Ladies and Gentlemen,
Myself and my counterpart Dopey would proudly like to announce our newest tool Hax0rBl0x - Cred Harvester. The Hax0rBl0x suite is going to be a fully featured suite of tools that will make different types of attacks quick and easy.
NOTICE: THIS TOOL DOES NOT DO ANY MITM ATTACKS. A SEPARATE TOOL WILL BE RELEASED IN THE FUTURE TO ADDRESS MITM ATTACKS.
Google Code: http://code.google.com/p/hax0rbl0x/downloads/list
Current tools in development:
-Hax0rBl0x.sh: This is the main menu framwork that allows us to add more tools by simply dragging and dropping files.
-Passive OS Fingerprinting (Beta): This is a passive scanner that will read information from passing packets to find OS, Browsers, Apps, Open Ports, Uptime, Host type, and Manufacturer of each host on the network.
-Cred Harvester: This is a tool similar to Easy-Creds or YAMAS, but extremely polished to harvest creds, cookies, social security numbers, or credit card numbers from selected targets. The info is then displayed on an easy to read summary on screen and dumped into an easy to read report for further persusing. The programs launched are Ettercap, SSLStrip, Dsniff, Hamster & Ferret, NGREP, and URLSnarf.
Feature List (Not all inclusive. Just what I could remember.)
Exhaustive Sanity Check for Dependencies
Easily select which programs you want to run together.
Auto restart if a program crashes.
All credentials are displayed on screen in near real time.
-Fixed a bug related to installing the SSLDefinitions. If the directory didn't already exist, it would error out.
-Fixed a bug with updating. Even if the file didn't exist on the server, it would act as if it had succeeded.
-Added in the ability to check for SSLDefinition updates.
-Changed the way the program looked for updates for future compatibility with other programs.
-Fixed a bug in the override option not working as intended.
Sometimes SSLStrip will report as crashed, but it'll still be running. We have a workaround in place, so the impact of the bug is nil.
Hamster and Ferret has had some reported issues with the version that's installed with BT 5. There is apparently an issue with the installed version working correctly with a 64 bit OS. So to remedy this issue, we just assume that your version is broken. Even if you have Hamster and Ferret installed, the program will report that it isn't and offer to install its own version. While we do give you the option to override this and execute the script anyways, it's in your best interest to let the script do its magic. Don't worry, if we find a version already installed where we want to install ours, we'll back it up!
"Similar to Easy-Creds (although we had the idea prior to discovering the tool) we decided to have a simple script that would handle Ettercap, SSLStrip, DSniff, URLSnarf, Hamster & Ferret (Sidejacking attack), and NGREP. In addition to dumping the output to a nice log file automatically, we wanted to have a simple display showing real-time creds as they are captured. We were able to filter the output to prevent duplicate creds displaying, and wrote a simple filter wizard to only display real-time URLSnarf data that you ACTUALLY NEED to see right now. No data is left out of the final report (with multiple logging options) so you can still get everything you need, but see real-time only what you want.
(As a side note, we also do not blanket wipe out IPTables or anything like that. Every check is done to attempt to keep your system the same as what it was, while only changing and cleaning up what's needed for whatever program you choose to load.)" - Dopey
We also take lots of care to sanity check EVERYTHING. That means that at no point in time should you be able to cause the script not to run by forgetting to make a file or directory or install a dependency.
The tool is in the final stages of being created, and we're almost ready for its debut. We are REALLY excited over this addition and we hope you guys are too! If you have any ideas, comments, or feedback we'd love to hear it!
As a side note, these tools have all been tested on both Backtrack 5 R3, as well as on the RaspberryPi running PwnPi. We've made every effort to make efficiency our top priority due to the limited processing power of the Pi.
Here are some pictures of the current version to whet your appetite.
Loading the programs:
Everything loaded and running:
No shots of actual credentials being harvested yet. Those are being kept behind closed doors until our release. I'll go ahead and fill you in though, it looks good!