background preloader

HYDRA - fast and flexible network login hacker

HYDRA - fast and flexible network login hacker
[0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! Development moved to a public github repository: * Support for upcoming OpenSSL 1.1 added. needs testing. * Fixed hydra redo bug (issue #113) * Updated xhydra for new hydra features and options * Some more command line error checking * Ensured unneeded sockets are closed You can also take a look at the full CHANGES file [0x01] Introduction Welcome to the mini website of the THC Hydra project. Number one of the biggest security holes are passwords, as every password security study shows. (1) Target selection Related:  Passwords

aircrack-ng Description Aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program. Aircrack-ng can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. The first method is via the PTW approach (Pyshkin, Tews, Weinmann). Additionally, the program offers a dictionary method for determining the WEP key. For cracking WPA/WPA2 pre-shared keys, only a dictionary method is used. Screenshot LEGEND 1 = Keybyte 2 = Depth of current key search 3 = Byte the IVs leaked 4 = Votes indicating this is correct How does it work? The first method is the PTW method (Pychkine, Tews, Weinmann). The second method is the FMS/Korek method which incorporates multiple techniques. In this method, multiple techniques are combined to crack the WEP key: FMS ( Fluhrer, Mantin, Shamir) attacks - statistical techniques Korek attacks - statistical techniques Brute force The best explanation is an example. or

Strong Random Password Generator Access any album on any Facebook profile Hi everyone, I was creating a presentation last week covering the security risks and weaknesses of social networking websites and I found a few interesting things. The most interesting flaw I found was the poor control around access to users photo albums on Facebook, not the worlds biggest hack by a long way but still interesting. I contacted Facebook last Thursday and I never received a response so I felt it was time to post the full details on my blog. I’m going to explain below the theory behind the hack and some pictures showing it in action. aid= id= l= The aid= parameter is the album id, id= is the userid and the l= value is a random value which serves as a very poor security control. The id= is the id we want, we can use this to begin building the URL to access that users album – remember we don’t need to to add them as a friend to do this. The full URL which gives us access to the album can be seen below: Dave

RANDOM.ORG - Password Generator <p style="background-color:#ffff90;padding: 0em .5em 0em .5em;font-size:.9em"><strong>Warning:</strong> Your browser does not support JavaScript &#8211; RANDOM.ORG may not work as expected</p> Do you own an iOS or Android device? Check out our app! This form allows you to generate random passwords. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. The passwords generated by this form are transmitted to your browser securely (via SSL) and are not stored on the RANDOM.ORG server. Need more options?

Hacker Test: A site to test and learn about web hacking John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. To verify authenticity and integrity of your John the Ripper downloads, please use our PGP public key. You may browse the documentation for John the Ripper online, including a summary of changes between versions.

Whitepixel breaks 28.6 billion password/sec - Zorinaq I am glad to announce, firstly, the release of whitepixel, an open source GPU-accelerated password hash auditing software for AMD/ATI graphics cards that qualifies as the world's fastest single-hash MD5 brute forcer; and secondly, that a Linux computer built with four dual-GPU AMD Radeon HD 5970 graphics cards for the purpose of running whitepixel is the first demonstration of eight AMD GPUs concurrently running this type of cryptographic workload on a single system. This software and hardware combination achieves a rate of 28.6 billion MD5 password hashes tested per second, consumes 1230 Watt at full load, and costs 2700 USD as of December 2010. The capital and operating costs of such a system are only a small fraction of running the same workload on Amazon EC2 GPU instances, as I will detail in this post. [Update 2010-12-14: whitepixel v2 achieves a higher rate of 33.1 billion password/sec on 4xHD 5970.] Software: whitepixel Overview of whitepixel That said, speed is not everything. - Home Free WiFi in Airports and Public Hotspots By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA Recently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. Well I got to their splash screen, and it would allow me to surf on that page and the local ISP's home page (the local ISP was their sponsor). Cain & Able Sniffers menu. SoftPerfect Network Scanner Once I received the results of the scanned subnet, I could see all of the other computers along side of me. EtherChange by www.NTSecurity.NU Low and behold this was the key to getting past the content filter firewall, and I am able to surf the internet without the firewall's blocks. Category: Wilson

