Wednesday, 22 February 2012

Run Firefox inside Firefox

How to run Firefox inside Firefox.?

Yup you can run Firefox inside firefox just by typing following url.

How about Opening Firefox inside Firefox which is again in another Firefox..?
Not bad huh?
And its really easy too just type in this url in Firefox's address bar and there you go!
Firefox inside Firefox!

copy paste following url in a web browser (mozilla firefox).


chrome://browser/content/browser.xul


Following is the screenshot of this trick (firefox in firefox in firefox, which is again in another firefox)-
  
Enhanced by Zemanta

Saturday, 18 February 2012

DOWNLOAD FREE SOFTWARES AND GAMES 100% FREE WITH CRACK


Friday, 17 February 2012

How to download from Sharecash without doing surveys



Downloading from Sharecash might be a nightmare due to their surveys. A new version of the bypasser is online to skip them all!

If you have ever searched on the web things like game cheats, hacks, useful tools, guides and similar, it is likely you faced a screen like the one showed above.
Essence is that you are required to complete a survey to unlock the download.
I hate to generalize, I have nothing against Sharecash uploaders, but issues are numbered:
  • many surveys are paid surveys, like mobile subscriptions etc...
  • free surveys are few and end up not locking the file
  • not all countries are covered with at least 1 survey, so file will never unlock for you if you connect from any of those unlucky Countries

Chances are that:
a. you purchase a Premium Account to download bypassing the surveys.
This is the "legal" way, if you like.
To do this, you just need to click on a random Sharecash file, close the survey window and proceed to the purchase of the relevant package.

b. you use a Sharecash Bypasser tool
I found many on the net so far. The latest that worked for me is available for download HERE.
Good thing with this is that there is no survey associated with this download, it's a mediafire link with an encrypted archive, but password is in clear in the enclosed PDF file and tool is usable for free.

Make sure you read the instructions on the PDF FULLY, or the tool won't work.

There is also a Virus Total Scan Report which shows how the tool is 100% safe.

Enhanced by Zemanta

How to Recover Hacked Facebook Account



Learn How to Get Back Your Hacked Facebook Account

Previously i've been posting how to hack Facebook account using Phishing or Keylogging. These two methods for hacking facebook are very effectively and easy to understand, you don't have to have any additional knowledge to implement them to hack facebook account. That's the reason why these days so many people are falling victims to the hackers, because today anyone with a bit knowledge of computers and programming can be a hacker. Š•specially if you are a newbie and don't know what you're doing, its very easy to get trapped by hackers. So here i will show you some things that can be done to get your Hacked FaceBook Account Back.


How to Get Back Hacked Facebook Account

1. First of all you can try resetting your account password on facebook. But this could help only in rare cases, because most hackers are intelligent and they surely will have changed the default email address. But if some body have accidentally (though the chances are extremely narrow) logged into your account and has changed only the password of your facebook account, this might help you in recovering your account password and gain access to your compromised account.

2. But things get much more worse when the hacker changes the email address in your FaceBook Account. You’ll no longer be able to reset the account password and gain access to the account.

But there is a way.

FaceBook provides a contact page for you to help you to in recovering the hacked account .

Visit http://www.facebook.com/help/contact.php?show_form=account_compromised
Inside the contact Form You need to Fill in the Following Details Correctly.

Full name on the account:


Enter the Full Name as you have given in Your FaceBook Account.

Network(s) the account belongs to:

Enter the names of the networks you have joined. Include as many as possible.

Email addresses that may be affiliated with the account:


This is the email address you used as username to login to facebook.

Your contact email address:

Enter a email address you can be contacted by facebook. They will contact you regarding this issue.

URL (web address link) of the profile page:

Give the link to your facebook profile address.

Description and steps to reproduce the issue:

Provide as much as information in here regarding how your facebook account was hacked etc. It is recommended to include the time and date when you were able to access your account for the last time.

3. Tthe best way to prevent this is to make a new account! Thats the easiest way, but you loose a bunch of stuff.

If you dont want to go the easy way you can:

1. Change FB security question
2. Change email password
3. Change FB Password
4. Change email security question.

The hacker can use one account to go to another and eventually get more and more information that can steal info. (credit, idenity, etc.)


Hope this tutorial helped you. Good luck ;) 

Enhanced by Zemanta

How to disable Right click on Desktop



This tweak removes the context menu that would normally appear when the user right clicks on the desktop or in the Explorer right results.

Previously I posted a tutorial How to disable "Turn off Computer" button on start menu. In this post i want to show you how to disable the right click functionality on desktop and explorer by using a simple registry hack. The bad thing is that people can still drag files and folders and drop them everywhere but it does provide some level of protection.

