Saturday, December 23, 2006

Crash Couse in IPv6

Two articles introducing IPv6.

It introduces the IPv6 address space and how it is represented normally and in HTTP URL.
Then it explains the significance of various bits in an IPv6 address; what is site-prefix, subnet-ID and interface-ID; unicast, multicast, and anycast.

Thursday, December 21, 2006

KB Articles QuickSearch

Here's a registry mod that will have you looking up Microsoft
Knowledge Base articles instantly in your browser.

Modify the registry to add the capability to quickly search
the KB articles (formerly referred to as Q articles) in Windows XP
or Windows Server 2003. Here's the procedure:

  1. Run regedit.exe.
  2. Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl.
  3. From the Edit menu, select New, Key and name it KB.
  4. Select the new KB folder that you just created under the SearchUrl folder, and in the right-hand pane double-click Default.
  5. For Value data, enter
  6. Click OK and close the registry editor.

To test this procedure, open Internet Explorer and type KB followed
by the name of the KB article number (for example, to search for
article number 917021, type "kb 917021"). It should take you directly
to the article in your browser.

Make sure that you don't add KB as a key in the SearchUrl folder.
KB should be a subfolder of SearchUrl folder and it should contain
the above entry in the right-hand pane.

I've tested this procedure successfully on Windows XP and Windows
Server 2003 operating systems, and on Internet Explorer and Mozilla
Firefox browsers.

How Skype Works

Interesting read on how skype works trough firewalls.

Thursday, December 14, 2006

Rule-based Access Control

A very good article in describing Rule-based Access Control, to improve security and make programming easier with an authorization framework.

Monday, December 11, 2006

Taking pwdump to next level with fgdump

New versions of the ultracool tools pwdump (1.4.2) and fgdump (1.3.4) have been released.

Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading, since there are numerous performance improvements and full multithreading capabilities in both packages.

If you don’t know..what are pwdump6 and fgdump?

pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily. I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.

Darknet definately DOES recommend fgdump, super cool update of the old favourite pwdump.

fgdump was born out of frustration with current antivirus (AV) vendors who only partially handled execution of programs like pwdump. Certain vendors’ solutions would sometimes allow pwdump to run, sometimes not, and sometimes lock up the box. As such, we as security engineers had to remember to shut off antivirus before running pwdump and similar utilities like cachedump. Needless to say, we’re forgetful sometimes…

So fgdump started as simply a wrapper around things we had to do to make pwdump work effectively. Later, cachedump was added to the mix, as were a couple other variations of AV. Over time it has grown, and continues to grow, to support our assessments and other projects. We are beginning to use it extensively within Windows domains for broad password auditing, and in conjunction with other tools (ownr and for discovering implied trust relationships.

fgdump is targetted at the security auditing community, and is designed to be used for good, not evil. :-) Note that, in order to effectively use fgdump, you’re going to need high-power credentials (Administrator or Domain Administrator, in most cases), thus limiting its usefulness as a hacking tool. However, hopefully some of you other security folks will find this helpful.

Get pwdump here

Get fgdump here