background preloader

Oxid.it - Home

Oxid.it - Home

How I Cracked your Windows Password (Part 1) AdvertisementGFI LanGuard your virtual security consultant. Scan your LAN for any vulnerability and automate patch management for Windows, Mac OS & Linux. Get your FREE trial now! How Windows creates and stores password hashes and how those hashes are cracked. If you would like to read the next part in this article series please go to How I Cracked your Windows Password (Part 2). Introduction Passwords tend to be our main and sometimes only line of defense against intruders. The purpose of this article is to educate you on how Windows creates and stores password hashes, and how those hashes are cracked. How Windows Stores Passwords Windows-based computers utilize two methods for the hashing of user passwords, both having drastically different security implications. LM Password Hashes The LM hash of a password is computed using a six-step process: In practice, the password “PassWord123” would be converted as follows: Figure 1: A password transformed into an LM hash NTLM Password Hashes Conclusion

Windows BitLocker Drive Encryption Step-by-Step Guide What is BitLocker Drive Encryption? BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. BitLocker uses a Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. BitLocker is designed to offer a seamless user experience. The TPM interacts with BitLocker to help provide seamless protection at system startup. Who should use BitLocker Drive Encryption? This guide is intended for the following audiences: IT planners and analysts who are evaluating the product Security architects In this guide Requirements for BitLocker Drive Encryption These steps are for testing only. Before you start

Hacking IPv6 III – IPv6 Spoofing in 6in4 tunnels « iniqua In this post we will show a real risk that happens today in Intenet related with IPv6 tunnels. We have detected that some of the main 6in4 tunnel providers don’t control correctly the IPv6 source filtering in the client access they provide to their clients. This situation leverages a risk that make easy the execution of some attacks that require source IP spoofing. To help the reader understand the risks that involves IP spoofing in the Internet, below are shown a brief list of attacks that take advantage of this risk: SYN flooding desde direcciones IP falseadas.Connection hijacking averiguando el número de secuencia TCPBypass firewallIDLE scanSmurf attackDNS Cache Poisoning … This assessment is only focused on one type of tunnel, the 6in4 type. In our oppinion, these tunnels may happen to be a headache form a security point of view in some points of Internet. Iniqua people have done a brief assessment of the three main IPv6 tunnel provider. Conlusion: Conlusión:

Exploiting Cisco Routers: Part 2 Access Granted -- Now What? Welcome back! The first article in this two-part series covered a few different methods of getting into the target router. Analyzing the Router Config As imagined, router config files can give the penetration tester a TON of useful information. Now that we have the router config, we can analyze it for weaknesses, and hopefully glean other useful information from it. Cracking the Enable Password The first thing we'll do is attempt to "crack" the enable password. This tool could be described as the Swiss Army Knife of cracking tools. Figure 1: Cain and Able Take note of all the other types of passwords Cain and Abel can crack. As displayed in the above image, Cain and Abel was successful in figuring out the enable password. Before we modify anything with the router though, we'll take a quick look at the entire router config. This router is logging at log level 4 to the syslog server 10.0.1.103. Figure 2: Raise the router's log level Summary

How I Cracked your Windows Password (Part 2) If you would like to read the first part in this article series please go to How I Cracked your Windows Password (Part 1). Introduction In the first part of this series we examined password hashes and the mechanisms Windows utilizes to create and store those values. It is always crucial to note that the techniques shown here are strictly for educational purposes and should not be used against systems for which you do not have authorization for. Obtaining Password Hashes In order to crack passwords you must first obtain the hashes stored within the operating system. There are a few different options here depending on the level of access you have to the machine you are auditing. Physical Access If you have physical access, one of the most effective methods is to boot the computer into a different operating system. If you are not quite comfortable doing this, you can use P. Figure 1: Hex output of the SAM hash Console Access Figure 2: Confirmation the Fgdump Utility Ran Correctly Network Access

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. To verify authenticity and integrity of your John the Ripper downloads, please use our PGP public key. There's a wiki section with John the Ripper user community resources.

FBI acknowledges more SCADA attacks, increases cyber budget At a recent security conference Michael Welch, the deputy assistant director of the FBI's Cyber Division, gave a speech where he discussed the issue of SCADA security. Information Age magazine reported on his speech and quoted Welch as saying: "We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city," We don't know which cities Welch is referring to, but this does bring more light to a subject that has been mired in confusion of late. Many argued that the security of SCADA systems was being exaggerated after it became public that the water treatment attack in Springfield, IL was a false alarm . That of course ignores the attack by pr0f on the City of South Houston's systems and these other three referred to by Welch. Sound too good to be true? The majority of the funding increase will be used to expand their operation from 8 hours/5 days to 24 hours/7 days.

