Monday, November 2, 2009

DirChex Help

Hey everyone,

DirChex is done!!! Get it here. That being said I would like to post up a little help guide here. This tool is used to take a URL list and run it through an intercepting proxy in a very quick automated way. The benefits for this is no more manually having to enter each line you wanted to request every time. Now all you have to do is make a list of the URL's once, and the rest is why we love DirChex. (also helps if your intercepting proxy does not allow you to save your spidered URL's)

Now when making your input file to request you want to make sure that every URL is separated by line. By that I mean don't put more than one URL on one line. Remember to make sure that word wrap is off so that a decent sized url wont get thrown to another line. Also the preferred AND tested utilities used where notepad++, notepad, and SciTE. As long as it is saved as a .txt though you SHOULD be fine. Now when you got it all set it should look similar to this.



Now you have a nice neat input file to run DirChex with, alright great.

So its time to start up your proxy, and of course DirChex. My recommendation is to start up your proxy first because if you just start filling in all of your preferences then you might end up forgetting to start your proxy and get Chex happy ;)

Once you are all set up simple follow the guidelines of the program. It is pretty self explanatory as far as what to input and where to input it, but just in case your wondering I made a cheat sheet for everyone.



Now that we have covered all the prep work you want to see it run right? Well, your in luck. Like all WxRuby applications this program starts up with a handy little console window. The benefit of this is simple. It acts like a logger so you can see the program running its magic. So hit "Chex it!" then kick back put your hands over behind your head and watch the show till its over.

Now I am assuming that of course someone might have more questions regarding this. If so feel free to contact me or cktricky, the easiest way to contact me is a my direct email (kylearippee@gmail.com) for the quickest response that is.

Happy Hacking!!! ;)

Tuesday, October 27, 2009

Error in libxml2.dll

So the other night I was having a small issue loading the Ruby gem Mechanize into a program I was working on. I kept getting this rather cumbersome error "The procedure entry point XXXXXXX could not be located in the dynamic link library libxml.dll"
I investigated for a while but found no truly helpful documentation drawing to a solution for this rather upsetting issue. Then I came across this site which is all about the creation of the libxml2 library. From here you can easily find and download the latest version of this library. Once I had the library I simply went into C:\Windows and quickly located the old corrupted version of libxml2. When I first attempted to delete the file I was of course prompted with an error that the file could not be deleted because it was in use. After a quick change of the file name I deleted the old library, I then cut and pasted my way to sanity. Quite simple, YET I figured one day someone just might find this useful ;)

Monday, October 26, 2009

DirSnatch _v2.0

Alright so I know I have not posted anything in a while, my bad guys. So this weekend my brother (cktricky) and I worked on our program DirSnatch. It has a pretty nice GUI now and I would have to say I enjoy coding in wxruby. Everything so far seems to be functioning well. If you do find anything wrong then please give us a heads up and we will begin fixing any issues. Feedback and comments are much apriciated as well. Up next we will be working on QwickR. :)

Thursday, September 10, 2009

l0phtCrack

The makers of L0phtCrack are back at it again. Just a short while ago L0phtCrack 6 came out. I was a little skeptical wondering how this new tool would operate. I thought to myself about how the Rainbow Tables Project is completely changing the idea of password strength. Then I saw that L0phtCrack now supports pre-computed hash tables. While there are many benefits to pre-computed hash tables there is also the fact of how large these files must be, and how time consuming they are to create. That is why I am glad to say that L0phtCrack 6 also supports good old Dictionary/Hybrid and Straight Brute Force. After toying around with this tool (by that I mean spending all of Labor Day weekend playing with it) I found that this is a very well rounded program despite a few small bugs that make the tool painful if it is new to you.
The main thing that I had to consider while pondering on this tool is the lack of competitors. I would say there are very few actual password CRACKING tools. That being said I can only think of one that is even close to the same level as L0phtCrack and that would be OphCrack. OphCrack is a tool that uses Rainbow Tables and.....Rainbow Tables. Pretty simple right? Well not really. The reason they are so good is because they actually create and sale their OWN Rainbow Tables.
While I am on the subject of password auditing though I would like to bring up the matter of where did it go? I know there are plenty of tools to not only reset but also bypass password authentication yet those are mostly for physical access to the machine. It is very rare that I hear about anyone speaking of the actual importance of a complex password. I mean please correct me if I am wrong but this is still an issue, yet no one seems to really pay much attention to this form of security anymore.