How I Cracked your Windows Password (Part 1) AdvertisementGFI LanGuard your virtual security consultant. Scan your LAN for any vulnerability and automate patch management for Windows, Mac OS & Linux. Get your FREE trial now! How Windows creates and stores password hashes and how those hashes are cracked. If you would like to read the next part in this article series please go to How I Cracked your Windows Password (Part 2). Introduction Passwords tend to be our main and sometimes only line of defense against intruders. The purpose of this article is to educate you on how Windows creates and stores password hashes, and how those hashes are cracked. How Windows Stores Passwords Windows-based computers utilize two methods for the hashing of user passwords, both having drastically different security implications. LM Password Hashes The LM hash of a password is computed using a six-step process: In practice, the password “PassWord123” would be converted as follows: Figure 1: A password transformed into an LM hash NTLM Password Hashes Conclusion

250+ working proxies for safe web access from work or school Ask the eConsultant : Technical Tips Proxy List : 250+ working proxies for safe access from work/school Just click on any proxy and enter URL on the resulting page. Report a new proxy / a non-working proxy : eConsultant » Blog Archive » Proxy List : 250+ working proxies for safe access Most Popular Pages : eConsultant | Blog | Articles | Book Reviews | Life Hacks | Lists | Personal MBA | Proverbs Archive | Quotations Archive | Selected Quotes | Technical Tips | Top Links | Web 2.0 { Contact | Resume } How I Cracked your Windows Password (Part 2) If you would like to read the first part in this article series please go to How I Cracked your Windows Password (Part 1). Introduction In the first part of this series we examined password hashes and the mechanisms Windows utilizes to create and store those values. We also touched upon the weaknesses of each method and possible avenues that can be used to crack those passwords. In the second and final article in this series I will actually walk you through the process of cracking passwords with different free tools and provide some tips for defending against having your password cracked. It is always crucial to note that the techniques shown here are strictly for educational purposes and should not be used against systems for which you do not have authorization for. Obtaining Password Hashes In order to crack passwords you must first obtain the hashes stored within the operating system. Physical Access If you are not quite comfortable doing this, you can use P. Console Access Network Access

How To Hack – Beginners Guide to Hacking Computers “ The Only True Guide to Learning How to Hack ” originally by R4di4tion (his email, but it’s no longer in use), with a few updates by myself. You stay up all night on the PC typing and typing. You’re a luser and you’re annoying. You’re probably thinking, “Then what should I do. Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! Editor’s Note: OK, some of these books are out of date now, so I’ve striked the ones that are no longer relevent. After you’ve read them all, re-read them! Editor’s Note: Yeah, I really wouldn’t bother with the RFC’s, they can come later if you get really seriously into it. That’s it for now. Editor’s Note: you can install cygwin to start with, it’s a small linux environment that you can run inside windows to get the feel of a shell interface. The next thing to do is learn programming. Now, you should know a great deal about hacking. ESR’s hacker howto

Understanding /etc/shadow file byVivek GiteonFebruary 23, 2006 last updated November 20, 2015 inBASH Shell, CentOS, Debian / Ubuntu, FreeBSD, HP-UX Unix, Linux, RedHat and Friends, Solaris-Unix, Suse, Ubuntu Linux, UNIX, User Management Can you explain /etc/shadow file format used under Linux or UNIX-like system? /etc/shadow file fields (Fig.01: /etc/shadow file fields) Username : It is your login name.Password : It is your encrypted password. The last 6 fields provides password aging and account lockout features. How do I change the password? Use the following syntax to change your own password: $ passwd How do I change the password for other users? You must be root to change the password for all other users: # passwd userNameHere OR $ sudo passwd userNameHere How do I setup password again? To change user password expiry information use the chage command on Linux. chage username chage [options] username chage vivek chage -l tom The options are as follows: How do I verify integrity of password files? Share this tutorial on: