Console is a Windows console window enhancement.

Console features include:

• multiple tabs
• text editor-like text selection
• different background types (solid color, image, fake transparency)
• alpha and color-key transparency
• configurable font
• different window styles

Console is NOT a shell. Therefore, it does not implement shell features like command-line completion, syntax coloring, command history, etc.

Console is simply a nice-looking front end for a shell of your choice (cmd.exe, 4NT, bash, etc.) Other command-line utilities can also be used as ’shells’ by Console.

Command line parameters
Console supports these command line parameters:

-c <configuration file>
Specifies a configuration file.

-w <main window title>
Sets main window title. This option will override all other main window title settings (e.g. ‘use tab titles’ setting)

-t <tab name>
Specifies a startup tab. Tab must be defined in Console settings.

-d <directory>
Specifies a startup directory.

-r <command>
Specifies a startup shell command.

-ts <sleep time in ms>
Specifies sleep time between starting next tab if multiple -t’s are specified.

Note: -t option is not used to set tab’s title. It specifies one of the names of the tabs defined in Console settings.

Note: If you specify multiple -t options, you can specify multiple -d and -r options as well. In that case, each -t, -d and -r option will be grouped together. If there is no corresponding -d option for a -t option, the initial directory from that tab’s settings will be used. For example:

Console.exe -t bash -d C:\WINDOWS -r “ls -al” -t cmd -d D:\ -t ncftp

Will start ‘bash’ tab in C:\WINDOWS, running “ls -al” command in it and ‘cmd’ tab in D:\. ‘ncftp’ tab will be started in the initial directory specified in its settings.

Note: Some shells need an additional switch in the startup command string. E.g. when using cmd.exe, you must put /k at the beginning of your command string:

Console.exe -t cmd -r “/k dir /b”

Note: -ts option can be useful if you want to start multiple instances of a tab, and tab’s shell needs write access to some files during initialization Using -ts option, you can specify time to sleep between starting the next tab, giving each shell enough time to initialize itself.

You can Download the latest version of Console from here: Console

Console In Action:

OrakelCrackert is an Oracle 11g database password hash cracker using a weakness in the Oracle password storage strategy. With Oracle 11g, case sensitive SHA1 based hashing is introduced. Storing passwords in a case sensitive way introduces more possible password combinations so password cracking takes longer. For example, the number of possible password combinations using a password generated out of the character set “[a-z][A-Z][0-9]#$_” where passwords start with a alpha character using is 52/65 * 65 ^ passlength. For an 8 position password this means 254.915.850.312.500 combinations.

Since Oracle is still storing the DES based password hashes, an attack much faster than brute forcing can be launched for most (not all) passwords. To do so:

1 - Get both the Oralce < 11g and 11g password hash, for example by executing the query “select user, password, spare4 from sys.user$ where username = <target>”.

2 - Crack the old DES based password hash (field “password”) which is generated using the upper case version of the mixed case password (note: this is not applicable to all possible passwords in Oracle 11g).

3 - If the upper case password is found, calculate the SHA1 result of the ASCII value of the password followed by the salt (nibble 41-60 of field SPARE4) to the SHA1 based password hash (nibble 1-40 of field SPARE4). Do this for every upper/lower case combination possible until you have got a match.

4 - Voila!

Using a password generated out of the character set “[a-z][A-Z][0-9]#$_” where passwords start with a alpha character (currently supported by OrakelCrackert), the number of password combinations shrinks to 26/39 * 39 ^ length (= step 2) + 2 ^ length (= step 3). A full brute force for an 8 position password will now at maximum ‘just’ take 3.568.006.173.910 tries. This is about 77 times less than the original value.

Example:
========
select name, password, spare4 from sys.user$ where name = ‘THC’;
THC,435D0D3C8468DBC4,S:D39F4CC16573323279E5E4E16D359D6C55DCC09202B03D5D74B6841CEA2E

USER_PASS = ASCII(USER + GUESSED_PASS)
PASS_UPPER = ORACLEHASH(GUESSES_PASS)
FOR(ALL UPPER/LOWER CASE COMBINATIONS)
PASS_SALT = ASCII(PASS + SALT)
GUESSED_CASE = SHA1(PASS_SALT)
IF(GUESSED_CASE == SPARE4)
DONE!

With real-life data:
USER_PASS = ASCII(THC + THC#) = 0×54484354484323
PASS_UPPER = ORACLEHASH(0×54484354484323) = 0×435D0D3C8468DBC4
FOR LOOP (only the correct guess):
PASS_SALT = ASCI(tHC# + 0×02B03D5D74B6841CEA2E) = 0×7448432302B03D5D74B6841CEA2E
GUESSED_CASE = SHA1(0×7448432302B03D5D74B6841CEA2E) = 0xD39F4CC16573323279E5E4E16D359D6C55DCC092
IF(0xD39F4CC16573323279E5E4E16D359D6C55DCC092 == 0xD39F4CC16573323279E5E4E16D359D6C55DCC092)
WE’VE GOT HIM!

Further reading:
================
<http://www.petefinnigan.com/weblog/archives/00001096.htm>
<http://www.phenoelit.net/lablog/oracle.sl>
And didn’t we saw this flaw before?
<http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf>

Website: http://www.thc.org/

A passive network sniffer/packet capturing tool for Windows with a great user interface. It can detect OS’s, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.

Host Detection:

Recieved Frame:

Files:

Images:

Cleartext:

Anomaly Log:

Website: http://sourceforge.net/projects/networkminer/