LM NTLM Spider - LM NTLM Sniffer and
Password Recover
LM / NTLM Spider is a password
audit and recovery tool. Passwords are sources of vulnerabilities in different
machines. This tool allows to identify and access password vulnerabilities.
Auditing user password is one of the most important problems for network
administrator. This is to know the strength of password the users are using.
Week passwords represent vulnerability points for any organization.
Before using the tool you should
select the
Interface
you want to use.
After the interface selection
auditing is started. Nsauditor can capture the encrypted hashes from the
challenge/response. That challenge is received when one machine is trying to
connect and authenticate to another one over the network . All NTLMv1
authentication packets of SMB sessions ( using commonly in Windows 95/98 and
Windows NT 4.0 computers ) will be captured and displayed in the SMB Packet
Capture Output window.
The field Name contains
the user name, the field LM Pwd contains the decrypted LM password.,
the field NTLM Pwd contains the decrypted NTLM password, LM Response
is connected user’s password encrypted with Challenge( the
encryption algorithm used in that case is DES ), NTLM Response is
connected user’s password encrypted with Challenge( NTLMv1
authentication uses MD4 cryptographic algorithm to encrypt NTLM hashes ), the
field Started contains the start and the field Finished contains
the end time of capturing process.
After capturing SMB NTLMv1 authentication session packet or
packets you can try to decrypt the received LM password hashes by right
clicking on the window and selecting the button Explore LM Pwd. Clicking
on the mentioned button will show the dialog:
Select the character set
you want to use for decrypting and click on the button OK. All
combinations of the selected character set will be tryed. So this process can
take a long time, depending on the character set length.
Note thatas easy the
password is decrypted as weak it is. The NTLM
audit is much more time consuming because the NTLM hash is based on a stronger
algorithm, and is case sensitive, so in this version we will not support NTLM
password recovering and SMB NTLMv2 (using commonly in Windows 2000/XP/2003
computers) packet capturing. Their support will be available in the next
releases.
Nsauditor Network
Security Auditor is a network security scanner that allows to audit and
monitor network computers for possible vulnerabilities, checks your
network for all potential methods that a hacker might use to attack it.
Nsauditor is a complete networking utilities package that includes a
wide range of tools for network auditing, scanning, monitoring and more.
You can discover network services and check them for vulnerabilities,
list all TCP and UDP endpoints with their associated process, discover
NetBios names, audit MS SQL servers, scan for common Adware traces and
more. The program also includes real-time network packet filtering and
analyzing, web proxy scanning, password auditing, IP address lookup and
more than 45 network tools for scanning, sniffing, enumerating and
gaining access to machines, DNS and WHOIS lookups, e-mail validation,
HTTP traffic generator and intrusion detection based on security events
log. Reports can be generated in HTML and XML format. Overall, this is a
very complete package for a surprisingly low price.
SpotAuditorreveals passwords saved in Internet Explorer, recovers
ICQ, Trillian, Miranda IM, VNC, Far ftp client, SecureFX ftp client, WebDrive
Ftp, FTP
Voyager, AutoFTP,
32bit FTP, FTP Navigator, Dial-up, Outlook and MSN messenger passwords, IE Auto Complete
Fields and
recovers passwords stored behind the asterisks in password
text-boxes. It is a program for viewing and cleaning the secret
data stored by Internet Explorer.
SpotAuditorallows
deletion of unwanted entries from the system protected
storage and explores Outlook Accounts, Visited
URLs, Installed Programs and Start Run Programs on a local
machine or remote computers.
SpotAuditorallows to clear Internet Explorer
history, delete cookies and temporary internet files. You
can recover and restore any lost or forgotten password ever
entered in Internet Explorer.
ShareAlarmPro is a network tool that allows network
administrators and users easily perform a shared folders and
resources monitoring. Using
ShareAlarmPro you can monitor users
attempting to access secured shares and confidential files,
detect and log network access to shared folders, monitor
security events and create alerts for specific events
occurring on your computer, monitor open files, disconnect
users from open files or deny network users access and send
console messages.
It allows network administrators to monitor network shares
and identify shares which are violating data access policy in their
organization. NetShareWatcher is very handy. You can configure it
once and forget about network sharing problems. You need just select
restricted groups or users and every time when NetShareWatcher will
find network share with access list containing that restricted
groups and will perform an configured action. It allows you to
easily monitor network shared folders and permissions.
NetShareWatcher alerts anytime an user sets a share ACL to
"Everyone" or some other global group that violates your data access
policy as well as disable this shared folders automatically if you
have selected appropriate feature in the settings. NetShareWatcher
has user friendly interface and is easy to use. Being configured
once, it will regularly notify you on network sharing detection with
restricted permissions assigned.
BlueAuditor is a wireless personal area network auditor and
easy-to-use program for detecting and monitoring Bluetooth devices
in a wireless network. It can discover and track any Bluetooth
device within a distance between 1 and 100 meters and display key
information about each device being detected as well as the services
device provided. With the growing popularity of the Bluetooth
technology, BlueAuditor will enable network administrators to
effectively audit their wireless networks against security
vulnerabilities associated with the use of Bluetooth devices.
BlueAuditor enables the user to save the data of the detected
Bluetooth devices in an .xml file and supports the most Microsoft
Bluetooth drivers available on the market. All the mentioned
features are provided with a user friendly graphical interface.
RemShutdown allows
shutdown or restart network computers
remotely. You can specify a delay during which a message you
specify can be displayed and applications running on the
remote computer at the time of shutdown can be allowed to
close. In addition, RemShutdown offers the user the option
to cancel the shutdown. The tool is designed with a
user-friendly interface and is easy to use.
Product Key Explorer displays product key for
Windows, MS Office, SQL Server and over 40 other
software products installed on your local or remote network computers. In order to install or reinstall Microsoft Office, Windows, or other commercial software, you must have access to a product key (CD Key) for that product. Product Key Explorer retrieves product keys from network computers and allows to protect your
company from
having pirated software on
your network.
With this software you will be able to track the number of
software licenses installed in your business, find
and recover a lost or forgotten product keys, save and
keep an up-to-date backup of all your software product keys in a
central location. You can also save all your product keys to a
text file for printing or copy the serial number to windows
clipboard. Excellent
tool for network administrators, or businesses undergoing a
software license compliancy.
