Inguma 0.0.5: Brute forcing and password cracking



Hi to all,

The latest version of Inguma (0.0.5) have been released with many fixes
and new modules. The following are the most important changes and
updates:

* Added one exploit for the vulnerability in SYS.LT.FINDRICSET (Oracle
CPU Oct. 2007).
* Added the module "firetest" to test firewall configurations.
* Added module "brutessh" to brute force SSH servers.
* Added module "bruteora" to brute force Oracle servers. It will check
for every (commonly) possible user or for an specified user.
* Added a tool to crack MD5 hashes using freely available rainbow
tables.
* Added module "sidguess" to guess the SID of an Oracle Database
instance.
* _*Initial*_ shellcode support. See the SIDVault remote root exploit
and $INGUMA_DIR/lib/libexploit.py for details. x86 support with
InlineEgg. Thanks you Gera!
* Added a password cracker for Oracle11g.
* Added a password cracker for MS SQL Server 7 and 2000.
* Enhanced the Oracle PL/SQL Fuzzer. Now, if you redirect the output
only the vulnerabilities found are logged, all the rest of the output
are written to stderr.

Regards,
Joxean Koret

Attachment: signature.asc
Description: This is a digitally signed message part



Relevant Pages

  • RE: Oracle hash-list?
    ... against our database. ... of our oracle user table off-site. ... The easy way to build your own brute force tool or "rainbow crack" type ... whole thing up on a small box with 512mb of ram and a little disk. ...
    (Pen-Test)
  • [Full-disclosure] Inguma 0.0.5: Brute forcing and password cracking
    ... Added module "brutessh" to brute force SSH servers. ... Added module "bruteora" to brute force Oracle servers. ... for every possible user or for an specified user. ...
    (Full-Disclosure)