Flipkart

Flipkart

Sunday, June 3, 2012

Alkasir

Alkasir is yet another censorship circumvention or unblocking software that can be installed in your computer.
It has proxy servers in different parts of the world that it uses to provide users access to blocked content on Internet . It is available as a free download on the Internet from its website www.alkasir.com .It was originally created to help users, especially in the Middle East, to bypass government filters and access blocked website. But in reality it can be used by anybody in any part of the world .Once installed on your computer, it allows you to unblock websites and have an anonymous secure access to the Internet. 


Download Free Music legally,illegally

Are you scared that the RIAA is about to track you down for illegally downloading songs.
Well, here is a method of obtaining many songs absolutely free that is virtually untrackable
by modern technology. This has to do with capturing streaming audio, which in many cases, believe it or not
are plain old mp3s just waiting for you to "download." I have found most of the current top-40 as well as many others you may like, so keep searching. The music is waiting for you to find it.

Step 1:
First of all, you need to find a good site that hosts streaming audio. My favorite that has brought me many songs to date is hxxp://www.windowsmedia.com . Some others are just as good, but this is the site that I will be referencing (plus, I know you guys love to steal from Microsoft).

Step 2:
Alright, go up to the left hand corner where there is an empty text box. This is the search box, just fill it with a songname or artist just like you would in kazaa and click search. This will bring up a page with links to many websites hosting a stream by that artist. The ones with music notes are just that...music, this is what you want. In many cases, this is all you need. Just right click on one of the links and click "save as" to save the song. This works if the file extension is .mp3 or .wma or .asf or well-other known formats. If this worked, you are finished, otherwise continue reading.

Step 3:
However, if you encounter a .asx file, there are a few more steps you will have to endure. First of all, do exactly like the above example and save the file locally. After the file is downloaded, check to see how large the file is. If it is a large file in the megabyte range, then you should be able to play it in your favorite music program. However, if it is less than 1 kilobyte, open it as a textfile. You will then see many script commands that communicate to windows media player. Don't worry about these, just look for some URLs which will most likely be pointing to a .asf file. It will have at least one if not more. Open the new found URL in your browser and save it like in step 2 and you should be good to go. (I use Mozilla, because Internet Explorer likes to open things rather than save them as I tell it)

NOTE: If any of the URLs are preceded with "mms://" instead of "http://" find another URL, because this technique will not work.

This technique is especially useful to avoid prosecution because streaming audio, and downloading it appear the same to a web server, therefore you are seen as just another "legal" listener, so "download" away my friend and don't blame me if this soon becomes illegal (if it isn't already).

Step 4:
If you are picky then search for a program that will convert these file types to mp3s. I assure you there are many sites out there.

If this technique does not work for some reason, there is another technique which is manually recording streaming audio, with an audio capture program. I use the one that came with my soundcard (Audigy 2ZS, great soundcard), but I would recommend it only as a last resort such as with "mms://" files. There is a degredation in quality compared to the other formats and it records every sound your PC makes while it is recording so don't chat on AIM while recording (lol I can hear random doors slamming now).

Thursday, May 24, 2012

Flash Exploits – New hakin9 Extra is out now!



 
What is in this issue?
  • Exploiting Adobe Flash
  • Exploiting Adobe Flash
  • Adobe’s Security Policies
  • Atola’s Technology Showcase
  • User Training and Written Security
  • Policies in a World of Social Media & BYOD




Why Apple Doesn’t want Flash on its iOS
by Keith DeBus Ever since the advent of the iPhone in June of 2007, Apple’s decision to forego Adobe’s ubiquitous Flash software has raised eyebrows and more than a few hackles. Then, when Apple introduced the now revolutionary iPad in April of 2010, the controversy escalated to a white hot froth in short order. Apple and its CEO and founder, Steve Jobs, has claimed that Flash was a security vulnerability and threatened the convenience and usability of their mobile devices and therefore would be banned from iOS and their mobile devices. In this article, we will look at the long history of the relationship between Apple and Abobe than culminated in this ban, examine closely the claims and counter claims and then attempt to sort out the validity of Apple’s claims against Adobe and its Flash software.
Exploiting Adobe Flash Player
by Swetha Dabbara
The vulnerability exists in Flash Player versions 11.2.202.233 and earlier for Windows, Macintosh and Linux systems, as well as versions 11.1.115.7 and earlier for Android 4.x and versions 11.1.111.8 and earlier for Android versions 3.x and 2.x. The company said the plan to include a Google Play link for Android users at some point today so that they can get the update for their devices. The patch is of highest urgency as there are attacks in the wild against the vulnerability. “Users that have opted-in to participate in the newly introduced silent update feature (currently only available on Windows), will have the update applied automatically on all browsers present on their system,” he continued. “Users of other operating systems and users that have opted-out of ‘silent update’ need to manually install on all browsers.”
User Training and Written Security Policies More Important Than Ever in a World of Social Media & BYOD
by Ken Krauss
Rather than having a standardized list of allowed applications on employee devices known to company security managers, with BYOD the list of allowed applications on computing devices is often non-standardized. Further complicating the issue, company IT staff might not even know which device(s) employees use, and might not now be allowed to connect remotely to employee devices for patch management, virus scans, and other security concerns. It is also much more likely that the BYOD employee will be sharing their devices with others that are even less skillfully trained on computer security than your employees are, such as their children or other family members.
Hard Disk Diagnostics: Opportunities and Solutions
by Dmitry Postrigan
It is not a secret that every data recovery specialist must perform a full diagnosis of a hard disk drive to find the problem or the disk state in general as the very first step in all data recovery cases. Only accuracy and competent approach can guarantee the extraction the maximum amount of a data to avoid further damage to the hard drive. Have you ever considered what it takes to find the exact state of the customer’s drive? Usually, it is a quite complex task that involves a number of tests, guesses, and risks; and it has been like that for many years. I believe it’s time to offer something better. Atola Insight provides the unique, fully-automated in-depth diagnosis of any PATA or SATA hard drive. Just one click, and in a few minutes, you’ll have the full diagnosis report outlining the exact issue.
Security Teams at Adobe
by Adobe
Adobe has a team in place (the Adobe Secure Software Engineering Team – ASSET), which is dedicated to ensuring our products are designed, engineered and validated using security best practices. Brad Arkin, senior director of security for Adobe’s products and services, leads that team. A second team within ASSET (the Product Security Incident Response Team – PSIRT) is responsible for responding to and communicating about security issues. ASSET and PSIRT (as they exist today) were put in place during the integration of Macromedia and Adobe in late 2005 by combining the corresponding security teams from each company, and these teams continue to evolve to best address the threat landscape facing Adobe’s products. All engineering teams at Adobe work very closely and proactively with the Adobe Secure Software Engineering Team (ASSET) during each phase of the Adobe Secure Product Lifecycle (SPLC). In addition, product teams have dedicated security development and testing groups in place. As a result of changes in the threat landscape, we have about seven times as many engineers dedicated to security today compared to 2009.

