Tuesday, July 28, 2009

Top 10 Password Cracking Tools

1. Cain and Abel :

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.


2. John the Ripper

It works on Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

3.THC Hydra :

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.

The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA. It is licensed under version 2.0 of the GNU General Public License with the additional terms that the software may not be used for illegal purposes, and any commercial service or program that uses Hydra must give credit to THC.



4. Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless card whose driver supports raw monitoring mode (for a list, visit the website of the project) and can sniff 802.11a, 802.11b and 802.11g traffic. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).


5. L0phtcrack

L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables.

External Links:


6. AirSnort

AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.

External Links:

7. Solar Wind

It includes various Security-related tools such as many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

External Links:

solarwind Official Website

8. PwdDump

Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped.

9. RainbowCrack

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack differs from "conventional" brute forcerainbow tables to reduce the length of time needed to crack a password drastically.

External Links

crackers in that it uses large pre-computed tables called

10. Brutus

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more.

External Links

http://www.hoobie.net/brutus/


How To Avoid SQL Injection

SQL injections are among the flaws the most widespread and dangerous in PHP.
This tutorial will explain clearly the concept of SQL Injection and how to avoid them once and for all.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

There are two types of SQL injection:

* Injection into the variables that contain strings;
* Injection into numeric variables.

These are two very different types and to avoid them, it will act
differently for each of these types.


Imagine a PHP script that fetches the age of a member according to its
nickname. This nickname has gone from one page to another via the URL
(by $ _GET what: p). This script should look like this:

$pseudo = $_GET['pseudo'];
$requete = mysql_query("SELECT age FROM membres WHERE pseudo='$pseudo'");


Well keep you well, this script is a big SQL injection vulnerability.
Suffice it to a bad boy putting in place the username in the URL a query
like this:


' UNION SELECT password FROM membres WHERE id=1



It is to arrive to show (just an example), for example the password for
the member with the id 1. I will not explain in detail the operation for
fear that someone is not nice to walk around. Well, so let us go to the
security:).

II) Security .


To secure this type of injection is simple. You use the function
mysql_real_escape_string ().


This feature adds the "\" character to the following characters:


NULL, \ x00, \ n, \ r, \, ', "and \ X1A


As you have noticed in previous injection, the attacker uses the quote
(to close the 'around $ nick): if she is prevented from doing that, the
bad boy will only have to look elsewhere . This means that if one
applies a mysql_real_escape_string () to the variable name like this ...

$pseudo = mysql_real_escape_string($_GET['pseudo']);
$requete = mysql_query("SELECT age FROM membres WHERE pseudo='$pseudo'");

The application is completely secure.
Explanation

' UNION SELECT password FROM membres WHERE id=1


Well if we apply mysql_real_escape_string () to the variable $ name used
in the query is what will the injection:


\' UNION SELECT password FROM membres WHERE id=1


This means that we do not even come out of assessments around $ nick in
the request because the \ has been added. There is another function
somewhat similar to mysql_real_escape_string () is addslashes (), why
not have used? Well recently, a security hole was discovered on this if
it is used on a PHP 4.3.9 installation with magic_quotes_gpc enabled.

Numeric variables:


This type of injection is less known than the previous one, making it
more frequent, and it starts as just now with an example. This time, it
displays the age of a member according to its id, and by passing it by a
form ($ _POST) to change:

$id = $_POST['id'];
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");


mysql_real_escape_string () would be nothing here, since if an attacker
wants to inject SQL code, it will not need to use quotes, because the
variable $ id is not surrounded by quotes. Simple example of
exploitation:


UNION SELECT password FROM membres WHERE id=1


This injection did exactly the same as the previous one, except that
here, to avoid it, there are two solutions:

* Change the contents of the variable so it contains only numbers;
* Check if the variable actually contains a number before using it in a query.


Method 1:


We'll use a function , intval () This function returns regardless of the
contents of a variable its numerical value. For example:


$variable = '1e10'; // $variable vaut '1e10'
$valeur_numerique = intval($variable); // $valeur_numerique vaut 1


Now back to our sheep:


$id = intval($_POST['id']);
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");
}


That is: you can stop there and is more than enough, but I recommend you
continue to find another method, or you have air beast if you find this
method on a code that is not yours without understand it.


