 Well, hello everybody. I'm Sergio or Flagman. He's Carlos or Richard. We work at TwoSecure as you can see here. Whoa, shit. Well, as you should know, we are here to present Sila. Sila is a tool we made like a couple of years ago. Everything starts like back in 2010. I don't know if you remember what's Hydra, the brute force tool. Well, back in 2010, it doesn't work for Windows. So it was like a pain in the ass to compile it and make it work. I got a lot of friends that were all day begging me to help them to compile it and to make it work there. Well, and I gotta confess, the first version of Sila was just a copy from Hydra. I just took the C++ code and translated it to C sharp. Well, then I got a hack like some Oracle database. So I used in that day like O scanner. And it didn't work with Oracle 11G. I don't know and I didn't even try to know why. So I started coding. Just coding stuff, something like to do the same stuff that O scanner using the Sila score. So if you see later, you will see that the Oracle model is just like the same as O scanner. But I got the idea to make the same with a lot of protocols. Wait a minute. Well, okay, let's contextualize this a bit. When you try to hack something, well, I try to first see what services this error offers, then try to find some vulnerabilities. And if there is something to exploit, I'll exploit it. If not, you gotta try to use a lot of tools and a lot of stuff. And then, I don't know, try to maintain access using some bug or something. Here we can see the normal hacking flows of an ethical hacking flow at the top and down like a normal hacking flow. I don't think you should use like Nexus or something when you are really hacking something. Well, what's that? Use a lot of stuff. You gotta search in Google a lot of tools. Most of security consultants just take out their arsenal. Other people like try to Google for something that works. And I think most of us will try to code something if we can find any tool or something. And that's what CELA came to. Like to try to save us some time. Like finding stuff and I don't know. Well, CELA works in three basic stages. First, preprocessing. It's like stuff you can make without having a real password. This is like getting database names, password policies to tune up, the brute force. Like to make all the attack a little bit more intelligent than the brute force. And after that, when you got an user password, you can make like what I call post-processing. It's more like expanding influence or what. But some stuff that you can do with a password. What we offer. Here a goon told me that it was like bad spelled offers. It's what we offer. Well, CELA tries to be like complete. And it would be even more complete each day. It's reliable. If there is something that you can do here, CELA would do it. And it's fast. It's really, really fast. If you can try with give it to, it makes like 500 passwords per second. There's a useful feature. It's like hacker oriented. Yeah. You won't get information like to present to a manager or something. But you'll get information that would help you to make further attacks. And it got also a really nice important interface where you can have all the results like centralized. It also have anti anti brute force models. As I told you, you got like information to tune up your attack. Also it like process the error messages to like try to see if the user is blocked. So skip it and stuff like that. It integrates with other tools. You can use like FG dump to dump password hashes from Windows servers. And map to try to see which services are on the server. There's a lot of stuff here. Also it got a cool dictionary generator where you can like load a list and make like permutations with those passwords. You already got to make like more complex passwords. And to know it have just support for 14 protocols. Well, I think it's a lot, but we'll try to do even more each day. We also have Sharpey's proxy tool. It's for the attacks when you don't have access to the last machine directly. You don't have connection to the last machine. You have one machine in between. You put in there, start to attack and here's a bouncer on the proxy protocol. Well, in this tool we have a lot of protocols. One of them is H2. It was a big pain in the ass to code build from the scratch version for this implementation. It's very fast. At least 40 tries per second and the worst scenario. And we have a demonstration. Well, it really does a lot of stuff more. I hope you can see this tool working. The source code is open. It's open source. You can download it from here. Code.google.com It's a pain in the ass to compile. Instructions and all that. I don't release the binaries for two reasons. First of all, I don't want everyone to use this tool. Just the people that know how to compile something and would know how to use this tool. And second, because of the dependencies. I really don't try to make this work with all the dependencies it has. You need the Oracle connector and DB2 connector and stuff like that. Well, so here is the demonstration. This is the front panel. This is the session manager where you can pick up the session with your reference on the results that you have for another attacks or last attacks or other attacks. Use a couple of scenarios. You select and we'll start here. Well, our domain is still a window. You can view a host. That is our virtual machine for the presentation. You get passwords in here. And they have three options. The main and basic option is the password. When you test one password, a word is for a list that you have in a way. We just pick a file. That's it. A SQL list where we are prepared. And pick a protocol. And as you can see, in this mode, you have automatic added users. That are the administration users for the protocol. In this case, we have just pick one. Open user interface for command execution. There are a lot of cool options in this mode. In this mode, you have one click on it. Option. Start. And it doesn't work. Yeah. As you can see, we use SQL server to execute commands over the server. First, we try to make good for us and stuff like that. And then you'll see a really nice way where you can execute commands. There's another model that we like to show that is a SQL server. First, we'll show you how to make lists. You can add here as much lists as you want to make more complex stuff. You pick your model. And as you can see, you've got a lot of options here to get information of the remote server. Also the integration with FG dump. And, well, the default users. It's a bit fast, I think. And let's wait until it finds the user. The password. Yeah. We got a password and it's giving us a lot of information. Then it comes FG dump. Don't like the hashes. And then you can see it here. This is a report model where you've got all the information from the users you have and stuff like that. Here you can see the password, the net bios shares, password policies. This is used to make the brute force attack. So if we've got a maximum length or minimum length, we want to try passwords that are less than that length. We've got the services, the network adapters, sessions, well, a lot of stuff. Here is the SQL server report. The user with its password, hashes of all users, databases, the command history. Well, I also want to show you something here. After you hack something, after you hack the database, you've got here something to browse it. It's really useful. Sometimes you've got the password of a DB2 database or something. And you don't have a browser to view the database. Here there's also a very cool option that is to find words from the table names and the column names. Something that I always do is to search for the users or passwords that are in the database for other services. So this would help you to search that. And you've got here the table names that go in there or the column names like those words that you add. Here's the end map integration. You can load a previously scanned host or something and it would filter all the models here, the protocols you can hack. And it would try to help you a bit. What else? Let's say the terminal SSH. This one is very fast. It was like a build from scratch SSH server, SSH clean, sorry. So you can make a really fast attack. This was too small. As you can see, it doesn't like 48 tries per second or more. So this is like the fastest brute force tool for SSH. There's a lot of fancy stuff and things that you can try here. I'll give you again the URL for you to download it. Here it is. Well, there are a lot of options or things you can try. Hope you like this tool. Hope you enjoy it. Sorry if the presentation was too short. And that's all. If you've got any questions, you can buy me a beer or something. If you want the tool or for me to help you to compile it or something, I'll be right here. Well, thank you.