Monday, May 14, 2012

Password Cracking – Part 9 – Salts continued…





I promised that once we learned more about password cracking we would come back to salts.
If you remember, I mentioned that one of the ways salts made passwords harder to crack was by making them longer. As you’ve learned, every additional character exponentially increases the amount of possible character combinations. Once the hacker finds out what the salt is, this is no longer the case. The attacker can edit any dictionary or brute force password cracker code to add the salt to the current word before running it through the hash function. The attacker can now run normal password lists and brute force attacks as if the salt wasn’t even there. This can also applied on a larger scale. If the attacker found out that the salt was the user’s username, he could easily automate a password cracker by editing the code to attach the user’s username to the password. So as you can see, it is important to create good salts and store them as securely as possible.
Random Salts vs. Unique Salts
So which is better, having random generated salts, or unique salts like your username or email address?It depends on how you store it. If it is in the same database as your username and password hash, then it doesn’t matter if it’s random or unique, because it’s being stored either way. Once the hacker gets access to the database and dumps the username/password database, to figure out what the salt is, allhe would need to try attaching every stored value (username, email, name, etc..) to a possible password until he cracked the password. He would then know what the salt was for every other user. The attacker could also just choose to try and crack the password hash as is, and if successful he would see the salt and password in plaintext. The attacker would then compare the plaintext with the database values under that user and see where it matches up, finding the salt. This would probably take much longer or wouldn’t work depending on how long the salt and password combination is.
This would be a different situation if the salt was stored in a different server because if the attacker had access to one database, he might not have access to the other. In this case, using a random salt would make sense because the attacker would still be able to guess a unique salt like a username, but not a random hash stored elsewhere.
For even greater security, in addition to using a salt that is stored in the database, you could add to it in the actual source code of the register/login script. This way, the attacker would need to have access to both the database and the source code to be able to get the salt.

Saturday, May 12, 2012

Password Cracking – Part 8 – Rainbow Tables





What are Rainbow Tables?
Rainbow tables are lookup tables that contain almost every possible combination of passwords in a given character set. It is simply a completed brute force attack that you can reuse as many times as you wish without having to regenerate all those possible password combinations. This can reduce password cracking time by up to 99%! Of course, to generate a rainbow table it can take longer that it would take to crack one password, but afterwards you will be able to crack others in a few minutes compared to hours. Now that you have a basic idea of what rainbow tables are, let’s look at exactly how they work.
If you recall, I said that rainbow tables store most of the possible hashes in a given character set. This is true, but not in the way you might think. Depending on the character set and length of the password, a rainbow table can get extremely large. Below is an example of tables from the RainbowCrack Project:











If the rainbow stored every hash for every plaintext word in a given character set, it would use more memory then you have or can imagine. Instead, rainbow tables use a time-memory trade off technique, known as chains.
To understand these chains, you must first understand the “reduction function”. As you’ve learned, hash functions map plaintext words to hashes, well, the reduction function maps hashes to plaintexts. You might be thinking, didn’t you say that you couldn’t reverse a hash function and get the plaintext from it? True, the reduction function doesn’t inverse the hash function acquiring the original text. No, instead it gets another plaintext from the hash. For example, if we have a set of plaintexts that are made up of 7 numbers [0-9], using the md5() function a possible hash could be MD5(1234567) -> fcea920f7412b5da7be0cf42b8c93759. In this case the reduction function could be as simple as taking the first seven numbers from the hash to generate a new plaintext. So once the reduction function was applied to the hash, it would result in the new plaintext, “9274125”. And that’s what the reduction function does, generates a new plaintext from a given hash.
These chains that make up rainbow tables are made up many combinations of the one way hash function combined with the reduction function, making a chain. For example, if we were to continue the chain from the first example, it would look like this:
Md5(1234567) -> fcea920f7412b5da7be0cf42b8c93759 ->
Reduction(fcea920f7412b5da7be0cf42b8c93759) -> 9274124 ->
—————————————————————————————–
Md5(9274124) -> ed7db1cf7fc4fbd0169f00c37a0165ab ->
Reduction(ed7db1cf7fc4fbd0169f00c37a0165ab) -> 7174016 ->
—————————————————————————————–
The above chain would keep repeating until you or the rainbow table maker decides to stop it, usually after millions of hashes are created. Now here’s how rainbow tables save memory. Instead of storing every one of these hashes, the rainbow table only stores the first plaintext and the last hash in that chain. Then millions of more chains are created, each representing millions of password hashes. If a table was made up of the above chain, then it would be made up of its first plain and final hash looking something like this: 1234567 -> ed7db1cf7fc4fbd0169f00c37a0165ab.
Once enough tables have been generated (millions), you will want to actually use the final rainbow table to crack a password hash by checking to see if it is inside any of the generated chains. Here is the algorithm:
  • Check to see if the hash matches any of the final hashes. If so, break out of the loop
    because you have found the chain that contains its plaintext.
  • If the hash doesn’t match any of the final hashes in the tables, use the reduction function on
    it to reduce it into another plaintext, and then hash the new plaintext.
  • Go back to step 1.
Now that you know which chain contains the plaintext, you can start with the original plaintext of that chain and start hashing and reducing it until you come to the password hash you are trying to crack and its secret plain text. There you have it! The quickest and simplest explanation of rainbow tables that you will ever find!
When should I use a rainbow table?
If there are rainbow tables available for the type of password hash(es) you have, then use it! Chances are it’ll work. If you have to download the tables, then while that’s going on, trying a dictionary attack won’t hurt.
If the passwords are salted, then you probably will not want to use rainbow tables because you will need to create a new rainbow table for every password. Why? Well, if you recall, when you salt a password, you add a random or unique string to it and then run it through the hashing function. So if the password was “password” and the script attached the user’s username to it, the final password would be MD5(“username”+”password”). Since everyone has a different username, the word “password” will never look the same once hashed.

Friday, May 11, 2012

Password Cracking – Part 7 – Hybrid




What is a hybrid attack?
A hybrid attack is a mixture of both a dictionary and brute force attack. That means that like a dictionary attack, you would provide a wordlist of passwords and a brute-force attack would be applied to each possible password in that list.
A hybrid attack is like the beginning of an MMORPG where you choose your character design. Your figure stays the same but you have the choice to change your clothes, hair and color until you have the look you want, a badass Schwarzeneggar or a medieval hooker.
On my first day as a freshman in high school, I was given a username and password for the school’s computer network. Everyone’s password was set to the first initial of their first name, their last name and birth date. So if my name was Bob Sagat and I was born on May 22, 2010, my password would be “bsagat052210”. This wasn’t a great way to distribute passwords, but we did have to change it after we first logged in. Can you see why a hybrid would be an effective attack in this case? What I could have easily down was get a list of every freshman student in the school and apply a brute force attack to the end of each name. The rule would look something like this:
(first initial of first name)(last name)([0-9] [0-9] [0-9] [0-9] [0-9] [0-9])
In this case, a hybrid attack would have enabled me to crack every single student’s password within a few minutes.
When should I use a hybrid attack?
Use a hybrid attack whenever you have an idea of how a password is formatted. For example, if you dump a database of password hashes from a website, and after trying a dictionary attack against it you are left with many uncracked passwords, then take a look at the password requirements for that website. Many websites require a password to be made a certain way. For example it may require a password to have at least two numbers and a special character. Knowing how people like to make things as easy as possible for themselves, you can safely guess that many people used exactly two numbers and one special character. Armed with this knowledge you can go back to your dictionary file and apply a brute force attack to it (making it a hybrid attack), trying the following combinations:
([0-9] | SC) ([0-9] | SC) ([0-9] | SC) (password) or
(password) ([0-9] | SC) ([0-9] | SC) ([0-9] | SC)
Where SC = Special Character (ex. !,@,#,$) and (| = or).