Lets start:

To use this feature, you will need to be logged into your computer with administrative rights.

1. Go to Start > Run > type REGEDIT and hit enter. Navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer


2. Here in right side panel, right click to create a new DWORD value with the name NoViewContextMenu (it is case sensitive), then assign number 1 in value data box.


Adding the registry tweak above will disable mouse right click for ALL users. If you only want to disable for the current logged in user, you should add the registry tweak to HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE.

How to make an undeletable folder




Learn how to make an undeletable folder. You can protect your important folders by making them undeletable.

Sometimes happens that someone is deleting a folder, which is very important to you. If you would like to avoid anything similar happening in future, you can protect your important folders by making them undeletable. Here i'll show you simple tutorial, which can help you.

1. Open cmd ( Type in Run option, the command 'cmd' or navigate to All Programs->Accessories-> Command Prompt)


2. In cmd change to the directory that you want ( you can use the commands " cd..." to exit the curent folder and "E:" for example to change from your current drive to E drive.

3. Type md \lpt1\\ and press enter, the folder now will be in your E:



4. If you try to delete or rename it, it will appear error message


5. If you want to delete it just go to 'cmd', navigate to the directory and type rd \lpt1\\ and press Enter.

How to Change Your IP Address and Surf The Web Anonymously



Download Invisible IP Map to surf anonymously in internet. Hide your IP and encrypt your connection.

Previously i've posted "How to find the IP address of the email sender in Yahoo! Mail" and "How to Track the location of an IP address". In this article i'm going to show you a software, Invisible IP Map, that can make you be "anywhere" in world. People that hack sites will need this small baby to help em on the way. This tool will put you in selected location all around the world XD.

Invisible IP Map is user-friendly software that masks your real location. Every computer that is connected to the Internet has its own IP address which could easily be located on a map. This program will help you show yourself like you are surfing from another place on the planet.


Product Information:

This is a Mask IP software which is used to change your real Internet address while browsing. The software will deliver you fresh anonymous proxy servers every time you decide to click on "Get IP Locations". The main benefit of this software is that you can't be traced when browsing websites. Also if a website is restricted for users from specified country the program can bypass that protection. By hiding your IP you will prevent receiving spam from marketers which know your interests by tracking your IP when browsing websites. You can use web based e-mail to send anonymous e-mail. Post on bulletin boards without displaying your real IP address.

Main Screens:



  • Map Menu: This is they key part of the software. Here you can change your IP address, retreive IP locations, get information about your IP location or the location of the other server. In addition, you can recheck the servers.
  • IP Information: This screen will give you all the information about your IP and the remote IP. You can see information such as city, region, country, distance between you and the remote server, server type, timeout etc.
  • Custom proxy checker: The proxy checker is specially designed for those of you who have own proxy lists. You can add them to the checker and check whether they are working.
  • VIP Servers: This is optional add-on for Invisible IP Map software. The VIP servers will give you a high-speed internet access with 128 Bit SSL encryption.

Download Invisible IP Map

How To Activate :

1. Replace the original "Options.ini" in the program files folder with the one in the RAR (downloaded one ) and then open the program again. Don't use the details in the ini.


2. After doing that here are the results:


Serial Number for Invisible IP Map:

NAME: SIR_WILLIAMZ
EMAIL: SIRWILLIAMZ@YAHOO.CA
SERIAL: 00822631340408026

This is a very great software and i recommend you to try it. Enjoy :) 

Enhanced by Zemanta

How to Remove Attribution Widget on Blogger



If you're using a template by Blogger's Template Designer, most of them have an attribution widget at the bottom of the blog.

Take a look and it's something like this...

blogger attribution widget

You're able to modify only the "Copyright" statement from the widget.

If you want to remove this Attribution widget at Design > Page Elements, you see that it can be edited...

blogger attribution widget

But unlike the other normal widgets, you won't be able to remove the Attribution widget because it doesn't have a "Remove" button.

blogger attribution widget

If you insist on removing the widget, here are the steps to remove the attribution widget on Blogger. It's pretty easy and understandable.

1) First, go to Design > Edit HTML > Tick "Expand Widget Templates". Search for the word "attribution".

blogger attribution widget

2) When you see the Attribution widget code (refer to image above), change the "true" on locked to "false".

3) Go back to Design > Page Elements.

blogger attribution widget

4) Since the lock function is disabled (by changing the code to "false"), it's movable and can be removed as well. Click on "Edit" on the Attribution element.

