Website: http://airpwn.sourceforge.net
domingo, 26 de abril de 2020
Airpwn: A Wireless Packet Injector
Cain And Abel
"Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users." read more...
sábado, 25 de abril de 2020
Web Hacking Video Series #4 MySQL Part 2 (Injection And Coding)
- Setting up your victim application, databases and lab
- Attacking a simple injection with information Schema
- Automating your injections with python and beautiful soup
- Dealing with various web encoding in Python and PHP
- Bypassing LoadFile Size restrictions and automating it
- Decrypting sensitive data via PHP and Python interactions
- As always me rambling about stupid nonsense :P FTW
Part 2 of Mysql covers the topic of injecting a simple SQL injection example. Starts out slow then combines techniques and moves into more advanced topics. Prior to attempting this lesson make sure you have watched the videos in the previous blog or understand both SQL and basic python coding. I will show how to automate the injection process via python utilizing simple HTML processing abilities of beautiful soup. I will cover many python libraries for encoding data and calling web based applications. I also talk about how to deal with encrypted data and methods of enumerating files and folders looking for possible implementation issues and attack points to decrypt sensitive data via PHP/Python interaction with whats available on the server. This is the 2nd part of a 3 part series on MySQL for attacking web applications.
BT5
Recoding PHP applications to fix SQLi
Related links
System Hacking: Password Cracking Techniques And Types Of Passwords
This blog based on two major concepts:
- Understand password-cracking techniques
- Understand different types of passwords
The simplest way to crack the passwords
The first step is to access the system is that you should know how to crack the password of the target system. Passwords are the key element of information require to access the system, and users also selects passwords that are easy to guess such as mostly people has a passwords of their pet's name or room number etc to help them remember it. Because of this human factor, most password guessing is successful if some information is known about the target. Information gathering and reconnaissance can help give away information that will help a hacker guess a user's password.Once a password is guessed or cracked, it can be the launching point for escalating privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.
Types of Passwords
- Only numbers
- Only letters
- Only special characters
- Letters and numbers
- Only letters and special characters
- Numbers, letters and special characters
- Must not contain any part of the user's account name
- Must have a minimum of eight characters
- Must contain characters from at least three of the following categories:
- Non alphanumeric symbols ($,:"%@!#)
- Numbers
- Uppercase letters
- Lowercase letters
Passive Online
Eavesdropping on network password exchanges. Passive online attacksinclude sniffing, man-in-the-middle, and replay attacks. Moreover, a passive online attack is also known as sniffing the password on a wired or wireless network. A passive attack is not detectable to the end user. The password is captured during the authentication process and can then be compared against a dictionary file or word list. User account passwords are commonly hashed or encrypted when sent on the network to prevent unauthorized access and use. If the password is protected by encryption or hashing, special tools in the hacker's toolkit can be used to break the algorithm.
Another passive online attack is known as man-in-the-middle (MITM). In a MITM attack, the hacker intercepts the authentication request and forwards it to the server. By inserting a sniffer between the client and the server, the hacker is able to sniff both connections and capture passwords in the process.
A replay attack is also a passive online attack; it occurs when the hacker intercepts the password en route to the authentication server and then captures and resend the authentication packets for later authentication. In this manner, the hacker doesn't have to break the password or learn the password through MITM but rather captures the password and reuses the password-authentication packets later to authenticate as the client.
Active Online
Guessing the Administrator password. Active online attacks include auto-mated password guessing. Moreover, The easiest way to gain administrator-level access to a system is to guess a simple password assuming the administrator used a simple password. Password guessing is an active online attack. It relies on the human factor involved in password creation and only works on weak
passwords.
Assuming that the NetBIOS TCP 139 port is open, the most effective method of breaking into a Windows NT or Windows 2000 system is password guessing. This is done by attempting to connect to an enumerated share ( IPC$ or C$ ) and trying a username and password combination. The most commonly used Administrator account and password combinations are words like Admin, Administrator, Sysadmin, or Password, or a null password.
A hacker may first try to connect to a default Admin$ , C$ , or C:\Windows share. To connect to the hidden C: drive share, for example, type the following command in the Run field (Start ➪ Run):
\\ip_address\c$
Automated programs can quickly generate dictionary files, word lists, or every possible combination of letters, numbers, and special characters and then attempt to log on using those credentials. Most systems prevent this type of attack by setting a maximum number of login attempts on a system before the account is locked.
In the following sections, we'll discuss how hackers can perform automated password guessing more closely, as well as countermeasures to such attacks.
Performing Automated Password Guessing
To speed up the guessing of a password, hackers use automated tools. An easy process for automating password guessing is to use the Windows shell commands based on the standard NET USE syntax. To create a simple automated password-guessing script, perform the following steps:- Create a simple username and password file using Windows Notepad. Automated tools such as the Dictionary Generator are available to create this word list. Save the file on the C: drive as credentials.txt.
- Pipe this file using the FOR command: C:\> FOR /F "token=1, 2*" %i in (credentials.txt)
- Type net use \\targetIP\IPC$ %i /u: %j to use the credentials.txt file to attempt to log on to the target system's hidden share.
Offline Attacks
Offline attacks are performed from a location other than the actual computer where the passwords reside or were used. Offline attacks usually require physical access to the computer and copying the password file from the system onto removable media. The hacker then takes the file to another computer to perform the cracking. Several types of offline password attacks exist.Types of Attack | Characteristics | Password Example |
---|---|---|
Dictionary attack | Attempts to use passwords from a list of dictionary words | Administrator |
Hybrid attack | Substitutes numbers of symbols for password characters | Adm1n1strator |
Brute-force attack | Tries all possible combinations of letters, numbers, and special characters | Ms!tr245@F5a |
A dictionary attack is the simplest and quickest type of attack. It's used to identify a password that is an actual word, which can be found in a dictionary. Most commonly, the attack uses a dictionary file of possible words, which is hashed using the same algorithm used by the authentication process. Then, the hashed dictionary words are compared with hashed passwords as the user logs on, or with passwords stored in a file on the server. The dictionary attack works only if the password is an actual dictionary word; therefore, this type of attack has some limitations. It can't be used against strong passwords containing numbers or other symbols.
A hybrid attack is the next level of attack a hacker attempts if the password can't be found using a dictionary attack. The hybrid attack starts with a dictionary file and substitutes numbers and symbols for characters in the password. For example, many users add the number 1 to the end of their password to meet strong password requirements. A hybrid attack is designed to find those types of anomalies in passwords.
The most time-consuming type of attack is a brute-force attack, which tries every possible combination of uppercase and lowercase letters, numbers, and symbols. A brute-force attack is the slowest of the three types of attacks because of the many possible combinations of characters in the password. However, brute force is effective; given enough time and processing power, all passwords can eventually be identified.
More articles
How To Start | How To Become An Ethical Hacker
- Have No Experience With Cybersecurity (Ethical Hacking)
- Have Limited Experience.
- Those That Just Can't Get A Break
- What is hacking?
There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.
- Skills required to become ethical hacker.
- Curosity anf exploration
- Operating System
- Fundamentals of Networking
More info
Vlang Binary Debugging
https://vlang.io/
After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.
The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.
Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.
Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"
Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.
Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.
The string structure is quite simple and it's plenty of implemented methods.
With F8 we can step over the code as we were in ollydbg on linux.
Note the rip marker sliding into the code.
We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.
If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.
- tos(string, len)
- tos2(byteptr)
- tos3(charptr)
In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.
In visual mode "V" we can see previous instructions to figure out the arguments and state.
We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:
Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.
When it reach the substr, we can see the parameters with "tab" command.
Looking the implementation the radare parameter calculation is quite exact.
Let's check the param values:
so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.
