Linux versus Windows for Security Tools

This isn't so much a question, but rather a statement and I'd love to hear opinions. Just don't slam me! lol.. Give me credit for at least adminitting I use Windows.

I know everyone who is l33t hates Windows and endorses Linux. I can understand why. I'll be honest though, I'm using Win2k for everything. I do have a couple older PIII machines at home and one is running Trustix and the other Lycoris, but I have hardly scratched the surface. My goal is to learn as much about 'hacking' as possible, but I'm not out to seek and destroy. I really have a drive to be an expert in security, but there is a lot to learn. I wanted to put together an arsenal of relied-upon tools to penetrate anything in my way. I thought Linux would be the obvious choice for sure, but it isn't (for me) and here is why..

FWIW, I'm running Win2k pro, not XP.

The company I work for employs about 45 people, mostly software developers, and I'm the main network guy. My Director has mentioned that he is curious who is doing what, so I wanted to see how far I could go with it. What tools can I find to help me analyze what people are doing? If I was a hacker, what tools on what platform would be the most useful? I wanted to know and this is what I found.

1) One of the MS Systems Engineers was talking about Kerberos and how Windows is secure during authentication because it no longer uses NT Hash. I searched for some Linux tool that will hack Kerberos logins but I couldn't find any. There probably is something out there but I just couldn't find it. However, I downloaded two command line utilitiies for Windows called kerbsniff.exe and kerbcrack.exe.. I mirrored out a trunked switch port where I knew user traffic flows and sure enough it captured the login username, domain, and the encrypted version of the password. After a couple of these were captured I ran kerbcrack.exe and it brute forced the account. My point is this was much more efficient to do on Windows than Linux (for me anyway). Is there another way?

2) Monitoring internet traffic - Ok, using ethereal or tcpdump is easy. Is using another tool really essential? Well, on the Windows freeware side of things there is a cool tool called Sniphere. I sniffed my Internet port and captured someones Yahoo IM session. After the capture I selected one packet of the TCP stream, select decode, and it stripped out all the HEX and showed me the entire conversation in plain ascii. Going a step further, I monitored web traffic using eEye's IRIS. It re-assembles the packets in the stream and re-constructs the entire web page, graphics and everything! I was viewing people's Hotmail Inbox and reading their emails exactly the way they saw it on their screen. The reason why I think this is powerful is it helps you not miss important information. You're seeing the data the way it was meant to be presented (as a web page). Sure, we can set filters in ethereal, search through text, no problem.. But this extra feature is handy.

3) NeoTrace - In the event some idiot is dissin you or pissing you off, or you want to know exactly where something is, just give NeoTrace the IP or DNS and it will traceroute and show you a geographical map of the world and each hop that is taken to get from start to finish. When done, you can get a satellite photo of the location. You can also get a map (like mapquest) of the area in case you want to go kick their ass! lol...j/k

4) Cain and Abel - Great tool for sniffing and sorting out login information of ftp, pop3, telnet, as well as certain encrypted data. If the login info is encrypted, drop it into the cracker tab and there ya go. There is a bunch more useful stuff too. This program is worth it's weight in gold.

5) Brutus and Passware - Not sure if Brutus is on Unix, but it's good for brute forcing a server. Passware actually has the encyption algorithms for tons of Windows apps. Someone at my work forgot the password on their MS Excel spreadsheet which had tons of login accounts for an ftp server they needed to manage. I ran Passware against the spreadsheet file and it gave me the password in a few seconds.

6) Solarwinds - Not really meant as a set of hacking tools, but tons of really useful apps for obtaining cisco passwrds, brute forcing snmp, and has a WAN Killer to saturate a WAN pipe.

7) Microsoft SFU - I installed Microsoft Service for Unix 3.0 (Interix) and I now have a full blown Korn Shell and C Shell on my desktop. It includes 350 open source apps like Vi, gcc, and more. Wow, real Unix on the Windows desktop.

I could go on but my point is that all of these tools are available to me on Windows. I have used them one way or another for testing and research purposes and they work. I really don't know if all these tools have an equivelent on Linux, or maybe these tools are just bells and whistles to most. I'm not trying to say Windows is better than Linux, but a lot of people hate Windows just because they want to. Maybe I am an exception to the rule because I have made Win2k work for me in some way/shape/form different from most. I have taken lots of time to test various tools and hang on to the useful ones. I use FileCrypto for all my important stuff, all the Foundstone tools for my tcp/udp scanning and such, and i have no issues with nmap or netcat on windows.