Password Cracking – Part 6 – Brute Force





What is a brute force attack?
A brute force attack is a password attack where every possible combination in a range of characters is generated and used against the password hash.
For those visual learners, a brute force attack is presented pretty well with a Rubik’s Cube. The brute force attack would be the act of your hand turning the cubes in every possible direction to create different combinations until finally the Rubik’s Cube is solved and you have matching colors, the password.
When selecting a range of characters to use for a brute force attack, you have a few options. Below are the ones available in the popular cracking program, Brutus.
  • Numerical – Use any numbers from 0-9
  • Lowercase Alpha – The lowercase alphabet
  • Uppercase Alpha – The uppercase alphabet
  • Mixed Alpha – Both lowercase and uppercase
  • Alphanumeric – The lowercase and uppercase alphabet plus digits 0-9
  • Full Keyspace – Everything above including all the special characters on your keyboard.
  • Custom Range – If you have an idea of the characters included in the password(s) you can create
    a custom list of characters to use.
Each range option yields a different amount of possible password combinations. Let’s look at how many combinations there are for a password of 0-6 characters in length.
  • Numerical – 1,111,110 Passwords
  • Lowercase Alpha – 321,272,406 Passwords
  • Uppercase Alpha – 321,272,406 Passwords (obviously the same because it’s the same amount of
    characters)
  • Mixed Alpha – 20,158,268,676 Passwords
  • Alphanumeric – 57,731,386,986 Passwords
  • Full Keyspace – 697,287,735,690 Passwords
For a six character password, we are hitting over 697 Billion combinations for the full keyspace! And by just adding one more character to the password making it 0-7, the number of combinations jumps to 65,545,047,154,955, that’s over 65 Trillion! As you can see, it makes a big difference having an idea of what types of characters are being used in the password(s) and how long it is.
Calculating Number of Combinations
You now have an idea of how the number of combinations can grow with the addition of a new character or an extra character in the password, but how are these numbers calculated? Simple.
If you are doing a Numerical attack on a 6 character long password, that means there are 10 possible different characters (0-9) that you can use. So the equation to calculate the number of different combinations is:

# of different possible characterspassword length
So the expression for our example would be:

106
Which, once calculated, comes out to 1,000,000 combinations?
Wait! Didn’t I state that there are 1,111,110 possible combinations for the same character set before? Yes, but it was for passwords that consisted of 0 to 6 characters long, not just 6. If you don’t get what I mean, look at it this way. When I’m looking for all the possible combinations of a password that is of length 0 to 6, I need to account for the combinations of all the 6 character length combinations, 5 character combinations, 4 character combinations and so on. If you were doing it out, this is what it would look like:

106 + 105 + 104 + 103 + 102 + 101 = 1111110
This would get pretty tedious if you had to do it manually for long numbers, so here’s a simple C script I put together that does it out for you:
#include
#include main(){
int n = 10; // number of possible characters
int a = 6; // length of the password
unsigned long long int x = 0; // this will hold the answer, its set to unsigned long long int so that the variable x can
// hold the largest possible number
while (a >= 1){ // keep going until a is 1

x+= pow(n,a); //take n to the power of a and add it to x
a--; //subtract 1 from a
} //do it again until a is lower than 1
printf("The number of possible combinations is %lld.\n",x); //finally print the answer
}

Backwards Brute Force Attack
A backwards Brute Force attack is a brute force attack against usernames. So instead of using the brute force attack to create and try a bunch of password combinations, you will be most likely be using one password and using the brute force attack to generate all possible usernames in a range of characters, trying that password(s) against it.
When should you use a Brute Force attack?
Only use a brute force attack when a Dictionary and all other options fail. A brute force attack takes a lot of resources and a lot of time to perform. Depending on how big the password is, the range of characters being used and the resources available, a brute force attack can take years to fully complete as you’ll see later on.

Thursday, May 10, 2012

Access Your Facebook Account with 3 Passwords


Access Facebook with 3 PasswordsDid you know that you can login to your Facebook account using 3 different passwords? Seems interesting isn’t it? Yep! Unlike any other online account which has only one password to access, Facebook lets you log in using 3 different variants of your password.
Only a few Facebook users are aware of this fact but, for many others this might seem a bit surprising. Facebook accepts the following forms of your password:
 

1. Your Original Password

Let me explain this to you with the following example. Assume that your default Facebook password that you created during the sign-up process is:
Facebook-Password-1

2. Password with the Case Toggled

In the above password the letters ‘F’ and ‘P’ are in uppercase and the remaining are in the lowercase. If you TOGGLE the case where all the UPPERCASE characters are converted into the lowercase and vice versa, your default password “myFacebookPass” would become:
Facebook-Password-2
Now if you log in using the above toggled password, your Facebook will accept it and welcomes you! This is the first variation of your default password which is accepted by Facebook.
 

3. Password with the First Letter Capitalized

If the first character of your password is in the lowercase, you may just change that first letter to UPPERCASE and Facebook will again accept it and let you in. As in case of the above example where your default password is “myFacebookPass”, if you just change the first letter to UPPERCASE your password would be “MyFacebookPass” and this should work fine as well:
Facebook-Password-3
Please note that this option will work for Mobile users only!
 

Why 3 Passwords?

Now, you all know that Facebook can be accessed using 3 different passwords. But you may be curious to know the actual reason behind it.
Well, this is definitely not because Facebook has a bug or a serious vulnerability. In fact this is just an option provided by Facebook itself to make the sign-in process easier for the users. Here’s how:
The most common reason for the authentic logins to be rejected is when the CAPS LOCK is ON. This is where the first variation comes in handy. That means, when the CAPS LOCK is ON the case gets reversed (toggled) for your password but Facebook will accept this as well.
In case of mobile, users it is a common for the first letter of the password to get capitalized which often leads to the login failure. So, in order to tackle this issue, Facebook will also accept the password where only the first letter is capitalized.
Thus if the CAPS LOCK is accidentally enabled, the toggled password feature would still let you log in to your account! :)

Saturday, April 28, 2012

Hacking Software – FOCA



Software: FOCA

Description: FOCA (Fingerprinting Organizations with Collected Archives) is a Windows only forensic tool used to extract and analyze metadata from common file types. Metadata is basically descriptive information about data. For example, if you created a Word file in Microsoft Word, Microsoft Word would automatically include metadata in your Word file that would give out information like – when the file was created, using what program, what operating system was used to run the program, the username of the person creating the file, etc.. FOCA can extract this type of meta data from most common file types and analyze it, spitting back a report of very valuable information that can aid hackers during penetration tests.

