Windows Hacking and Testing Tools - dummies

Windows Hacking and Testing Tools

By Kevin Beaver

Literally hundreds of Windows hacking and testing tools are available to help keep you safe from hackers. The key is to find a set of tools that can do what you need and that you’re comfortable using.

The more security tools and other power-user applications you install in Windows — especially programs that tie into the network drivers and TCP/IP stack — the more unstable Windows becomes. This means slow performance, blue screens of death, and general instability issues. Unfortunately, often the only fix is to reinstall Windows and all your applications.

Free Microsoft tools

You can use the following free Microsoft tools to test your systems for various security weaknesses:

  • Built-in Windows programs for NetBIOS and TCP/UDP service enumeration, such as these three:

    • nbtstat for gathering NetBIOS name table information

    • netstat for displaying open ports on the local Windows system

    • net for running various network-based commands, including viewing shares on remote Windows systems and adding user accounts after you gain a remote command prompt via Metasploit

  • Microsoft Baseline Security Analyzer (MBSA) to test for missing patches and basic Windows security settings

  • Sysinternals to poke, prod, and monitor Windows services, processes, and resources both locally and over the network

All-in-one assessment tools

All-in-one tools perform a wide variety of security tests, including the following:

  • Port scanning

  • OS fingerprinting

  • Basic password cracking

  • Detailed vulnerability mappings of the various security weaknesses that the tools find on your Windows systems

These tools work with very good results:

Qualys’s cloud application service provider/software as a service (whatever term you want to use these days) is very easy to use. Simply log in to the interface, give it the IP addresses to scan, and tell it to go. The service has very detailed and accurate vulnerability testing — it’s an all-time favorite for network/OS vulnerability testing. Another good scanner is Rapid7’s Nexpose.

Task-specific tools

The following tools perform one or two specific tasks. These tools provide detailed security assessments of your Windows systems and insight that you might not otherwise get from all-in-one assessment tools:

  • Metasploit for exploiting vulnerabilities that such tools as QualysGuard and Nexpose discover to obtain remote command prompts, add users, and much more

  • NetScanTools Pro for TCP port scanning, ping sweeps, and share enumeration

  • ShareEnum for share enumeration

  • TCPView to view TCP and UDP session information

  • Winfo for null session enumeration to gather such configuration information as security policies, local user accounts, and shares

Windows XP SP2 and later versions, as well as Windows Server 2003 SP1 and later versions, have a new “undocumented feature” that can (and will) severely limit your network scanning speeds: Only ten half-open TCP connections can be made at a time.

If you think your system might be affected by this, check out the Event ID 4226 Patcher tool for a hack to run on the Windows TCP/IP stack that will allow you to adjust the TCP half-open connections setting to a more realistic number. The default is to change it to 50, which seems to work well.

Be forewarned that Microsoft doesn’t support this hack. Disabling the Windows Firewall (or other third-party firewall) can help speed things up, too. If possible, test on a dedicated system or virtual machine, because doing so minimizes any impact your test results may have on the other work you do on your computer.