5) And now with the "Remove" button available, you can finally remove the Attribution widget for good.

blogger attribution widget

Done! 

Enhanced by Zemanta

How To Remove Blogger Navbar




Assalaam-O-Alaikum Dear Reader's. Today's Our Topic Is "How To Remove Blogger Navbar". Hope You Will Like... May Be Everyone Hate This Bar That Appears On Every Blog. I Too Hate. This Navbar Appears, If You Use Blogger Templates Created By Blogger. If You Use Another Templates. Then This Bar Will Not Appear. Blogger Navbar Is About Between 45-55 Pixles In Height And Stretches Across The Complete Broadness Of The Web Browser Window. Now Start Our Today's Work.

Remove Blogger NavBar

1. Go To Your Blog's Dashboard
2. Click On Design And Then Click On Edit Html Sub Tab.
3. Now Copy The Line Below:

    #navbar-iframe { display: none !important;}    

4. Paste The Above Line Like Shown Below:
5. Now Save Template.
what you saw???
enjoy.

Enhanced by Zemanta

How To Hack a Website



Hacking a website or its member section
First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier.
Defacing
You can deface the site through telnet or your browser by running remote commands on an old or misconfigured server, the hard thing to do is find an old server , maybe a network of a school or university would do,get a CGI BUG searcher.This program will scan ranges of IPs for web-servers and will scan them for known bugs in their cgis or other bugs and holes.You can learn how to exploite a certain hole by adding in yahoo the name of the bug/hole and the word exploit,search for “cmd.exe exploit”.There are more than 700 holes that many servers might have! You can also deface a website by finding the ftp password and just browse through the sites ftp and replace the index.htm.You do that with the :
Brute force
To do that you need a brute forcer or brute force attacker and some word lists,the brute forcer sends multiple user/pass requests of words that picks up from namelists and tries to hack the account untill it does! So lets say imagine a porn site that asks for a password , you go there you copy their address , you add the address in a program called brute forcer and then from the brute forcer you choose a text file with names to be used as usernames and a text with names to be used as passwords,the brute forcer will try untill it finds a correct user/pass This should be easier for the newbies than exploiting cgi bugs , many of the newbies havent even heard of it i hope i didnt confuse you with this tutorial there might be more tuts about web hacking and cgi bugs and such.Till then try to find the way to cgi bugs yourself with the cgi scanners in the Web Hacks section or download a brute forcer to crack accounts.

Enhanced by Zemanta

Steps To Deface A Webpage (About Defacers)



First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apoligize. It is pretty simple when you think that defacing is just replacing a file on a computer. Now, finding the exploit in the first place, that takes skill, that takes knowledge, that is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. (it is only right to put up some kind of warning. now go have fun ;)

This tutorial will be broken down into 3 main sections, they are as followed:
1. Finding Vuln Hosts.
2. Getting In.
3. Covering Your Tracks

It really is easy, and I will show you how easy it is.

1. Finding Vuln Hosts
This section needs to be further broken down into two catigories of script kiddies: ones who scan the net for a host that is vuln to a certain exploit and ones who search a certain site for any exploit. The ones you see on alldas are the first kind, they scan thousands of sites for a specific exploit. They do not care who they hack, anyone will do. They have no set target and not much of a purpose. In my opinion these people should either have a cause behind what they are doing, ie. "I make sure people keep up to date with security, I am a messanger" or "I am spreading a political message, I use defacments to get media attention". People who deface to get famous or to show off their skills need to grow up and relize there is a better way of going about this (not that I support the ones with other reasons ether). Anyways, the two kinds and what you need to know about them:

Scanning Script Kiddie: You need to know what signs of the hole are, is it a service? A certain OS? A CGI file? How can you tell if they are vuln? What version(s) are vuln? You need to know how to search the net to find targets which are running whatever is vuln. Use altavista.com or google.com for web based exploits. Using a script to scan ip ranges for a certain port that runs the vuln service. Or using netcraft.com to find out what kind of server they are running and what extras it runs (frontpage, php, etc..) nmap and other port scanners allow quick scans of thousands of ips for open ports. This is a favorate technique of those guys you see with mass hacks on alldas.

Targetted Site Script Kiddie: More respectable then the script kiddies who hack any old site. The main step here is gathering as much information about a site as possible. Find out what OS they run at netcraft or by using: telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they run by doing a port scan. Find out the specifics on the services by telnetting to them. Find any cgi script, or other files which could allow access to the server if exploited by checking /cgi /cgi-bin and browsing around the site (remember to index browse)

Wasn't so hard to get the info was it? It may take awhile, but go through the site slowly and get all the information you can.