Screenshot:












Features:
  • Extracts metadata from Open Office, MS Office, PDF, EPS and Graphic documents.
  • Uses Google, Bing and Exalead to find and examine the following file types on a target website – doc, ppt, pps, xls, docx, pptx, ppsx, xlsx, sxw, sxc, sxi, odt, ods, odg, odp, pdf, wpd, svg, svgz, indd, rdp , and ica.
  • From the extracted metadata, FOCA can find information on users, folders, printers, software, emails ,operating systems, passwords, servers and more.
  • Network Discovery
  • Fingerprinting
  • DNS Cache Snooping – discover what websites the internal users of a network are browsing on.
  • Exports data into a Report



Download: Click here and enter your email on the bottom of the page to receive a download link.
 

Password Cracking – Part 5 – Dictionary Attack






What is a dictionary attack?

A dictionary attack is password attack where every word from the dictionary is attempted against a password hash. Good dictionary attacks use wordlists with dictionaries of other languages (depending on the target), the most commonly used passwords (many of which aren’t words in the dictionary), and order the wordlists with the most commonly used passwords on top to save cracking time.

For those of you who are visual learners, a dictionary attack is like approaching a woman or man using a pickup line from a list in you pocket, being shot down and kicked in the face, trying again, being shot down and smacked in the face, until finally one of the pickups on your list work and you have yourself a date.

When should you I use a dictionary attack?

When performing a password cracking attack, dictionary attacks usually are, and should be the first attack type used. Why? Because most people create shitty passwords due to the “huge” effort it takes to remember and type in a bit longer and more complex password. Due to this laziness factor, dictionary attacks can usually crack a good percentage of the hashes they are run against. Dictionary attacks are also the first and many times the only type of attack used in online attacks. This is because, as you’ve learned before, online attacks can be very slow and noisy.

Monday, April 9, 2012

What are Input Validation Attacks ?



Input Validation Attacks :-

Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-
1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server’s response.
2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-
/menu.asp?dimlDisplayer=menu.asp
/webacc?User.asp=login.htt
/SWEditServlet?station_path=Z&publication_id=2043&template=login.tem
/Getfile.asp?/scripts/Client/login.js
/includes/printable.asp?Link=customers/overview.htm
3) Cross-site Scripting (XSS) :- Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc.
We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:
http://website/inc/errors.asp?Error=Invalid%20password
This displays a custom access denied page that says, “Invalid password”. Seeing a string
on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:
http://website/inc/errors.asp?Error=<script%20src=…
That is, place the script tags on the URL.
4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports’ or 1=1–

Tuesday, April 3, 2012

How To Make an External Mac Book Battery Pack for $60

If you use a Mac Book and are out on the road a lot, chances are the battery doesn't last quite as long as you'd like. One solution is a commercially available battery pack, but they're not cheap. So how about making your own for $60?  to watch video click
http://www.youtube.com/watch?feature=player_embedded&v=I-nmY4DCWrQ

EU plans tougher punishment for hackers – and their bosses


Biz could be criminally liable if it 'profits' from employees' cyber attacks
The European Parliament's Civil Liberties Committee overwhelmingly voted to approve proposals to criminalise certain activity relating to cyber attacks last week. The proposals contain plans to make specified "legal persons" within companies liable for certain offences.
"Legal persons would be liable for offences committed for their benefit (e.g. a company would be liable for hiring a hacker to get access to a competitor's database), whether deliberately or through a lack of supervision," the European Parliament said in a statement. "They would also face penalties such as exclusion for entitlement to public benefits or judicial winding-up."
EU member countries will be required to "ensure that their networks of national contact points are available round the clock" and that they can "respond to urgent requests within a maximum of eight hours" in order to prevent cyber-attacks spreading across borders.
The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.
A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.
One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Individuals found in possession of or distributing hacking software and tools also face criminal charges under the Committee's proposals.
"Illegal access, interference or interception of data should be treated as a criminal offence," the MEPs said, according to the Parliament.
Using another person's "electronic identity" in order to commit an attack that causes "prejudice to the rightful identity owner" could result in offenders serving a minimum of three years in jail if they are under the maximum penalties that could be imposed.
"Tougher penalties" would be imposed on criminal organisations. Those harsher penalties will also be imposed for attacks on "critical infrastructure such as the IT systems of power plants or transport networks," the Parliament said. If damage caused by attacks is "insignificant" then no criminal sanctions "should" apply.
Criminal offences will also apply for the sale or production of tools that are used to commit cyber-attack crimes, it said.
"We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations," Monika Hohlmeier MEP said. "The financial damage caused for companies, private users and the public side amounts to several billions each year. No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world," she said.
The Committee's rapporteur hopes to form agreement on a new EU Directive by the summer. Both the European Parliament and Council of Ministers would have to back the proposals for this to happen.
In the UK individuals can face up to 10 years in jail for serious offences under the Computer Misuse Act.
Under the Act it is an offence for a person to knowingly cause "a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured" without authorisation.
Under the Act a person is also guilty of an offence if the unlawful computer access is used to commit, or facilitate, some other offences regardless of whether that subsequent offence is to take place in the future or is indeed possible to commit. A person is also guilty of an offence if they commit any unauthorised act with intent to impair the operation of any computer, prevent or hinder access to any program or data held in any computer, impair the operation of any such program or the reliability of any such data, or enabling those acts to be done.
Making, adapting, supplying or offering to supply any electronic program or data intending it, or knowingly it is likely, to be used or to assist in the commission of unlawful computer access or impairment is also an offence. Supplying electronic programs or data "with a view to its being supplied for use to commit, or to assist in the commission" of unlawful computer access or impairment is also an offence under the Act.

Monday, April 2, 2012

Hackers Steal Account Details From 1.5 Million US Credit Cards


Over the weekend, Global Payments—a massive international credit-card processor—announced that it suffered a security breach. Hackers managed to acquire customer information from up to 1.5 million accounts across North America.
The Wall Street Journal reports that the news came to light when Visa withdrew from using the company's services as a result of the problem. Though card and account information was exported from the the servers of Global Payment, it's currently thought that the criminals didn't obtain card-holder names, addresses or Social Security numbers.
A spokesperson from Global Payments told the Wall Street Journal that "[b]ased on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained."
The move by Visa to stop using the services of Global Payment is a big one: it's a rare occurrence in the industry, so signals a complete lack of trust. It's not yet clear whether others will follow suit. As of Friday, banks were taking extra care to monitor accounts for suspicious activity. [Wall Street Journal]

Thursday, March 29, 2012

Password Cracking – Part 4 – Online vs. Offline Password Cracking

 

When performing a password cracking attack, it is either an online or offline attack. Let’s look at each method in detail.

Online Password Cracking

Online attacks are necessary when you don’t have access to the password hashes.

When performing an online attack, you are usually presented with a web form asking for a username and password combination. There, you could try to guess the password, but that usually won’t get you anywhere. Instead, you could create or use an available automatic password guessing tool. Luckily for those of you who can’t program, there are already hundreds of these tools freely available online.

The downside of performing an online attack is that it can be very noisy, extremely slow and sometimes just not feasible.

Many login forms have a lockout feature that locks you out after a certain number of failed login attempts. For example, one of my cPanel hosting accounts will completely block my IP address if I fail to login after five attempts. When this happens, I am forced to contact customer support to have my IP address manually unblocked so that I could access the site. Another example is if I fail to login into my online banking after multiple tries, my account will be locked for 20 minutes.

If the target websites doesn’t have a lockout feature, that doesn’t mean you’re golden. Online password cracking attacks are very noisy, and when you are throwing random wrong passwords at a system, its log file will grow tremendously. It looks very suspicious when there are hundreds of wrong password attempts logged to the same IP address.

To get around these factors, you might try to cover up your IP address via a proxy, use a different proxy for every 5 to 10 guesses, or even attempt a few guesses every 30 minutes so it looks less suspicious. Many of the password cracking programs out there have these features available.

Online attacks can be very slow because the speed of the attack depends on the speed of your internet connection and the speed of the target server. Because of this, the best and really the most effective type of attack is a dictionary related attack. So if you have a fairly secure password you will most likely not fall victim to an online password cracking attack.

Offline Password Cracking

Offline attacks are only possible when you have access to the password hash(es). The attack is done on your own system or on systems that you have local access too. Unlike an online attack, there are no locks or anything else to stop you on an offline attack because you are doing it on your own machines. The only thing that could hold you back is the limits of your computer hardware because an offline attack takes advantage of its machine’s processing power and its speed is dependent on the speed of the actual machine. So the better the processor and nowadays even graphics card, the more password guessing attempts you can get per second.

Now that you know the difference between online and offline attacks, I’m sure you’ll agree with me that you should try to use offline attacks whenever possible. This obviously won’t be possible most of the time, so we will look at real world examples of both methods later on in this course.

Wednesday, March 28, 2012

Former cybersecurity czar: Every major U.S. company has been hacked by China


Richard Clarke says evidence 'pretty strong' that China is stealing commercial secrets


Former White House cybersecurity advisor Richard Clarke has made a career out of issuing security warnings.
His most famous, of course, was his alert to Bush Administration officials in July 2001 -- 10 weeks before 9/11 -- that "something really spectacular is going to happen here, and it's going to happen soon."
Clarke was talking about an attack on U.S. soil by Al-Qaida, the terrorist group he had been warning the new administration about -- to virtually complete indifference -- since that January.
Now Clarke, author of the book Cyber War, is issuing an alert via Smithsonian magazine that the U.S. is defenseless against a cyberattack which could take down major parts of the nation's infrastructure, including civilian, military and commercial networks.
What makes the U.S. especially vulnerable, Clarke says, is that its aggressive "cyberoffense" -- “the U.S. government is involved in espionage against other governments,” he tells Smithsonian -- isn't matched by an effective, or even competent, cyberdefense, making the nation particularly vulnerable to blowback.
Clarke says he's concerned that hackers on the Chinese government payroll are threatening the U.S. economy.
"I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China,” Clarke says in the Smithsonian interview:
Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don’t get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them—“logic bombs,” trapdoors and “Trojan horses,” all ready to be activated on command so we won’t know what hit us. Or what’s already hitting us.
To Clarke this is a more insidious and dangerous attack than some high-profile, real-time assault on commercial and government networks.
"My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese," Clarke tells Smithsonian. "And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete."
It's easy to dismiss this as alarmism, but the man has a track record of being right.

Tuesday, March 27, 2012

Celebrity hacker pleads guilty to Scarlett Johansson e-mail hack


"Operation Hackerazzi" comes to a close as the hacker most known for sending private nude photos of Scarlett Johansson to gossip Web sites pleads guilty.


Christopher Chaney entered guilty pleas to nine felony counts in federal court today, admitting that he hacked into dozens of celebrities' e-mail accounts, including those of Mila Kunis and Scarlett Johansson, according to the Los Angeles Times.
"Today's guilty pleas shine a bright light on the dark underworld of computer hacking," said U.S. Attorney Andre Birotte Jr., whose office prosecuted the case, according to the Los Angeles Times. "This case demonstrates that everyone, even public figures, should take precautions to shield their personal information from the hackers that inhabit that dark underworld."
Chaney, 35 of Jacksonville, Fla., faces a maximum of 60 years in federal prison when his sentence is announced in July. He was nabbed last October following an 11-month investigation that federal officials named "Operation Hackerazzi."
Originally he was charged with a 26-count indictment that accused Chaney of unauthorized access of protected computers, wiretapping, identity theft, and damaging computers. While more than 50 victims from the entertainment industry were connected with the case, only five people were identified by name: Johansson, Kunis, Christina Aguilera, Simone Harouche, and Renee Olstead.
After the bust Chaney initially pled not guilty, but, according to TMZ, he struck a plea deal with the prosecutors and ended up agreeing to nine counts, including identity theft, wiretapping, and unauthorized access of protected computers. He also agreed to surrender his computers, external drives, and cell phone.

Over the course of the federal hearing, Chaney admitted to hacking into celebrity accounts, obtaining private e-mails and confidential documents, publicizing their personal information, and sending photos to two celebrity Web sites. Some of the photos of Johansson were nude photos she took privately to send to her then-husband Ryan Reynolds, according to The Guardian. Chaney gained access to the accounts by using the "Forgot your password?" feature in their e-mail addresses, according to the Los Angeles Times. He then would reset the passwords by answering security questions from public information he found by searching the Web. According to the plea agreement, Chaney received thousands of e-mails from the victims' accounts.

Monday, March 26, 2012

Cracking the cloud: An Amazon Web Services primer


Cracking the cloud: An Amazon Web Services primer
It's nice to imagine the cloud as an idyllic server room—with faux grass, no less!—but there's actually far more going on than you'd think.
Maybe you're a Dropbox devotee. Or perhaps you really like streaming Sherlock on Netflix. For that, you can thank the cloud.
In fact, it's safe to say that Amazon Web Services (AWS) has become synonymous with cloud computing; it's the platform on which some of the Internet's most popular sites and services are built. But just as cloud computing is used as a simplistic catchall term for a variety of online services, the same can be said for AWS—there's a lot more going on behind the scenes than you might think.
If you've ever wanted to drop terms like EC2 and S3 into casual conversation (and really, who doesn't?) we're going to demystify the most important parts of AWS and show you how Amazon's cloud really works.

