Tools

This is the alpha release of the first public version of the DbgPlus extension. We call it alpha because it still contains a few minor glitches and bugs, as well as 'non-functional' points of improvement (such as performance). It is a 1.0 version, though, in the sense that it displays the feature set desired for this first release and it is, in fact, a hundred percent usable.

Although DbgPlus was born from hackish code created to aid vulnerability analysis, one can say its features are generic enough to make it useful for general-purpose debugging as well. Below, we describe its functionalities in brief:

[1] Remote call - This feature makes it possible to execute a call to a function in the debuggee address space and see the return value. Unlike windbg's '.call' meta-command, we are able to call a function even without symbol information. In fact, the user can call a function just by specifying its address. Furthermore, unlike Skywing's excellent extension, SDbgExt [*] (which contains a similar functionality), we execute the call without needing the user to resume the execution of the process itself, making it perfect

This small utility should be used to aid dictionary-based attacks against pass{word,phrase} security. That is, it can be used to feed any password cracking software with specially targeted guesses of what the password might be. The concept behind this tool is that, instead of using general-purpose wordlists (such as a language dictionary or dictionary of computer terminology), one should be able to build a specially crafted wordlist that increases the chances of guessing a given password of a given individual. So, you basically input a few strings that you think have _HIGH_ probability of forming the password in question, and this program will output a list with every possible combination of theses strings. Featured is also the exploration of (upper/lower)-case variations and use of 'l33t 5p34k'. The link for this file has both the executable files for Win32 systems as well of the source code. Next versions will entail new features like phonetic and radical permutations, as well of switches for controlling permutations types (like "--no-leet-speak") so stay tuned!