Yaptest Update: v0.1.9
This release includes enumeration of users via the finger service (using finger-user-enum) and gathering of usernames and password hashes via rexd (Linux rexd client). There are also important improvments to the gathering of topology information, which should make network diagrams generated in YaptestFE look nicer.
See below for the full change log…
* Created "modules" directory to make ebuild creation easier * yaptest-parse-yapscan-tcp.pl now parses TTL info * yaptest-parse-traceroute.pl now parses hop number * Bug Fix: Negative hop number from yaptest-parse-ping-r.pl * yaptest-parse-bannergrab.pl parses usernames guessed by the "finger" probes. * Add the following support username guessing against finger daemons using finger-user-enum.pl: - yaptest-finger-user-enum.pl - yaptest-parse-finger-user-enum.pl - finger-users.txt NB: Only tested against one Linux finger daemon so far. * Added yaptest-password-guess-mysql.pl * Added API for parseing BSD MD5 hashes from john.pot. * Added yaptest-rexd.pl to get credential information from hosts running rexd. * "yaptest-progress.pl reset" takes multiple args. * Improved parsing of /etc/groups by yaptest-groups.pl * yaptest-credentials.pl parses issues about DES-based hashes and cleartext passwords in /etc/passwd.
Posted in Blog