Password Hacking FAQ

1. What are some password basics?

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not “decrypt” the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here — NT, Netware, and Unix — all use an algorithm that has been made publically available and has been scrutinized to some degree.

To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.

2. Why protect the hashes?



If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this — dictionary and brute force.

Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.

3. What is a dictionary password cracker?



A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

4. What is a brute force password cracker?



A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

5. Which method is best for cracking?



It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let’s go through several scenarios.

If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program’s manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

6. What is a salt?



To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.

Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can’t be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.

7. What are the dangers of cracking passwords?



The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else’s systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is — cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).

Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you’ll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.

8. Is there any way I can open a password-protected Microsoft Office document?



Certainly! There are plenty of commercial programs that will do this, but we give props to Elcomsoft for fighting the DMCA. 30-day trial versions are available here

Read More

A Self Destructing Program in C

This program will destroy itself upon execution.The program will cause the .exe file to be deleted upon execution.That is this program is capable of destroying itself upon execution.Heres the code


#include
#include
#include
void main()
{
printf(”This program will destroy itself if u press any key!!!\n”);
getch();
remove(_argv[0]);/*array of pointers to command line arguments*/
}

HOW TO COMPILE ?
Load the source code to the compiler and compile(press Alt-F9) and then press F9.This will generate the .exe file in the current directory(Bin directory).Execute this .exe file it will destroy itself upon execution.

Read More

Phishing Tools Available Online

Tools that can help people potentially defraud innocent surfers are available for free download on the internet, it has been claimed.

The do-it-yourself kits provide all the essential tools for launching phishing attacks - those that use spoofed emails and fraudulent websites to trick people into giving out personal financial data.

Phishing scams are on the up. Security company MessageLabs has intercepted an average of 250,000 phishing emails a month so far in 2004, compared to just 14 phishing-related emails back in August 2003.

According to anti-virus company Sophos, the DIY kits contain all the graphics, web code and text required to construct fake websites that look like legitimate online banking or shopping sites. They also include spamming software which would let you send out millions of phishing emails as bait for potential victims.

“Until now, phishing attacks have been largely the work of organised criminal gangs, however, the emergence of these ‘build your own phish’ kits mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details,” said a spokesman for Sophos.

“There is plenty of profit to be made from phishing. By putting the necessary tools in the hands of amateurs, it’s likely that the number of attacks will continue to rise.”

Surfers that receive a suspicious email that claims to come from an online bank or e-commerce site should delete them and not click on any included links.

Read More

What to do when your Orkut Account is Hacked ?

It can be a nightmare if someone else takes control of your Google Account because all your Google services like Gmail, Orkut, Google Calendar, Blogger, AdSense, Google Docs and even Google Checkout are tied to the same account.

Here are some options suggested by Google Support when your forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password:

Type the email address associated with your Google Account or Gmail user name at google.com/accounts/ForgotPasswd - you will receive an email at your secondary email address with a link to reset your Google Account Password. This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail:

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.

3. For Hijacked Google Accounts Not Linked to Gmail:

If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message.It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.

Read More

How to Create a CON folder in Windows?

Can you create a folder named “con”, “prn”, “nul” “com1″ “com2″ “lpt1″ etc. in windows ?

The answer is NO and YES!

NO because create a new folder and try to rename it to any one of the above specified names, you know what happens! In Windows XP the folder name automatically changes back to “New Folder” no matter you try any number of times.Where as in Windows Vista when you try to rename the file you get an error message “The specified device name is invalid”.

What is the reason for this? Simple, these names represent the internal devices and hence we cannot create folders with the above names.

YES because it is still possible to create these folders using the command prompt.Heres the instructions to create it.

1. Go to command prompt

2. Type in prompt (FOR EG. TO CREATE CON FOLDER IN E: DRIVE)

C:\>md \\.\e:\con

NOTE:”con” can be replaced by any other names such as “prn”, “nul” “com1″ “com2″ “lpt1″ etc.

3. To delete the folder use the following command

C:\>rd \\.\e:\con

NOTE:The folder can only be deleted from the command prompt.You cannot remove it by right-click delete

Read More

Send Fake Email - Fake Email Pranks

THIS TUTORIAL WILL TELL YOU HOW TO SEND FAKE EMAIL TO ANY EMAIL BOX SUCH AS YAHOO, GMAIL, HOTMAIL AND SO ON… THE ART OF SENDING FAKE EMAIL IS CALLED EMAIL FORGING OR EMAIL SPOOFING.FOR EXAMPLE YOU CAN SEND FAKE EMAIL TO YOUR FRIEND AS BILL GATES <billg@microsoft.com>.IT’S 100% WORKING.

