These are security tools that serve different purposes - enforcing password complexity in SQL server, brute-forcing of SQL server accounts, dumping Windows security information, checking for modems, log analysis, cracking Windows passwords, etc.
- LINReS - Script used for collecting volatile and non-volatile information during the initial response phase of the Incident Response methodology
- EnforcePass - Enforce password complexity on a MS SQL Server
- ForceSQL v2.0 - Brute-force MS SQL passwords
- DumpWin v2.0 - Displays Windows security information
- Log Analyzer - Analyze any log file
- NtCrack - Crack NT password hashes
- ModCheck - Detect modems on a Windows system.
Rated by SQLServerCentral Weak passwords are more often than not the weakest link in the chain of security. A case in point is the recent Spida worm which used the blank password of the 'sa' username in SQL Servers to wreak havoc. To protect against users and DBAs choosing weak passwords we have developed a function which checks for password complexity using these parameters:
- It must not be the same as the login name
- It must not contain the login name
- Its length must be greater than 6 characters
- It must contain atleast one alphabet
- It must contain atleast one numeral
- It must contain atleast one punctuation character
Passwords are one of the main sources of insecurity in any setup. Especially for a critical database. This utility tries to guess the password of an MS SQL Server user. ForceSQL finds a mention in the book "HackNotes Windows Security Portable Reference" published by McGraw-Hill in chapter 6: Probing Common Windows Services.
The features of v2.0 are:
- Easy Command-Line Control
- Dictionary Attack
- Brute Force Attack
- Much faster than v1.0
- It allows you to choose a port other than 1433
Usage :
- For the Dictionary Attack: forceSQL [IP] [UserID] -d
- For the Brute Force Attack: forceSQL [IP] [UserID] -b [length]
- In case the port is other than 1433, you can append it to the IP seperated by a comma. Like so: forceSQL [IP,port] [UserID] -b [length]
Works on: Windows NT/2000/98/95:
DumpWin v2.0 (Download)
This utility displays the following System Information. It is especially useful for System Administrators, Auditors, and Security Professionals.
- General Machine Information
- Drive Information
- Modem Drivers
- Lists of all Software Installed
- Shares Present
- Startup Programs
- Active Processes
- List and Status of Services
- List of local Group Accounts
- List of User Accounts
- Dumps ACL's for files/folders/registry
- Show Account Lockout Policy
Log Analyzer (Download)
This utility takes as input the folder where your log files are stored and the file containing the patterns to be searched. It is a generic tool useful for scanning almost any type of log file - Syslog, Windows Events, CISCO, IIS, Apache, etc. It is essentially for auditors to gather critical information quickly from the host's log files. We have provided a match.pat file containing common signatures for attacks on IIS, and will be adding more signature files for other systems as well.
Usage: la [Directory] -t [type of log files] -p match.pat
Example: To scan the IIS log files in the current directory for the year 2003 only using a pattern file iis.pat: la . -t *03.log -p iis.pat
NTCrack (Download)
NTCrack is basically a Windows NT/2000 password cracker which uses the MD4 hashes produced by pwdump2 of Todd Sabin. pwdump2 can be downloaded from http://razor.bindview.com/tools/desc/pwdump2_readme.php
You must take the output from this file, and feed in the last 32 characters (after the third colon) at the command prompt as the first argument to ntcrack. The output of pwdump2 is in the format
User:UserID:LMHash:MD4Hash
We need the last hash. Copy it and feed it as the first argument of ntcrack. For instance, after running pwdump2 you would take the user whose password you wish to crack, and determine the MD4 hash of this user.
ntcrack e270e1e3d0518b564fcab5e6d846d94c
Lastly, ntcrack searches for a dict.txt file in its own folder. This is the wordlist used to crack the passwords. Without this it won't work. Current speed is almost 400,000 checks in 8 seconds on a Pentium 800Mhz processor with 128Mb RAM.
Works on: Windows NT/2000. You will need Administrative access for pwdump2 to work properly.
ModCheck (Download)
A user can bypass all the security mechanisms at your organization's firewall or gateway by dialing out with a modem. A strict Security Policy prohibits the use of modems by individual workstations. This nifty little utility shows if the user has installed any modems on his machine. We have made the fingerprint very small by coding it in assembly (7Kb).
Works on: Windows NT/2000/2003/XP/9x
Disclaimer
DISCLAIMER OF WARRANTY: THE PROGRAMS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. NII FURTHER DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
LIMITATION OF LIABILITY: IN NO EVENT SHALL NII OR ITS LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, INCURRED BY CUSTOMER OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, EVEN IF NII HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NII'S ENTIRE LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED THE FEES ACTUALLY PAID BY CUSTOMER TO NII FOR THIS LICENSE.