More articles
viernes, 24 de abril de 2020
Exploit-Me
Website: http://securitycompass.com/exploitme.shtml
More information
miércoles, 22 de abril de 2020
USE OF CRYPTOGRAPHY IN HACKING
The process of transforming information into nonhuman readable form or vice versa is called cryptography.
Cryptography is the science of ciphering and deciphering messages.
OR
Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.
In Computer Science, cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.
Information plays a vital role in running of business and organizations etc, information in the wrong hands can leads to loss of business.
To secure communication organizations use cryptology to cipher information .
Related links
Osueta: A Simple Python Script To Exploit The OpenSSH User Enumeration Timing Attack
About Osueta?
Osueta it's a simple Python 2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions <= 7.2 and >= 5.*. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DoS condition in the OpenSSH server.
Read more: OpenSSH User Enumeration Time-Based Attack
The bug was corrected in OpenSSH version 7.3.
Authors of Osueta:
- c0r3dump3d: coredump@autistici.org
- rofen: rofen@gmx.de
Osueta's Installation
For Linux users, open your Terminal and enter these commands:
If you're Windows users, follow these steps:
- Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
- Download Osueta-master zip file.
- Then unzip it.
- Open CMD or PowerShell window at the Osueta folder you have just unzipped and enter these commands:
pip install python-nmap paramiko IPy
python osueta.py -h
Advice: Like others offensive tools, the authors disclaims all responsibility in the use of this script.
Osueta help menu:
Osueta's examples:
A single user enumeration attempt with username variations:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes
A single user enumeration attempt with no user variations a DoS attack:
python2 osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v no --dos yes
Scanning a C class network with only one user:
python2 osueta.py -H 192.168.1.0/24 -p 22 -U root -v no
Scanning a C class network with usernames from a file, delay time 15 seconds and a password of 50000 characters:
python2 osueta.py -H 192.168.1.0/24 -p 22 -L usernames.txt -v yes -d 15 -l 50
More articles
The Incident Response Challenge 2020 — Win $5,000 Prize!
via The Hacker News
More information
Top Users Command In Linux Operating System With Descriptive Definitions
Linux is a command line interface and has a graphical interface as well. But the only thing we should know how we interact with Linux tools and applications with the help of command line. This is the basic thing of Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well.
In this blog you will get a content about commands of Linux which are collectively related to the system users. That means if you wanna know any kind of information about the users of the system like username passwords and many more.
id
The "id" command is used in Linux operating system for the sake of getting knowledge about active user id with login and group. There may be different users and you wanna get a particular id of the user who is active at that time so for this you just have to type this command over the terminal.last
The "last" command is used in Linux operating system to show the information about the last logins on the system. If you forget by which user id you have logged in at last time. So for this information you can search login detail by using this command.who
The "who" command is used in Linux distributions to display the information about the current user which a an active profile over the Linux operating system. If you are in the system and you don't know about that active user and suddenly you have to know about that user detail so you can get the info by using this command.groupadd
The "groupadd admin" is the command which is used in Linux operating system to add a group in the Linux system to gave the privileges to that group.useradd
The "useradd" command is used in Linux operating system to add user or users to a specific group. If you wanna add a user name Umer so for this matter you just have to write a command i.e. useradd -c "Umer".userdel
The "userdel" command is used in Linux operating system for the purpose to delete any user or users from the particular group present in the linux operating system. For example "userdel Umer" this command will delete the user named Umer.adduser
The "adduser" command is a simple command used to create directly any user in the system. There is no need to make a group for this. You just have to type the command with user name like adduser Umer, it will created a user by name Umer.usermod
The "usermod" is a command used in Linux operating system to modify the information of any particular user. You can edit or delete information of any particular user in the Linux operating system.More info
lunes, 20 de abril de 2020
wpCrack - Wordpress Hash Cracker
More articles
- Hacker Tools 2020
- Tools 4 Hack
- Pentest Tools Tcp Port Scanner
- Pentest Tools Free
- Computer Hacker
- Hack Tools For Windows
- Hack Tools For Games
- Hacker Tool Kit
- Hacking Tools For Games
- Physical Pentest Tools
- Hacking Tools 2019
- Pentest Recon Tools
- Hacking Tools Free Download
- Hacking Tools For Windows
- Physical Pentest Tools
- Tools For Hacker
- Hacks And Tools
- Pentest Tools List
- New Hack Tools
- Hack Tool Apk No Root
- Hacking Tools 2019
- Hack Rom Tools
- Hacking Tools For Beginners
- How To Make Hacking Tools
- Hacker Security Tools
RECONNAISSANCE IN ETHICAL HACKING
This is the primary phase of hacking where the hacker tries to collect as much information as possible about the target.It includes identifying the target ip address range,network,domain,mail server records etc.
