Tools
The following are recent tools published by MWR InfoSecurity.
Full TextRulestats.pm - A SpamAssassin Rule Statistics Plugin
May 14, 2010
This is a SpamAssassin plugin which stores, on a rule by rule basis, the number of spam emails that each SpamAssassin rule (including subtests which are only used internally) fired on, the number of legitimate emails that the rule fired on and the maximum and minimum scores of emails that each rule fired on. System administrators should find this very useful as it will provide an immediate insight into the accuracy and suitability of each rule that is used, based on other rules.
There are several SpamAssassin rule-based analysis projects currently available but most of them seem to work by analysing the logs that SpamAssassin generates. This plugin does not work in this way; it hooks into SpamAssassin's checking code and writes the statistics directly to a MySQL database, offering real-time accurate statistics which do not rely on log file parsing or analysis.
DLSw Query Tool
Nov 17, 2009
This tool is intended for the purpose of evaluating security controls applied to the DLSw service running on a Cisco routing device.
TCP-over-File Tunnel
Jan 12, 2009
As of Windows 2003, Terminal Services supports the sharing of local folders with clients by default; this tool can be used to tunnel multiple simultaneous TCP connections through shared files. This is very useful if, during a penetration test, you can connect to a server via RDP deep within a data centre and would like to forward ports but all traditional covert channels such as reverse connections and DNS tunnelling are blocked.
It is often the experience of the author that too much reliance is made upon locked down GUIs and so it is assumed it would be difficult for an attacker to directly attack other servers with the data centre. Combined with Metasploit's meterpreter, this tool can be used to tunnel exploits through RDP to attack otherwise inaccessible servers.
It must be noted that a custom virtual channel could be implemented for the same purpose, rather than relying on shared files. However, tunnelling connections through files was chosen as this is often desired functionality and so might be a business requirement. Additionally, this tool could potentially be useful in other environments outside of RDP.
RDP Cipher Checker
Jan 12, 2009
This is a python script that will enumerate the encryption protocols supported by the server and the cipher strengths supported using native RDP encryption (assuming this is supported).
VMWare authd brute forcer
Aug 15, 2008
This is a multithreaded tool to bruteforce the VMware console. This acts as a wrapper around VMware-cmd, which must be installed for this to function. It will allow you to try multiple passwords for a single user account in order to identify any weak passwords which may have been set.
Around 10 threads will normally be fine, Windows systems will lap it up, *NIX systems will be slower. The dictionary should be specified by path. For efficiency and to ensure concurrency between threads the dictionary is read into memory.
WARNING: inetd will only allow a certain number of connections per minute (around 250) after this number the service, in this case vmware-authd, will die causing a DoS. Therefore be careful if you are using this tool against UNIX based systems. If so then ensure that xinetd is being used instead.