Méthode 2:


Here we use a function that returns TRUE when a variable contains only
numbers and FALSE if it is not the case this function is is_numeric (),
we will use it in a condition that checks whether is_numeric ( ) returns
TRUE well.


$id = $_POST['id'];
if (is_numeric($id))
{
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");
}
else
{
echo "Trying to hack me ? ";


What is the best, depending intval () and is_numeric ()?


Well I will say that they are both equally effective, they are equal.
But I prefer inval () since with is_numeric () write more code, and if
the variable does not contain only numbers, the request is canceled (in
principle, but of course you can run the same query by choosing an
default value for the variable used). Well that's it! You know all about
securing your applications. If you apply these methods, there is
absolutely no risk of having a fault type SQL injection on its website
(or PHP).

How to maintain Integrity of Contents (Open Source Tripwire)

Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

Open Source Tripwire functions as a host-based intrusion detection system. Rather than attempting to detect intrusions at the network interface level (as in network intrusion detection systems), Open Source Tripwire detects changes to file system objects.

When first initialized, Open Source Tripwire scans the file system as directed by the administrator and stores information on each file scanned in a database. At a later date the same files are scanned and the results compared against the stored values in the database. Changes are reported to the user. Cryptographic hashes are employed to detect changes in a file without storing the entire contents of the file in the database.

While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management, and policy compliance.

Other open source projects exist that provide similar functionality. Examples include AIDE, AFICK and Samhain.

Thursday, July 16, 2009

Who is a Hacker?

In common usage, a hacker is a person who breaks into computers, usually by gaining access to administrative controls. The subculture that has evolved around hackers is often referred to as the computer underground. Proponents claim to be motivated by artistic and political ends, and are often unconcerned about the use of criminal means to achieve them.

Other uses of the word hacker exist that are not related to computer security (computer programmer and home computer hobbyists), but these are rarely used by the mainstream media.

Tuesday, January 20, 2009

Outlaws of Technology! Hacker or Cracker

In order to study the comparison the between the hackers and crackers, it is important to understand the respective definitions. While apparently the words hacking and cracking seems synonymous, yet there exist certain points of distinctions between the two and the meaning of the words will always be heated topics of debate.
Since the very dawn of the civilization, man's hunger to attain the unattainable have went on opening new horizons in almost every aspects of life, and the technology is of no exception to this nature of human.
Aims of Hackers and Crackers

The computer hackers actually trespass or circumvent artistically, yet scientifically into the other computer system with a hunger to know the programmable systems, how they perform and their internal structures, while cracking is slight different in sense. Cracking means to break off the computer's security system. This is a subject matter of hard-core science with an aesthetic undertone of artistic skill that has attracted a few millions of teenagers and young adults all over the world.
Who Is A Hacker And What Is His Aim?

Delving deep into the concepts, we can compare the hackers and crackers. A hacker is a person who commits the fraudulent act or the penal offense of exploring into the other computers in order to know the details of the programmable system and how they work. On the other level, a cracker is a person just more secretive as compared to the hacker. The cracker breaks through the system's security and proves to be far more dangerous than the hackers who just quench his or her thirst by simply discovering the workings of a system. Hence the crackers can potentially be much more perilous as compared to the hackers. While it is often believed that the hacking is simply exploring into the other computer system with an intention to know how the programmable system works, which is not a fraudulent task unless any sort of vandalism and theft is done by this, another huge section stands strictly against the view and look at the act from the view point of a crime.
Who is A Cracker and What Is His Aim?