2. Getting In
Now that we got the info on the site we can find the exploit(s) we can use to get access. If you were a scanning script kiddie you would know the exploit ahead of time. A couple of great places to look for exploits are Security Focus and packetstorm. Once you get the exploit check and make sure that the exploit is for the same version as the service, OS, script, etc.. Exploits mainly come in two languages, the most used are C and perl. Perl scripts will end in .pl or .cgi, while C will end in .c To compile a C file (on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. If it is not a script it might be a very simple exploit, or just a theory of a possible exploit. Just do alittle research into how to use it. Another thing you need to check is weither the exploit is remote or local. If it is local you must have an account or physical access to the computer. If it is remote you can do it over a network (internet).

Don't go compiling exploits just yet, there is one more important thing you need to know

Covering Your Tracks
So by now you have gotten the info on the host inorder to find an exploit that will allow you to get access. So why not do it? The problem with covering your tracks isn't that it is hard, rather that it is unpredictable. just because you killed the sys logging doesn't mean that they don't have another logger or IDS running somewhere else. (even on another box). Since most script kiddies don't know the skill of the admin they are targetting they have no way of knowing if they have additional loggers or what. Instead the script kiddie makes it very hard (next to impossible) for the admin to track them down. Many use a stolden or second isp account to begin with, so even if they get tracked they won't get caught. If you don't have the luxery of this then you MUST use multiple wingates, shell accounts, or trojans to bounce off of. Linking them together will make it very hard for someone to track you down. Logs on the wingates and shells will most likely be erased after like 2-7 days. That is if logs are kept at all. It is hard enough to even get ahold of one admin in a week, let alone further tracking the script kiddie down to the next wingate or shell and then getting ahold of that admin all before the logs of any are erased. And it is rare for an admin to even notice an attack, even a smaller percent will actively pursue the attacker at all and will just secure their box and forget it ever happend. For the sake of arugment lets just say if you use wingates and shells, don't do anything to piss the admin off too much (which will get them to call authoritizes or try to track you down) and you deleting logs you will be safe. So how do you do it?

We will keep this very short and too the point, so we'll need to get a few wingates. Wingates by nature tend to change IPs or shutdown all the time, so you need an updated list or program to scan the net for them. You can get a list of wingates that is well updated at http://www.cyberarmy.../lists/wingate/ and you can also get a program called winscan there. Now lets say we have 3 wingates:

212.96.195.33 port 23
202.134.244.215 port 1080
203.87.131.9 port 23

to use them we go to telnet and connect to them on port 23. we should get a responce like this:

CSM Proxy Server >

to connect to the next wingate we just type in it's ip:port

CSM Proxy Server >202.134.244.215:1080
If you get an error it is most likely to be that the proxy you are trying to connect to isn't up, or that you need to login to the proxy. If all goes well you will get the 3 chained together and have a shell account you are able to connect to. Once you are in your shell account you can link shells together by:

[j00@server j00]$ ssh 212.23.53.74

You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible.

SDF (freeshell.org) - http://sdf.lonestar.org
GREX (cyberspace.org) - http://www.grex.org
NYX - http://www.nxy.net
ShellYeah - http://www.shellyeah.org
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net
DucTape - http://www.ductape.net
Free.Net.Pl (Polish server) - http://www.free.net.pl
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com
CORONUS - http://www.coronus.com
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net
flame.org - http://www.flame.org
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org
takiweb - http://www.takiweb.com
FreePort - http://freeport.xenos.net
BSDSHELL - http://free.bsdshell.net
ROOTshell.be - http://www.rootshell.be
shellasylum.com - http://www.shellasylum.com
Daforest - http://www.daforest.org
FreedomShell.com - http://www.freedomshell.com
LuxAdmin - http://www.luxadmin.org
shellweb - http://shellweb.net
blekko - http://blekko.net

once you get on your last shell you can compile the exploit, and you should be safe from being tracked. But lets be even more sure and delete the evidence that we were there.

Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automaticly delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions.

[root@hacked root]# ps -def | grep syslogd
[root@hacked root]# kill -9 pid_of_syslogd

in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd.

[root@hacked root]# ps -def | grep klogd
[root@hacked root]# kill -9 pid_of_klogd

Same thing happening here with klogd as we did with syslogd.

now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Lets say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just delete them. The reason we are appending them is so that the admin will not even know a break in has accurd. I'll go over the main reasons people break into a box:


To deface the website. - this is really lame, since it has no point and just damages the system.


