nmbd and smbd daemons. With this patch, nmbd will respond to all broadcast requests. Smbd will log any challenge/response handshakes. All sorts of fun can be had with this…  See the following pages for more information:

http://www.foofus.net/jmk/smbchallenge.html/
http://www.foofus.net/jmk/passhash.html