Windows Hacking and Testing Tools
Literally hundreds of Windows hacking and testing tools are available to help keep you safe from hackers. The key is to find a set of tools that can do what you need and that you’re comfortable using.
The more security tools and other power-user applications you install in Windows — especially programs that tie into the network drivers and TCP/IP stack — the more unstable Windows becomes. This means slow performance, blue screens of death, and general instability issues. Unfortunately, often the only fix is to reinstall Windows and all your applications.
Free Microsoft tools
You can use the following free Microsoft tools to test your systems for various security weaknesses:
Built-in Windows programs for NetBIOS and TCP/UDP service enumeration, such as these three:
nbtstat for gathering NetBIOS name table information
netstat for displaying open ports on the local Windows system
net for running various network-based commands, including viewing shares on remote Windows systems and adding user accounts after you gain a remote command prompt via Metasploit
Microsoft Baseline Security Analyzer (MBSA) to test for missing patches and basic Windows security settings
Sysinternals to poke, prod, and monitor Windows services, processes, and resources both locally and over the network
All-in-one assessment tools
All-in-one tools perform a wide variety of security tests, including the following:
Basic password cracking
Detailed vulnerability mappings of the various security weaknesses that the tools find on your Windows systems
These tools work with very good results:
Qualys’s cloud application service provider/software as a service (whatever term you want to use these days) is very easy to use. Simply log in to the interface, give it the IP addresses to scan, and tell it to go. The service has very detailed and accurate vulnerability testing — it’s an all-time favorite for network/OS vulnerability testing. Another good scanner is Rapid7’s Nexpose.
The following tools perform one or two specific tasks. These tools provide detailed security assessments of your Windows systems and insight that you might not otherwise get from all-in-one assessment tools:
Metasploit for exploiting vulnerabilities that such tools as QualysGuard and Nexpose discover to obtain remote command prompts, add users, and much more
NetScanTools Pro for TCP port scanning, ping sweeps, and share enumeration
ShareEnum for share enumeration
TCPView to view TCP and UDP session information
Winfo for null session enumeration to gather such configuration information as security policies, local user accounts, and shares
Windows XP SP2 and later versions, as well as Windows Server 2003 SP1 and later versions, have a new undocumented feature that can (and will) severely limit your network scanning speeds: Only ten half-open TCP connections can be made at a time.
If you think your system might be affected by this, check out the Event ID 4226 Patcher tool for a hack to run on the Windows TCP/IP stack that will allow you to adjust the TCP half-open connections setting to a more realistic number. The default is to change it to 50, which seems to work well.
Be forewarned that Microsoft doesn’t support this hack. Disabling the Windows Firewall (or other third-party firewall) can help speed things up, too. If possible, test on a dedicated system or virtual machine, because doing so minimizes any impact your test results may have on the other work you do on your computer.