To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an ethernet network then you can even sniff packets (which contain passwords) that are destine to any box in that segment.


To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you comprimised him once you start sending hundreds of MBs through his connection.


To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a rootshell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell.


To get sensitive info. - some corperate boxes have alot of valueable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have.


To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box.


I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history
These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3.

utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print

A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have a log cleaning script, and once you installed it logs are not kept of you anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, just delete them, nt admins most likely don't check them or don't know what it means if they are deleted.

One final thing about covering your tracks, I won't go to into detail about this because it would require a tutorial all to itself. I am talking about rootkits. What are rootkits? They are a very widely used tool used to cover your tracks once you get into a box. They will make staying hidden painfree and very easy. What they do is replace the binaries like login, ps, and who to not show your presence, ever. They will allow you to login without a password, without being logged by wtmp or lastlog and without even being in the /etc/passwd file. They also make commands like ps not show your processes, so no one knows what programs you are running. They send out fake reports on netstat, ls, and w so that everything looks the way it normally would, except anything you do is missing. But there are some flaws in rootkits, for one some commands produce strange effects because the binary was not made correctly. They also leave fingerprints (ways to tell that the file is from a rootkit). Only smart/good admins check for rootkits, so this isn't the biggest threat, but it should be concidered. Rootkits that come with a LKM (loadable kernel module) are usually the best as they can pretty much make you totally invisible to all others and most admins wouldn't be able to tell they were comprimised.

In writting this tutorial I have mixed feelings. I do not want more script kiddies out their scanning hundreds of sites for the next exploit. And I don't want my name on any shouts. I rather would like to have people say "mmm, that defacing crap is pretty lame" especially when people with no lives scan for exploits everyday just to get their name on a site for a few minutes. I feel alot of people are learning everything but what they need to know inorder to break into boxes. Maybe this tutorial cut to the chase alittle and helps people with some knowledge see how simple it is and hopefully make them see that getting into a system is not all it's hyped up to be. It is not by any means a full guide, I did not cover alot of things. I hope admins found this tutorial helpful aswell, learning that no matter what site you run you should always keep on top of the latest exploits and patch them. Protect yourself with IDS and try finding holes on your own system (both with vuln scanners and by hand). Also setting up an external box to log is not a bad idea. Admins should have also seen alittle bit into the mind of a script kiddie and learned a few things he does.. this should help you catch one if they break into your systems.

On one final note, defacing is lame. I know many people who have defaced in the past and regret it now. You will be labeled a script kiddie and a lamer for a long, long time. 

Enhanced by Zemanta

Thursday, 16 February 2012

-: Password Hacking :



Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.


2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.


Check Your Password Strength



3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Enhanced by Zemanta

-: Windows-XP Password Cracking :-



Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.
First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.

Make sure that you have disabled the antivirus/firewall running on your system before installing and throughout this process.

Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".

Brute-Force:- As this techniques takes more time to complete, the attacker prefer this technique only when there is a hope that the password contain same type of characters or may be two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should contain less than 7 characters. Otherwise it takes more time to crack password, which may be the mixture of all types of characters along with special symbols.
The step-by-step explaination for this technique is given below-

1) Open the tool "Cain and Abel"  



2) Go into the category "Cracker"     it displays all sub-categories under "Cracker" in left panel.


3) Select "LM & NTLM Hashes" from left panel and then click on     symbol, you will be greeted by a window as shown.


4) Check "import hashes from local system" and then click "Next". This shows all the active accounts on local system like administrator, guest, etc. along with LM and NT hashed values of their respective passwords, as shown below.


5) Right clicking on any username shows all available options using which we can crack it's password.


6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM hashes to store local users' passwords.

7) You will be greeted by a window where you can modify properties for brute-force attack such as password length, character set, etc.


8) Click on "Start" button.

9) On completion it will reveal the exact password.

  

ryptanalisys :- Basically, Cryptanalisys means Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.
This is the fastest technique of password cracking possible due to "Rainbow Tables".
A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for an algorithm that does not usually permit this operation.
Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.e brute-force). The steps coming after that are as follows-

5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables". Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are available free to download on internet.
Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can also create at own just by downloading rainbow table generator (winrtgen.zip of 181KB) free download at "http://www.oxid.it/downloads/winrtgen.zip"


6) Click on "Add Table"


7) Browse for the location of rainbow table on your system, select proper table and click "open".


8) Select the loaded table and then click on "Start" button.


9) On completetion it will show the exact password.


To learn windows password cracking techniques properly, one must understand "LM" & "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow Tables, etc.......!

Enhanced by Zemanta