Another point is for the longest time people slammed my windows shizzle for being GUI. a lot of linux stuff was not gui, now it is. KDE and Gnome are everywhere..unless it's a server, everyone has a gui. So isn't it the same principals then? whether you run kde or gnome, or i run windowblinds or litestep, why does windows get dis-credited for being gui?

another things is microsoft being hungry for $.. we all know they want our money, but so does red hat, suse, sun, hp, ibm, sgi, mandrake, turbo linux, and so on.. so why blame microsoft for being commercial when everyone else is to? do you have any idea how much a crappy sun blade 150 desktop costs with solaris 9? *shrug*

i'm just looking to learn something from all of this..no flame wars plz.. :)

-d

The problem with Microsoft is that they have a monopoly, they try to force people to use their software. Windows might be a slow/resource wasting "thing" but that's because it's 10 times more user friendly than Linux. The goal of windows wasn't to be a super secure OS, but to be much more user friendly. Because of windows using computers is easy. I don't think it's possible for a complete beginner to start working with some *nix huh, so people should watch out on what they say about M$. At least that's my opinion.

I feel that for doing general hacker-ish things (Note: not cracker-ish things), Unix-y systems are much better.

It's not that you *can't* do those things under 'doze, it's just that it would take much longer, you'd have to install a raft of 3rd party utils.

See how many hits you have on x.html in your web server

Code:

---

grep x.html /var/log/httpd/access_log | wc -l

---

I wonder which files in /usr/local are different between box1 and box2?

Code:

---

ls -lR /usr/local >/tmp/x
ssh box2 ls -lR /usr/local > /tmp/y
diff /tmp/x /tmp/y |less

---

I must run some-security-update on boxes 1 to 5

[code]
for boxnum in 1 2 3 4 5; do
scp some-security-update box$boxnum
ssh -l root box$boxnum ~myuser/some-security-update
done
[code]

It's just easier.

I agree with slarty, if you are using windows, you need to download tools for everything, *nix has al those possibilities already built into it.

Slarty, three things:

1. grep, ls, ssh, diff, and scp are all essentially 3rd party apps that just happen to be included in _most_ flavors of UN*X(/like) systems.

2. all of these tools and scripting engines to run them are freely availible for NT (if not actually included).

3. NT can do most of the actions you listed via active directory, which has several advantages over the methods you listed. This does not require every client to run extra services, merely being a domain client is enough (no need to run a terminal server as well). This allows for more network/CPU efficient transfers of things like security updates, especially when dealing with hundreds or thousands of systems. The updates are done at a more timely manner for the client and not forced onto them while the client happens to be using nearly all of their resources to recompile their kernel or whatever it is most UN*X (heh Linux) people typically do. ;)

4. Not only can things like security updates be handled in such a centralized manner, but so can client security policy.

All of this ease of administration got an exclamation point behind it with Win2003.

catch

It all boils down to this: Use what you know and know what to use.

Quote:

---

Originally posted here by catch
[B]Slarty, three things:
1. grep, ls, ssh, diff, and scp are all essentially 3rd party apps that just happen to be included in _most_ flavors of UN*X(/like) systems.

---

No. ssh (which includes scp) is not a standard Unix tool, but the others (grep, ls, diff) are stock Unix programs. They are always included, and they have been for years.

In any case, if I'm running Linux, I will always have ssh. I know this. It is installed by default on most distros (or they ask you during install). I'm only using ssh because the original Unix programs (rsh, rcp) are woefully insecure.

Quote:

---

2. all of these tools and scripting engines to run them are freely availible for NT (if not actually included).

---

Most of the tools are either available for NT or have NT equivalents. This does not, however, mean that they work the same. Nor are they freely available, as you suggested.

Also, you cited the M$ Unix services for NT. This is an expensive product.

There are ssh implementations for NT, but they are all (AFAIK) commercial and cost $$. Additionally you have to set them up. (Note to flamers who mention Putty: Putty is very good and free, but a client only)

Quote:

---

3. NT can do most of the actions you listed via active directory, which has several advantages over the methods you listed. This does not require every client to run extra services, merely being a domain client is enough (no need to run a terminal server as well). This allows for more network/CPU efficient transfers of things like security updates, especially when dealing with hundreds or thousands of systems. The updates are done at a more timely manner for the client and not forced onto them while the client happens to be using nearly all of their resources to recompile their kernel or whatever it is most UN*X (heh Linux) people typically do. ;)

---

No it can't. AD is very good at what it does, but it doesn't do any of the things cited. All it does it centrally maintain users (and can enforce policies, if you're lucky (At my old work, our admin decided we needed a new domain policy, which broke, like 12 web servers. He went on holiday before anybody noticed))

None of the things I stated required any client to run any "extra" services (over ssh, which as I mentioned, is usually standard now)

Quote:

---

4. Not only can things like security updates be handled in such a centralized manner, but so can client security policy.

---

True to some extent. Client "security policy" can be handled centrally, and there are tools to push out automatic updates to *MS* products (but not 3rd party, except antivirus which usually have their own update mechanism)

Quote:

---

All of this ease of administration got an exclamation point behind it with Win2003.

---

Are you being paid by Microsoft?

When Microsoft were trying to port Hotmail to NT (It took them three attempts, but they managed it), they noticed that the main problem was that they couldn't mass automate tasks to the same level, or with as much flexibility. The original system ran on FreeBSD (IIRC), and had heaps of cron jobs, and automated ssh jobs to go around all the boxes maintaining them.

