OT and ICS Industry veteran Paul Smith, author of “Pentesting Industrial Control Systems” has recently joined the SCADAfence team in the role of Field CTO. We interviewed Paul to get his thoughts on the current state of OT security, challenges that need to be addressed and his predictions for the future.
He was interviewed by content marketing manager, Joan Weiner Levin.
Bring it on Pandora FMS! If we have previously told you about our success at the Open Source Awards 2022 and the Peer Awards 2021, today we are here to tell you that we are at it once again!
“Why is it easier to get unbiased information about a hotel room than about software?”
In 2012, five entrepreneurs asked themselves this question. The next day, they founded G2.
Una plataforma que en la actualidadA platform that currently has more than 60 million visits per year, and on which users can read and write quality reviews on 100,000 software products and other professional services.
More than 1,500,000 reviews have already been published, which help companies around the world make better decisions about how to reach their full potential.
That is why it is so important and honorable that Pandora FMS has become part of its Top 10 of the best Network Monitoring software.
Above many other already recognized companies. Such as Microsoft, Datadog, Zabbix, Nagios, Dynatrace, Catchpoint, Entuity, PRTG, Checkmk, Wireshark, Smokeping, OPManager, Netreo, Munin, Cacti and many more.
A badge that appoints Pandora FMS once again as the total monitoring solution:
You knew it, and now all G2 users know it too!
For now, to be included in the category of Network Monitoring, a product must, among other things:
Then comes the usability score of a product, which is calculated using their own algorithm that takes into account the satisfaction ratings of real users.
This rating is also often used by buyers to quickly compare and identify on the page the top-rated products.
The number of reviews received at G2 is also important, buyers rely more on products with more reviews.
In turn, G2, apart from rating the products based on the reviews collected in its user community, also does so with the aggregated data from online sources and social networks.
And then, participate in the different categories where you can earn badges like the ones we have won:
And as they say over there:
That would be it!
Today we have reached this milestone, and since 2020 we have been winning these categories, all seasons! Let the Himalaya tremble in fear, we continue climbing to the very top!
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
It should come as no surprise that John can also deal with .zip and .rar archives. John does this by leveraging the zip2john and rar2john utilities, built in the tool, so that it can ingest something that it will know how to use. The syntax is pretty much the same, and by now, you should be quite familiar with it; still, we will use this article to show some examples of how we can make our .zip and .rar archives John-ready. As we will see, this is akin to the unshadow tool we’ve used previously.
As mentioned, similar to unshadow, John has the inbuilt tool that’s called zip2john, which we use to convert our target .zip archive into a format john will know what to do with, and, we hope, crack successfully.
The basic syntax looks something like this:
zip2john [target_zip_file] > [output_file]
Flags:
target_zip_file – this is the path to our password protected protected .zip archive
> – greater than sign which redirects our command results to a specified output file
output_file – in this file we store our output
So, our command will look something like this:
zip2john target_archive.zip > zip_hash.txt
Once we’ve successfully obtained the zip_hash.txt output file, we simply supply it to John. And yes, we can use the wordlists too. Thus, we just had a couple of extra steps before we return to using John as we’ve already learned previously.
More simply put, we can say to John, something like this:
john –wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt
As you can see, this is something that we’ve already learned, and we’ve just used the zip2john utility to prepare our archive for John to work with.
Let’s quickly cover rar2john next, and then we will go over some examples.
The same as zip files, rar can also compress various files and folders. It does so by using the Winrar archive manager.
We use it in the same way as zip2john. First, we use rar2john to make the .rar archive ready for John – by obtaining its hash, then we supply the said hash to John to try and crack it.
The syntax is the same as for zip2john:
rar2john [target_rar_file] > [output_file]
Flags:
target_rar_file – this is the path to our password protected protected ..rar archive
> – greater than sign which redirects our command results to a specified output file
output_file – in this file we store our output
It will look something like this:
rar2john rar_archive.rar > rar_hash.txt
Now we just use John, the way we’ve learned, giving it our rar_hash.txt file:
john –wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt
Now that we’ve covered some basic stuff, let’s look at some examples.
We have a .zip archive, called testZip1.zip with three files inside, called pass.txt, sop.txt, and supersecret.txt.
To digress for a bit: it would be terrible if we saw something like this on our test, as an attacker. The naming convention here in our article is there for our convenience and illustrative purposes. Nobody should have a file called sop.txt (which usually stands for standard operating procedure). Pass.txt and supersecret.txt even less so, for obvious reasons.
Going back to our .zip cracking, we give John a command asking it to make an output file it can understand, and try to crack it. (image below)
We just gave John our output file (in this case test1.hashes), and it cracked our password. Note that you can make your output file to be of any format, for further processing/manipulation. Use what makes the most sense for your purposes.
Since we have our password, we show it with John, and try to open our password protected archive, which prompts us:
Finally, we have our cracked .zip archive, and contents opened, of one of the files:
Let’s look at some more examples.
We password protect our .rar archive, called safe.rar, as we can see – password is password1. Inside, we have put two files, called pass.txt, and pass2.txt, respectively. We now need to make something John can use, out of our .rar archive:
Now we ask John to crack our new file, called rar_cracked.hash, for demonstration, we passed no arguments/options to John first.
When we ask John to crack something, without giving other arguments, it will go through the default modes, with their default settings. (That’s why it started with single crack mode first, in the image above)
Since we know our password is really weak, and we don’t want to wait that much, we use our trusty rockyou.txt wordlist:
Our wordlist mode works immediately, giving us the password we were looking for – password1, as shown above.
We then try to open our archive, finally:
As we can see, we get a popup saying we need to enter our password to access safe.rar, which we type in:
Et voila! We have managed to access the .rar archive:
From the image above – two files, called pass.txt and pass2.txt, as mentioned previously – and their contents.
We’ve seen how we can use John to crack password protected .zip and .rar archives, and how it’s just one extra step after what we’ve already covered previously. Please note, though, that we were using just the rockyou.txt wordlist in our examples, and there are many wordlists out there, of different sizes (which can definitely speed up your attempts), purpose/type (why stop at passwords? We can also have URLs, web shells, fuzzing payloads, etc). Personally, I like to start off with the shortest wordlist that suits my particular need, as it is simply the fastest way. After that, if I don’t crack anything, I can easily switch to some larger lists.
One awesome resource would be the Openwall wordlists found on Openwall website – which is John the Ripper’s original website. There you can find some publicly downloadable lists, as well as paid ones, which can dramatically increase your password recovery potential, as that particular collection has 20+ languages, over 40 million entries, and also has pre-applied mangling rules (in this way you can do other likely password variations – adding digits instead of words, capitalization, etc.)
Before finishing, we would like to add that the best way to get these materials to ‘stick’ is to go and try for yourself. So, go fire up a VM, make some archives, add some files to it, password protect it, and attempt to crack it! (Once you master the easy ones, like in our examples, it’s time to start attacking some more complex passwords, and that’s where the greatest fun begins)
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