Top 10 Password Crackers SecTools.Org: Top 125 Network Security Tools For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form . This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner , Ncat network connector , and Nping packet manipulator ). We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. 12 tools Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. version 1.1 on April 24, 2010 (2 years, 5 months ago). crackers wireless UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. version 4.9.43 on Dec. 3, 2011 (10 months ago). sniffers fuzzers

Exploiting Cisco Routers: Part 1 Introduction This two-part article will focus on identifying and exploiting vulnerabilities and poor configurations in Cisco routers. We will then discuss the analysis of the router configuration file and will attempt to leverage this access into other systems. Additionally, we will cover the possibilities of what one may do once access to the device has been achieved. Don't Forget the Router... Pen testers may often go after the more glamorous or fun systems to hack, such as the vulnerable Solaris 8 system, or the Microsoft 2000 server vulnerable to the slew of recent RPC DCOM holes, leaving the core network infrastructure devices alone. As important as these network devices are to the overall security, reliability, and availability of the network, it is pertinent that the pen tester takes a good, hard look at them before blessing them as being secure. Identifying a Router The "User Access Verification" line is a trademark Cisco telnet banner. Identifying Vulnerabilities

Understanding /etc/shadow file byVivek GiteonFebruary 23, 2006 last updated November 20, 2015 inBASH Shell, CentOS, Debian / Ubuntu, FreeBSD, HP-UX Unix, Linux, RedHat and Friends, Solaris-Unix, Suse, Ubuntu Linux, UNIX, User Management Can you explain /etc/shadow file format used under Linux or UNIX-like system? The /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information. /etc/shadow file fields (Fig.01: /etc/shadow file fields) Username : It is your login name.Password : It is your encrypted password. The last 6 fields provides password aging and account lockout features. How do I change the password? Use the following syntax to change your own password: $ passwd How do I change the password for other users? You must be root to change the password for all other users: # passwd userNameHere OR $ sudo passwd userNameHere How do I setup password again? The options are as follows: Share this tutorial on:

Create a Shiny Earth with Photoshop 3D Layers In this tutorial I'll show you how to create a shiny planet icon using the 3D features of Photoshop CS4 Extended. This will cover basic information about 3D layers and texture maps. Let's get started! Video Tutorial Our video editor Gavin Steele has created this video tutorial to compliment this text + image tutorial. Step 1 Create a new document which is 1000 pixels wide and 500 pixels high at a resolution of 300 pixels/inch, with a name of "Home." Step 2 We'll be using some texture for our planet. Step 3 Now go to 3D > New Shape From Layer > Sphere. Step 4 The "Earth" layer is now a 3D layer and a cube icon is displayed in the Layers Palette. Step 5 Grab the 3D Rotation Tool, click on the canvas, hold and drag to rotate the sphere and adjust it as you wish. Step 6 The edges of the sphere look aliased at the moment. Step 7 Now click on the Global Ambient Color box and set the color to R:100, G:100, B:100 and hit OK. Step 8 We'll now add a bump map to our planet. Step 9 Step 10 Step 11 Step 12 Step 13

Patch Tuesday December 2011 Microsoft finishes out this year of patching with a heavy release that's all over place. While techs were notified of an anticipated 14 bulletins, 13 were released for the month of December. Headline grabbing events and code are addressed in one of them, and while fewer are labelled "Critical", are they any less important? Many speculative bits have been spilled on the group behind Stuxnet and its precursor Duqu, with our own researchers posting at least a half dozen Securelist writeups on Duqu findings alone. The targeted functionality provides TrueType font parsing capabilities for the OS, and the group abused these components by delivering exploits in the form of Word Documents attached to emails interesting to their individual victims, a technique known as spear-phishing. The other headline grabbing event and code that was anticipated to be released is known as the SSL BEAST vulnerability.

How to Install Aircrack on Mac in 3 Easy Steps Installing Aircrack-ng can be a little confusing if you don't understand the lingo. Let me guide you trough those steps and you'll have Aircrack running natively in no time and almost no effort. Why Use Aircrack? Aircrack-ng is about up to 5 to 10 times faster than KisMAC when it comes to cracking WPA or WEP password. KisMAC has an old Aircrack Engine and, honestly, it needs an update... Aircrack-ng 1.1 churns about 1500 "WPA" keys per Second, or about 360 Passphrase/second when KisMAC is left behind at 160/Sec on a dual core. Aircrack-ng can recover keys for WEP and WPA. Yes, it's 1,576,213 PMK/S. Back to Aircrack: On WEP, the difference is extremely noticeable, especially on low IV's captures. For Airport users, once decrypted, you have to enter the key without semicolons and space. If you are not familiar with the lingo, or wonder what does what, I would suggest reading the FAQ first. Installing Aircrack-ng on OS X You'll need: The Installation

Related: