Learn How to Scan all open TCP and UDP ports using VISION

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features

• Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.
• View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.
• Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

List Applications Running

List Services Running

List Devices Running

Faq

Q. Will Vision work on Windows 9x, Me, or XP?

A. Vision will not work on Windows 9x, or Me. It will work with Windows XP.

Q. I get “Must be Admin” error when trying to launch. I am the Administrator, so what’s the problem?

A. Check to ensure that nbt binding is enabled. In NT 4 this is done in your network interface bindings. Under Win2k check to ensure that you have the TCP/IP Netbios helper enabled.

System Requirements

• NT 4/ Win 2000
• NT 4 needs psapi.dll
• 800x600 res. minimum
• 256 colors min
• 32MB

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Simple security audit & Penetration test tool HackBar 1.4.2 download for free: Its Add-ons for Firefox

Version 1.4.2

Works with Firefox: 1.5 – 3.6.*

Updated May 13, 2009

Developer Johan Adriaans

Rating Rated 5 out of 5 stars

# In general

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, and a lot of google :)

# The advantages are:

- Even the most complicated urls will be readable

- The focus will stay on the textarea, so after executing the url (ctrl+enter) you can just go on typing / testing

- The url in textarea is not affected by redirects.

- I tend to use it as a notepad :)

- Useful tools like on the fly uu/url decoding etc.

- All functions work on the currently selected text.

# Load url ( alt a )

This loads the url of the current page into the textarea.

# Split url ( alt s )

When this button is clicked, the url/text in the textarea will be split into multiple lines using the ? and & character

# Execute ( alt x, ctrl enter )

This will execute the current url in the textarea, i mostly use ctrl+enter

# INT -1 ( alt - )

First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# INT +1 ( alt + )

Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# HEX -1 ( control alt - )

First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# HEX +1 ( control alt + )

Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# MD5 Hash ( alt m )

this is a standard hashing method, often used as an encryption method for passwords. It will MD5 hash the currently selected string.

# SHA-1/256

this is a standard hashing method, often used as an encryption method for passwords. It will SHA-1/256 hash the currently selected string.

# MySQL CHAR() ( alt y )

If quotes are escaped but you did find an SQL injection thats exploitable, you can use this button to convert lets say:

load_file('/etc/passwd') --> load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100))

Thus omiting the use of quotes to load a file.

You can also use this on

WHERE foo LIKE ('%bar%') --> WHERE foo LIKE (CHAR(37, 98, 97, 114, 37))

# MsSQL CHAR() ( alt q )

Same story as MySQL CHAR(), MsSQL has a slightly different CHAR syntax

--> WHERE foo LIKE ( CHAR(37) + CHAR(98) + CHAR(97) + CHAR(114) + CHAR(37))

# Base64 encode / decode

Base64 encoding ( UU ) is often used to store data (like a return url etc.) This will help you to read those values.

# URLencode / decode

This will encode or decode the currently selected characters to url safe characters. I mostly use it to end a query with # (%23) when in a pseudo path where i cant use /* or --

And lots more ;) Go test it!

DOWNLOAD HERE

Learn How to Scan open ports using Angry IP Scanner

From the Angry IP scanner software enter the target IP address.

 

Click Options, then click Select Ports and enter the ports you are searching for. Click OK.

Click the Start button.

Once the scan has completed a window will appear identifying the results. Click OK.

In this example:

• Port 21 (FTP [File Transfer Protocol]) is open.
• Port 80 (Web) is open.
• Port 139 (Windows Share) is open.
• Port 445 (Windows Share) is open.

Right-click on the IP address to bring up a menu; then select OPEN COMPUTER, then IN EXPLORER.

In this example, the results revealed the following:

• The Database directory is shared.
• The Downloads directory is shared.
• The Personal directory is shared.
• There may be Printers shared on the target.
• The Windows scheduler is running and may have tasks that can be modified.

If the shares ask you for a username/password when attempting to access them, initiate a NULL session and try again.