Then ended up using the M$ services for Unix to try to recreate those things, and just about managed. They didn't actually port it to NT, because by the time they'd finished the first two aborted attempts, Win2k was available.

http://www.uk.research.att.com/vnc/
WinVNC. This will solve all of your administrational monitoring needs. Works on damn near all OS's.
Site has very good documentation, and WinVNC is open source.

[QUOTE]
No. ssh (which includes scp) is not a standard Unix tool, but the others (grep, ls, diff) are stock Unix programs. They are always included, and they have been for years.
[quote]
No, as I stated, these are included in _most_ flavors of UN*X, not all.

Quote:

---

In any case, if I'm running Linux, I will always have ssh. I know this. It is installed by default on most distros (or they ask you during install). I'm only using ssh because the original Unix programs (rsh, rcp) are woefully insecure.

---

So you are required to run SSH as well whatever file/print sharing? Extra services, always a plus. ;) And on a local network, for this type of administration an unencrypted protocol would be preferred as it makes it possible to apply intranet content filters and monitoring.

Quote:

---

Most of the tools are either available for NT or have NT equivalents. This does not, however, mean that they work the same. Nor are they freely available, as you suggested.

---

I have used them in demonstrations to people like yourself, they are free and work identical.

Quote:

---

Also, you cited the M$ Unix services for NT. This is an expensive product.

---

I never mentioned SFU and "M$"? Grow up, this just makes you look like another dumb kid.

Quote:

---

There are ssh implementations for NT, but they are all (AFAIK) commercial and cost $$. Additionally you have to set them up. (Note to flamers who mention Putty: Putty is very good and free, but a client only)

---

There are a variety of free SSHDs available for NT, however... as I stated above SSHD would be a poor choice anyhow, AD performs these tasks better locally and remotely via VPN.

Quote:

---

No it can't. AD is very good at what it does, but it doesn't do any of the things cited. All it does it centrally maintain users (and can enforce policies, if you're lucky (At my old work, our admin decided we needed a new domain policy, which broke, like 12 web servers. He went on holiday before anybody noticed))

---

Yes AD can and is typically used for things like client system updates, and just because the company you work for has an awful change control policy isn't NT's fault.

[quote]
None of the things I stated required any client to run any "extra" services (over ssh, which as I mentioned, is usually standard now)
[quote]
SSH is an extra service because UN*X takes two services to do what windows does in one, regardless of it being installed by default on your system or not. Hell many Unices install httpd by default as well, does that mean it isn't extra on client systems?

Also, how often do you see an organization using UN*X servers AND clients? The vast majority of the time your client systems will be NT, which as you pointed out, does not ship with SSH on it by default.

Quote:

---

True to some extent. Client "security policy" can be handled centrally, and there are tools to push out automatic updates to *MS* products (but not 3rd party, except antivirus which usually have their own update mechanism)

---

To some extent? Domain security policies and software rev policies can be made mandatory for all clients.

Quote:

---

Are you being paid by Microsoft?

When Microsoft were trying to port Hotmail to NT (It took them three attempts, but they managed it), they noticed that the main problem was that they couldn't mass automate tasks to the same level, or with as much flexibility. The original system ran on FreeBSD (IIRC), and had heaps of cron jobs, and automated ssh jobs to go around all the boxes maintaining them.

Then ended up using the M$ services for Unix to try to recreate those things, and just about managed. They didn't actually port it to NT, because by the time they'd finished the first two aborted attempts, Win2k was available.

---

Are you being paid by linux? Your the one that thinks all these obfuscated, scripted solutions with a slew of tools is easier that using NT's consolidated domain controls. And how it is somehow better to force updates on the clients at the server's whim. In your script, say you have 10,000 clients that are not 24/7 systems. In NT I can put the update on them in like 5 clicks of the mouse and I deal with all sorts of things like clients that happen to be down at the time, to name one potential issue.
MS had issues with NT4. NT4 has a lot of problems, and although it had security advantages at the time, I still opted for FreeBSD/IRIX in those days. Also don't forget that the hotmail project was a migration the likes never seen before or since, most of their early problems were the result of incomplete planning.
MS added SFU to allow the new 2k systems to interact more seamlessly with the existing SFU architecture. Not because it added some new functionality that was needed. If you read the case study you will note that SFU was phased out once the last of the FreeBSD systems were removed. SFU is mostly handy for allowing eased interaction between UN*X and NT systems as well as giving UN*X users that have transitioned to NT a nice warm cocoon. ;)



In the end, SirDice has a valid point that either system will work and it is mostly down to what you are comfortable with. After extensive expereince with both system types I like NT's way of doing things. Not everyone does, but don't tell me that it is inferior or just plain won't work.

catch

Quote:

---

I never mentioned SFU and "M$"? Grow up, this just makes you look like another dumb kid.

---

Sorry, it was dfusion who cited SFU, and don't call me a dumb kid, Bill Gates' ****-sucking whore.