Archive | November, 2006

Wyd – Automated Password Profiling Tool


Wyd is a neat tool I found recently for Password Profiling.

In current IT security environments, files and services are often password protected. In certain situation it is required to get access to files and/or data even when they are protected and the password is unknown.

wyd.pl was born out of those two of situations:

  • A penetration test should be performed and the default wordlist does not contain a valid password
  • During a forensic crime investigation a password protected file must be opened without knowing the the password.

The general idea is to personalize or profile the available data about a “target” person or system and generate a wordlist of possible passwords/passphrases out of available informations. Instead of just using the command ‘strings’ to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible. The goal was to exlude as much “unusable” data as possible to get an effective list of possible passwords/passphrases.


At the moment the following file types are supported:

  • plain
  • html
  • doc
  • ppt
  • mp3
  • pdf

There is more info here.

You can download Wyd here:

Wyd – Latest Version

Posted in: Hacking Tools, Password Cracking Tools

Topic: Hacking Tools, Password Cracking Tools


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Hackers Target Home Users for Cash


Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.

Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.

So instead, they target the end user, home bankers, those who they can scam, con or phish!

Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. Vulnerabilities in desktop applications and the increased use of stealth techniques are on the rise among members of the digital underground, according to the latest edition of Symantec’s Internet Security Threat Report.

The report, which covers the first half of 2006, suggests that consumer security protection is weak, leaving Joe Public easy prey to identity thieves, botnet herders and other financially motivated criminals. Crackers are using a variety of techniques to escape detection and remain on infected systems for longer. Symantec reckons assaults against consumers account for 86 per cent of all targeted attacks. Banks and other financial sector organisations are the second most prevalent target for internet attacks. Phishing attacks almost doubled during the reporting period.

The information on your desktop could be valuable to someone…remember aswell spyware/adware companies are making tens of millions infecting users and just simply collecting information about Internet useage and surfing habits.

In the first half of 2006, 18 per cent of all malicious code samples detected by Symantec had not been seen before, indicating that hackers are trying harder to evade detection by signature-based anti virus and intrusion prevention systems.

Phishers are also attempting to bypass filtering technologies by creating multiple randomised messages. In H1 2006, 157,477 unique phishing messages were detected, 81 per cent more than the previous six months. The financial services sector was the most heavily phished, accounting for 84 per cent of phishing sites tracked by the Symantec.

This shows a BIG pickup in new and unique code, people are trying harder and getting smarter, phishers are starting to use the tricks spammers are already using. Loads of phishing.

Source: The Register

Posted in: Malware, Spammers & Scammers

Topic: Malware, Spammers & Scammers


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.