They are of two types-
Active Reconnaissance
Passive Reconnaissance
1-Active Reconnaissance-It the process from which we directly interact with the computer system to gain information. This information can be relevant and accurate but there is a risk of getting detected if you are planning active reconnaissance without permission.if you are detected then the administration will take the severe action action against you it may be jail!
Passive Reconnaissance-In this process you will not be directly connected to a computer system.This process is used to gather essential information without ever interacting with the target system.
- Pentest Tools Url Fuzzer
- Pentest Tools Alternative
- Pentest Tools Alternative
- Hacker Tools 2019
- Wifi Hacker Tools For Windows
- Pentest Tools Kali Linux
- Pentest Box Tools Download
- Hak5 Tools
- Hack Tools Online
- Hacking Tools For Windows
- Hacker Tool Kit
- Pentest Tools For Android
- Pentest Tools Open Source
- Hacking Tools Name
- Hacker Hardware Tools
- Nsa Hack Tools
- Hacking App
- Hacking Tools For Mac
DOWNLOAD SQLI HUNTER V1.2 – SQL INJECTION TOOL
FEATURES
– Url List can be Imported / Exported
– The setting for connection timeout
– Proxy Settings
DOWNLOAD SQLI HUNTER V1.2
Continue reading
- Pentest Tools Tcp Port Scanner
- Hackers Toolbox
- Hacker Tools For Windows
- Hacking Tools Pc
- Pentest Recon Tools
- Hacking Tools Download
- Pentest Tools Github
- Hacker Tools Online
- Hack Tools Github
- Growth Hacker Tools
- Pentest Tools Linux
- Blackhat Hacker Tools
- Underground Hacker Sites
- Hacker Tools 2019
- Pentest Tools For Mac
- Pentest Box Tools Download
- Hacker Tool Kit
- Tools 4 Hack
- Blackhat Hacker Tools
- Pentest Reporting Tools
- How To Make Hacking Tools
- Hack Tools 2019
- Hacker Tools Hardware
- How To Make Hacking Tools
- Hacking Tools Pc
BurpSuite Introduction & Installation
What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.
In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.
Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.
BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.
Requirements and assumptions:
Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed
Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.
on for Firefox from https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.
Video for setup and installation.
You need to install compatible version of java , So that you can run BurpSuite.
Related links
- Hacking Tools Windows 10
- Hacking Tools For Games
- Kik Hack Tools
- Hack And Tools
- Pentest Tools Windows
- Hack Tool Apk
- Pentest Tools For Mac
- Pentest Tools Tcp Port Scanner
- Pentest Tools Port Scanner
- Pentest Tools Android
- Hacking Tools Hardware
- What Are Hacking Tools
- Hacking Tools For Beginners
- Hack Rom Tools
- Hacker Tools 2019
W3AF
Related posts
- Hack Tool Apk No Root
- Hacking Tools 2019
- Hacker Tools 2020
- Pentest Tools Framework
- Black Hat Hacker Tools
- Hacking Tools 2020
- Hack Tools For Ubuntu
- Ethical Hacker Tools
- Computer Hacker
- Hacker Tools Linux
- New Hacker Tools
- Hack Tools Download
- Hacker Tools For Windows
- Pentest Tools Subdomain
- Hacker Tools Hardware