 

Most of the email forging tutorials on internet will teach us how to send fake email connecting to SMTP server of the ISP or any other domain.But this is not possible since these hacks will no longer work today because SMTP of remote server will reject any attempts for unauthorised access.Also many of the websites offer you to send fake email from their sites where none of them work.So we have to run our own SMTP server on our computer to successfully send a fake email.SMTP server is a simple software program which can be installed on your computer in few seconds.SMTP server allows you to send fake email right from your desktop easily and effectively.Download QK SMTP server HERE.This is the SMTP server i am using in my tutorial.Once you download and install the server on your comp then you are all set to send fake email successfully.This works 100%,so trust me & continue.

PART A: CONFIGURING SMTP SERVER

Once you have installed the QK SMTP server on your comp you must perform the following configuration.

1. Click on “Settings” button on the main screen,the Settings window pops up

2. On Settings window click on “Basic Parameter” tab

3. Set binding IP to “127.0.0.1″

4. Set port to “25″

PART B: SENDING FAKE EMAIL (EMAIL FORGING)

1. Click on SMTP server icon on your desktop to start your SMTP server to run(The icon is shown on the notification area of the taskbar if it is running).If it is already running then this step can be ignored

2. Goto command prompt(Start-Accessories-Command prompt)

3. Type exactly as follows

C:\>telnet 127.0.0.1 25

Here 127.0.0.1 is the default IP of every computer.25 is the port number.SO you are connecting to the SMTP server running on your own computer.This step is very importand to send fake email.

NOTE: The IP 127.0.0.1 should not be substituted by any other IP.

Heres the snapshot of what you see after step 3.Click on it to enlarge

 

4. After typing the telnet command in the command prompt you get entry to the server which displays the following message.The response of a OK SMTP server is given below.Message within Green color is only explanation.



220 Welcome to QK SMTP Server 3

helo hacker (Type helo & any name followed by space)

250 Hello hacker (Server Welcomes You)

mail from:billg@microsoft.com (email ID can be anything of your choice.This is the ID from which fake email appears to have come from)

250 billg@microsoft.com Address Okay (Server gives a positive response)

rcpt to:admin@gmail.com (Type any valid recipient email address)

250 admin@gmail.com Address Okay (Server gives a positive response)

data (type this command to start input data)

354 Please start mail input

From:Gates <billg@microsoft.com>

To:admin@gmail.com

Date:Sat Jan 5,2008 9:45 PM

Subject:Test to send fake email

You can create as many headers followed by the “:” symbol.

NOTE:HEADERS SHOULD NOT CONTAIN A LINE GAP.IF SO IT IS CONSIDERED AS BODY OF THE EMAIL. Press enter twice so that there is a line gap between the header & body data

<HERE IS YOUR DATA>End the body of email by pressing [ENTER] .(dot) [ENTER]

250 Mail queued for delivery (Sever indicates that the email is ready for sending)

quit (Type this command to quit from server)

221 Closing connection. Good bye.

Connection to host lost

(You will get the above 2 lines of message after typing “quit” command)

(Your fake email is sent to the recipient)

*****END OF EMAIL FORGING*****

Here’s the screenshot for your convenience

 

 

NOTE: The fake email that you have sent may also reach the spam/bulk box.So if you are trying a fake email test on your own inbox then please do check the spam/bulk box also.

Read More

How to Block a Website ?

Some times it becomes necessary to block a website on our Computers for one or other reason.You can easily and effectivily block access to a website by adding it to your Windows HOSTS file.Once the website is blocked in the HOSTS file,it will not appear in any of the browsers.That is,the website becomes completely unavailable.

 

 

1.Go to your HOSTS file which is located at:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC for Vista and XP

C:\WINNT\SYSTEM32\DRIVERS\ETC for Win 2000

C:\WINDOWS for Windows 98 and ME

2. Open HOSTS with Notepad.

The default Windows HOSTS looks like this:

______________________

# Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a “#” symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

#

127.0.0.1 localhost

_____________________________

3. Directly under the line that says 127.0.0.1 Localhost, you will want to type:

127.0.0.1 name of the URL you want to block

For example to block the website MySpace.com, simply type:

127.0.0.1 myspace.com

127.0.0.1 www.myspace.com

Other parts of MySpace could be blocked in a similar way:

127.0.0.1 search.myspace.com

127.0.0.1 profile.myspace.com

etc etc etc…

It is necessary to add a website with and without the “www.”. You can add any number of websites to this list.

4. Close Notepad and answer “Yes” when prompted.

5. After blocking the website, test it in any of the browser.If every thing is done as said above,the website must not appear in any of the web browsers. You should see a Cannot find server or DNS Error saying: “The page cannot be displayed”.I have also created a virus to block a website which automatically blocks a list of websites as specified in the source program.

Some people suggest that your add a website to the Internet Explorer ‘Privacy’ settings. This does not block a site. It only stops that site from using cookies.

Read More