Elastic Cloud Compute (EC2)

Think of EC2 as the computational brain behind an online application or service. EC2 is made up of myriad instances, which is really just Amazon's way of saying virtual machines. Each server can run multiple instances at a time, in either Linux or Windows configurations, and developers can harness multiple instances—hundreds, even thousands—to handle computational tasks of varying degrees. This is what the elastic in Elastic Cloud Compute refers to; EC2 will scale based on a user's unique needs.
Instances can be configured as either Windows machines, or with various flavors of Linux. Again, each instance comes in different sizes, depending on a developer's needs. Micro instances, for example, only come with 613 MB of RAM, while Extra Large instances can go up to 15GB. There are also other configurations for various CPU or GPU processing needs.
Finally, EC2 instances can be deployed across availability zones—which is really just a fancy way of referring to the geographic location of Amazon's data centers. Multiple instances can be deployed within the same availability zone (such as US East Virginia), or across more than one if increased redundancy and reduced latency is desired

Elastic Load Balance (ELB)

Another reason why a developer might deploy EC2 instances across multiple availability zones is for the purpose of load balancing. Netflix, for example, uses a number of EC2 instances across multiple availability zones. If there was a problem with Amazon's US East center, for example, users would hopefully be able to connect to Netflix via the service's US West instances instead.
But what if there is no problem, and a higher number of users are connecting via instances on the East Coast than on the West? Or what if something goes wrong with a particular instance in a given availability zone? Amazon's Elastic Load Balance allows developers to create multiple EC2 instances and set rules that allow traffic to be distributed between them. That way, no one instance is needlessly burdened while others idle—and when combined with the ability for EC2 to scale, more instances can also be added for balance where required.

Elastic Block Storage (EBS)

Think of EBS as a hard drive in your computer—it's where an EC2 instance stores persistent files and applications that can be accessed again over time. An EBS volume can only be attached to one EC2 instance at a time, but multiple volumes can be attached to the same instance. An EBS volume can range from 1GB to 1TB in size, but must be located in the same availability zone as the instance you'd like to attach to.
Because EC2 instances by default don't include a great deal of local storage, it's possible to boot from an EBS volume instead. That way, when you shut down an EC2 instance and want to re-launch it at a later date, it's not just files and application data that persist, but the operating system itself.

Simple Storage Service (S3)

Unlike EBS volumes, which are used to store operating system and application data for use with an EC2 instance, Amazon's Simple Storage Service is where publicly facing data is usually stored instead. In other words, when you upload a new profile picture to Twitter, it's not being stored on an EBS volume, but with S3.
S3 is often used for static content, such as videos, images or music, though virtually anything can be uploaded and stored. Files uploaded to S3 are referred to as objects, which are then stored in buckets. As with EC2, S3 storage is scalable, which means that the only limit on storage is the amount of money you have to pay for it.
Buckets are also stored in availability zones, and within that zone “are redundantly stored on multiple devices across multiple facilities.” However, this can cause latency issues if a user in Europe is trying to access files stored in a bucket on US West, for example. As a result, Amazon also offers a service called CloudFront, which allows objects to be mirrored across other regions.
While these are the core features that make up Amazon Web Services, this is far from a comprehensive list. For example, on the AWS landing page alone, you'll find things such as DynamoDB, Route53, Elastic Beanstalk, and other features that would take much longer to detail here.
However, if you've ever been confused about how the basics of AWS work—specifically, how computational data and storage is provisioned and scaled—we hope this gives you a better sense of how Amazon's brand of cloud works.

Sunday, March 25, 2012

Ars readers call for hackerspaces in the Ars OpenForum

Ars readers call for hackerspaces in the Ars OpenForum
So who'd like to get started on an RFID teddy bear?
Ars Technica's beginnings are rooted in a community that has always tinkered, built, and modded computer hardware. As it has evolved, the do-it-yourself philosophy has also triggered other communities that make their own stuff. Most recently, the "make movement" has made a name for itself in the world of open source hardware and hacking. The movement covers a broad range of interests, edging into some hardcore do-it-yourself projects. Some groups meet in hackerspaces, but the movement at large seems mostly based on the spirit of building things yourself or with other people.
This month, svdsinner started a fascinating thread in the OpenForum titled "Forums and the modern make movement." He started the thread by discussing "The modern open source hardware/hardware-hacking movement that has arisen with the advent of ultra-low cost micro controllers, the skyrocketing usefulness-to-cost ratio of interesting electronics sensors like gyroscopes, accelerometers, etc., and the new e-commerce-enabled ease of buying a vast array of inexpensive electronic components regardless of whether they are 'available locally' or not. There is a huge alpha-geek driven culture (personal fabrication, 3d printers, home CNC, hobby robotics, rapid prototyping, quad-rotators, etc.) that while on one hand is a perfect fit with the targeted readership of Ars, has no place in the open forum where it can be discussed where it would not be out-of-place."
Other readers in the thread noted that they'd like to see a dedicated space for some of these make projects in the Ars OpenForum. We are taking in all these recommendations from the Forum as we evolve the topics and forums in the near future.
Though the definition of a make project can be quite broad, svdsinner provided a nice list of different types of makers out there: Engineer-types who just love to have an extensive toolset to fix/build whatever they want, robotics tinkerers, academics, small businesses, artists, and of course, alpha geeks. If you feel there's other types of projects that fall under the definition, be sure to let us know in the comments or via our Ars pages on social sites.
Ars reader Chuckaluphagus has started his own RFID Teddy Bear project, and is hoping that there will be interest in him chronicling his project in the forums. What's more, that post brought out other makers out of the woodwork. If you have a project similar to his, or simply want to bounce ideas off other members in the forum, you can add your contribution to the thread or register for an account to get started.
We'd like to ask you, the readers, where to take this next. Would you like to see expanded coverage of makers and their projects? Like some of the readers in the thread mentioned, should there be a dedicated space in the OpenForum for make projects? Let us know what you think.

Saturday, March 24, 2012

Learn to hack with a Hacker Lab (see my personal set-up)


You have a choice little one. To be a poo-poo pounded legit hacker. Or just a legit hacker. What separates the two? – The right hacking environment.

To become a good hacker, actually, to actually learn how to hack in general, one must practice what he learns. And to practice hacking without the risk of getting in trouble with the authorities and ending up in a bad place (thus the poo-poo pound reference) one must practice in a safe environment. Otherwise known as a Hacker Lab.

In the video below, I show you how to set one up, and give you a tour of my own personal set up. A must watch. Watch now. Now!


Thursday, March 22, 2012

CrackerCast Episode 21 – Scanning


This Episode of CrackerCast looks at this weeks hacker news and breaks down the second phase of the hacking process, scanning.


Items Mentioned on the Show

Hacker Website of the Week

News Mentioned this Week

Download Episode

You can subscribe to the podcast feed via one of the two feeds below (might take a day for itunes to update it) :FeedBurner or iTunes

Wednesday, March 21, 2012

Hacking Software – Ophcrack



Software: Ophcrack
Description: Ophcrack is a free Windows password cracker based on rainbow tables. If you have no idea what a rainbow table is, see this article. It comes with a Graphical User Interface and runs on multiple platforms.
Screenshot:











Features:
  • Cracks LM and NTLM hashes
  • Free tables available for Windows XP and Vista
  • Brute-force module for simple passwords.
  • Audit mode and CSV export
  • Real-time graphs to analyze the passwords.
  • LiveCD available to simplify the cracking.
  • Loads hashes from encrypted SAM recovered from a Windows partition, Vista included
How to use it:
  • If you have access to the Windows installation already, but don’t know the password. You can run this program within Windows and it will load the local SAM file that holds the login details and attempt to crack it using the rainbow tables you downloaded.
  • If you have access to the computer, but can’t log into the computer, you can download and use the Ophcrack LiveCD. This simply runs Ophcrack from the CD by booting into the CD instead of into Windows. It will attempt to load and crack the Windows passwords.
  • If you can’t run the LiveCD on the machine, but have access to the hard drive, you can attach the hard drive to a separate computer and load the encrypted SAM from it and crack it on your computer. Or, if you have an encrypted SAM from anywhere, ophcrack can load it and attempt to crack it.
Video Demonstration:
Download: http://ophcrack.sourceforge.net/download.php

Tuesday, March 20, 2012

Password Cracking – Part 3 – Password Hash




Passwords are most often stored in their plaintext format or in their hashed value format in a file system or in a database. If your password was “password” and it was stored as just “password” this would be an example of your password stored in its plaintext form. So if you could extract the password list from your victim and the passwords were stored in their plaintext form, then you have no need to crack anything because you already know the passwords. Da tu du! But if you extracted the list of passwords or dumped the database of passwords, and they were stored in their hashed values, then it’s crackin’ time! But before we go any further, let’s look at the basics.
What is a password hash?

A password hash is the password after it has gone through a one-way mathematical process, or algorithm, producing a completely different string. So let’s say your password is “password” and you run it through the MD5 algorithm, one of the many cryptographic hash functions out there, your final outcome will be 5f4dcc3b5aa765d61d8327deb882cf99. There is now no possible way of changing that back to the word “password”. The only way to reproduce that key combination is to either know the word and run it through the same hash function, or by trying to crack it, which is essentially the same thing.
The Login Process

Before you even go to login to one of your many password/username protected websites, you must first create your login details. So what happens when you create your login details and hit submit? It’s pretty simple. Most websites run your password through a cryptographic hash function like the one mentioned above and then store it in a database. Here is an example of how a PHP script would hash your password before it is stores it in a database.
$Password = MD5($_POST[‘password’]);
In the above PHP line, the script takes the password you submitted via $_POST and runs it through the MD5() cryptographic hash function, which transforms the submitted password into its MD5 hash value. Then the hash is stored in the variable $Password, which is later stored in the database.
Now that you have your login details created, next time you go to login, the PHP script will take the password you submitted, run it through the hash function, and compare it to the hash stored in the database. If the two hashes match, it means that the password submitted is the same password stored in the user database, so the website will log you in. Here’s an example in pseudo-code.
If (md5($Submitted_Password) == $Stored_Password_Hash) Then
Login()
Else
Display_Wrong_Login_Details_Message()
What is a password salt?

No, it’s not the type of salt that stings your eyes when you open them in the ocean because you thought you saw some sort of sea creature next to your legs and then find out it’s just a shell until you get your head out of the water and that “shell” starts chomping on your big toe causing you to scream like a three year old girl and splash around like a dying fish on the shore. True story. Password salts are completely different, even if they have the same affect on password crackers.
A password salt is a string that is added on to a user’s password before it is encrypted. This string could be anything, the user’s username, the exact time the user signed up, or something completely random.
The point of a password salt is to make a password more secure by making it much harder to crack. It does this by making the password longer, and by making each password hash different from every other, even if the password is the same.
For example, if the password was “123456”, the final hash would be MD5(“random-salt”+”123456), so even if someone else used that same password, their salt would be different, which would result in a different password hash. This way, if the attacker cracks a password, he wouldn’t be able to find every other user with the same password because their hashes would be different.
We’ll get more into salts once you learn more about password cracking.

Monday, March 19, 2012

v2.0



It’s finally here! Well, most of it, I decided to release it a bit early, so some features will be slowing added. Here’s a list of what’s new and old but revived.

  • New quick read eBook to help those of you struggling with getting off your feet and learning how to hack. If you are already part of my email newsletter, you should have received it by now.
  • I’ve revived the newsletter, it will come out every week with the latest hacker news and other awesome goodies.
  • I’ve revived the podcast. The newest version will released in a week or two and after that, new episodes will come out every 2 weeks.
  • I’ve added a new video section. I plan to launch at least one video post a month.
  • I’ve added a new toolbox section, where I will post new tools and how to use them starting March 19th.
  • Everything I do will be influenced by what you guys want, so on the right side, click on the button that says “Tell us what YOU Need? and tell me!
  • I’ve created a new facebook group for MrCracker.com. LIKE IT! On the right sidebar.
  • I’ve created a Google+ Group as well. You can join it by clicking the link in the header.

Saturday, March 17, 2012

Password Cracking – Part 2



This is part two of the Password Cracking course within the  (previously known as the Hacker Institute).  


What is Password Cracking?


Password cracking is the act of recovering passwords through unconventional and usually unethical methods from data that has been stored or sent through a computer system.

Password cracking is a very popular computer attack because once a high level user password is cracked, you’ve got the power! There’s no longer a need to search for vulnerabilities and all that other mumbo jump needed to take over a system that we won’t be discussing in this course.

Also, everyone is susceptible to a password cracking attack. Unless you live in a remote, technology absent area, you have a password for something, and there’s usually something to gain from obtaining your password.

To show you how real and popular this form of attack is today, here are a few recent happenings.

  • Password cracking was used to take over a few high-profile twitter accounts, including President Barack Obama, Britney Spears, Kevin Rose, and Rick Sanchez.
  • Wal-Mart was a victim of a security breach where sensitive information was taken. Password cracking was one of the many methods used to gain entry.
  • 10,000 cracked Hotmail passwords were publicly posted, and every day crackers continue to post new lists on forums all over the internet.
  • phpBB.com was hacked and their 200,000+ username/password database was dumped and made publicly available to anyone willing to download it. Of those passwords, over 80,000 were reported to have had been cracked.

What is Password Cracking used for?


Password cracking can be used for both good and evil. If I forgot my password for a certain system or program, I might try cracking it before I completely give up on it. Now if it’s for any other reason, then it probably has an evil basis and is most likely illegal as well.