A cracker is a technical person who has mastered the art of breaking systems, often not for acquiring knowledge, by the dint of few programs and softwares used as tools. They are more interested in the system's security without the need of great deal of knowledge, thereby not benefiting much. On the other hand, a hacker who cracks and hacks systems is not only interested in breaking the security of the system but also in knowing about the system's details, by which he gains much more than by simply cracking systems. Unlike a cracker, a hacker generally does not have intention destroy data maliciously or to steel things. A cracker who is often termed to be a cyber burglar brings out significant harm to the network or steels the information like passwords or credit card numbers. A Trojan is capable enough to recognize and record even every single keystroke that you make. Hence even if you do not store any personal or financial records in your system, the hackers can still be able to obtain the information by recognizing the keystrokes.
NOTE: Article Initially Taken From

Credit Card Hackers Are Here - Have You Checked Your Credit Report Lately?

Credit card hacking has become one of the new security headaches of consumers. Although in face to face transactions the percentage of credit card fraud is almost a tenth of a percent, in online transactions it's as high as two or three percent.
That means that for every one hundred transactions you may do in the internet, you may suffer two or three breaches in your private information. Stopping credit card number hacking is, nowadays, one of the priorities of credit card brands around the world.One funny thing about many of these hackers; free credit card numbers are posted at the internet. Some of them don't want the potential money that can be acquired from this information, only the fame.
How Are Credit Cards Gained By Hackers?
A hacker has many ways to gain a credit card number from an innocent user. The most common one is known as phishing. In this technique, the hacker poses as an officer within an organization, let's say VISA. The hacker sends to a group of email accounts an alert, instructing the receiver to follow determined set of instructions before his credit card is cancelled.If the user is not aware of this kind of fraud, he will insert his credit card number, his name and expiration date without knowing he is going to be a victim of an online crime.Another way for hacking credit card numbers is through a website. The hacker only needs to hack the systems of an online retailer, let's say, Costco, and search for the database where the retailer stores the information of all of the users who have made recent transactions.The third way is through the online process of buying. Let's say an adult finds a website with adult content that he or she finds attractive. It's quite probable that the website is only a masquerade for acquiring credit card information from you.
What Is A Carder?
A carder is a criminal who specializes in stealing information from credit cards. Although the majority of them buy the information from online vendors, some of them are quite savvy on how to access that information by themselves.In the physical world, a carder will steal the information from a user while doing a face to face transaction. The criminal only needs to pass the card through a special scanner. This device will read from the magnetic strip all of the credit card information. Afterwards, the carder will trespass that information to a blank card available in many identity card stores. In the virtual world, credit card hacking is a bit more sophisticated and automatized. A hacker could install inside your system a credit card hacking software known as Bugbear. This program is a keystroke logger; it captures the keys that you have pressed in your keyboard and after some time, it transmits this information to the hacker. The criminal will navigate through this data, searching for any private information that can give him access to your credit card.Besides Bugbear, there is also the IRC bot. This automated software is used for determined functions, like a moderator for a chat room. But if it is used by a hacker, he may use it for stealing your credit card information. The IRC bot will pose as an official from a company, asking you to insert your credit card information. Another mean that hackers use for stealing money from your credit card is through unused ebay accounts. Once they find a possible victim, the hacker uses a program that starts bombarding the account until it breaks it. Once inside, the hacker will use it for posing as the real user, selling equipment that will never reach the buyer once he buys it.
Note: Article Taken From

GooGle Hacking For Panitration testers

A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I’ve seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.-Johnny Long
. Learn Google Searching BasicsExplore Google’s Web-based Interface, build Google queries, and work with Google URLs.. Use Advanced Operators to Perform Advanced QueriesCombine advanced operators and learn about colliding operators and bad search-fu.. Learn the Ways of the Google HackerSee how to use caches for anonymity and review directory listings and traversal techniques.. Review Document Grinding and Database DiggingSee the ways to use Google to locate documents and then search within the documents to locate information.. Understand Google’s Part in an Information Collection FrameworkLearn the principles of automating searches and the applications of data mining.. Locate Exploits and Finding TargetsLocate exploit code and then vulnerable targets.. See Ten Simple Security SearchesLearn a few searches that give good results just about every time and are good for a security assessment.. Track Down Web ServersLocate and profile web servers, login portals, network hardware and utilities.. See How Bad Guys Troll for DataFind ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.. Hack Google ServicesLearn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.
Download Here