Notice how for my legitimate reasons I didn’t mention cracking services. Services are usually things like your ISP (Internet Service Provider), email, social networking and other related passwords. The reason why I didn’t mention these is because even if I legitimately forgot my password for a site like Facebook or Yahoo, it is still against their TOS to attempt to crack those passwords. Why? Because you will be attempting 100’s of password/second over the internet which could put a strain on their system and cause a DOS (Denial of Service) attack. Also, if not done properly, most systems would detect it as an attack and lock you out, sometimes even blocking your IP address completely so that you have absolutely no access to the website from your current ISP given IP address. Even though it is possible to change your IP address, you don’t want to keep doing that. No matter what your reasons are for attempting to crack a password from a service site, it will always be seen as a malicious attack because the websites provide methods for the owner to retrieve their forgotten password. With that said, cracking service site passwords is still very possible and in some cases very easy. It will be discussed later on in the course.

Password Cracking Methods



There are many different types of password cracking methods, and I will introduce you to each one of them within this course. Below is a list of the methods you will soon become a pro in:
 
  • Dictionary Attacks
  • Brute Force Attacks
  • Hybrid Attacks
  • Rainbow Tables

Monday, March 12, 2012

Cyber snoopers target NATO commander in Facebook attack


China blamed again
NATO’s most senior military official has come under a concerted cyber attack from hackers believed to be operating from the People’s Republic of China.
The Observer reported on Sunday that cyber fiends had targeted Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis by opening fake Facebook accounts in his name in an attempt to trick colleagues, friends and family into giving away his personal secrets on the social network.
Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.
As such, the attackers may have been looking for information they could use to guess Stavridis’ email or other log-in credentials which they could subsequently use to infiltrate NATO systems and steal sensitive military information.
NATO confirmed to the paper that Stavridis had been targeted several times in the same way over the past two years, with Facebook co-operating in taking down the offending fake SACEUR pages.
Although NATO itself said it wasn’t clear who was responsible for the cyber snooping attempt, the Observer spoke to “security sources” who had no hesitation in blaming China.
"The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this," one of them is quoted as saying. One possible reason why the hackers decided to use Facebook as its initial attack vector is that Stavridis is an avid social media user and, unusually considering his senior position, is pretty vocal on Facebook.
In October, for example, he announced the end of NATO operations in Libya via his Facebook page.
While the attack has some of the hallmarks of a state-sponsored espionage attempt, it does appear somewhat less sophisticated than some of the APT-style attacks which have come to light in recent years.
These include Operation Aurora, which targeted Google and scores of other western firms, as well as Operation Night Dragon, the series of attacks on global energy firms in 2011.
Despite its protestations of innocence, the People’s Republic has time and again been singled out by officials in the UK and US as one of the main actors in cyber space when it comes to state-sponsored snooping.
Just last week US defence contractor Northrop Grumman released a 136-page report which pointed to China arming its military with information warfare capabilities which could prove a “genuine risk” to US military operations.

Sunday, March 11, 2012

SXSW: 'Hot-spot honeypot' hacker's heaven



For a hacker, the thousands of smartphone junkies tweeting and checking in on Foursquare at South by Southwest are like a flock of lambs.

Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple Mark IV honeypot.
Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple Mark IV honeypot.
(Credit: Declan McCullagh/CNET)
AUSTIN, Texas--Some funny things were happening at the South by Southwest conference here today. My virtual private network connection kept getting disabled, and even stranger, on a friend's laptop a window popped up showing an animated cartoon cat flying through the air with a rainbow in its wake.
The image, known as Nyan Cat after a popular 2011 Internet meme, immediately alarmed me because it was used by the hacker group LulzSec on at least one occasion. I joked about being hacked, and my friend quickly turned off his laptop. (See CNET's related story about how to protect your Wi-Fi links, and a slideshow.)
A few minutes later we found the culprit around the corner standing in a Starbucks line: Darren Kitchen, founder of the Hak5 show, who had just given a talk about security at the conference. In his session he demonstrated for the audience how easy it can be to intercept unsecured Wi-Fi connections with a special router and custom software he wrote that he calls the WiFi Pineapple. His talk was appropriately titled "Securing Your Information in a Target Rich Environment." During the demo, audience members who were surfing the Web were surprised when the silly music that plays during the Nyan Cat video blared out of their laptops.

Thousands of SXSW attendees with lots of social-media moxie but little to no security savvy were easy prey for a hacker like Kitchen. The interface he was using on his Galaxy Note smartphone showed a long list of BlackBerrys, iPhones, Androids, and laptops that thought they were connecting to the hotel or Starbucks Wi-Fi (which uses the name "attwifi"), but were actually being tricked by Kitchen's WiFi Pineapple. "Nobody has any sense of security here," he said, scrolling through the list of devices connected to his Wi-Fi router. If he wanted to, Kitchen could do something malicious, like a man-in-the-middle attack, and steal passwords and other data from unwitting victims. But his mission is to educate people by demonstrating what the risks are and not attack them. So his device was programmed to replace every Web page on the Internet with a Nyan Cat.
"When the device is kicked off it tries to get back on the network, and since I'm in closer proximity than the Wi-Fi router, it picks up my signal instead," Kitchen said. "In the demo I had half the audience connected to my Wi-Fi router."
Basically, his WiFi Pineapple is what is known as a "Hot-spot Honeypot" that attracts the devices looking to connect to Wi-Fi. The devices send out probe requests when the user turns the Wi-Fi on or turns on the device, and then Wi-Fi is automatically enabled. The messages are asking for a connection from a list of Wi-Fi networks that the device has remembered. Kitchen's router pretends to be the Wi-Fi network the user's device is seeking. This only works with an open Wi-Fi network, not one that's protected with the WPA encryption standard, which requires users to type in a password to connect. "It's an inherent flaw in the trust model of open Wi-Fi," he said.
Prototype software on his laptop was doing something similar with Wi-Fi connections, only the messages it was sending were de-authorization packets to interfere with the current Wi-Fi connection by saying the security equivalent of "this is not the Wi-Fi router you are looking for."
The problem is that the devices are set to automatically remember networks they've connected to in the past and it reconnects automatically when in range. "The security is in the way vendors implement it and all they care about is network name," Kitchen said. The solution would be requiring a challenge and response protocol for authentication and encryption, he said. But the mobile device makers haven't implemented that, probably because users would need to make a few more clicks to get on the network, he added.
Kitchen has a more ominous version of his WiFi Pineapple that resides in a simple aluminum box with a rechargeable lithium battery and magnets on the back so he can attach it to many surfaces in public spaces. He attached one on an ATM and an escalator. The box also could easily be designed to plug into a hidden wall outlet under a hotel hallway bench, for instance. "You could plug it into an outlet and remote-in over a 3G network and it can stay there forever," he said.
Kitchen sells his WiFi Pineapple for $90, mostly to governments and security professionals that are hired by corporations to do penetration testing of their own networks as part of security audits.

Amazon

Flipkart