Friday, 25 September 2015

Internet Guide

Internet

The Internet is a computer network made up of thousands of networks worldwide. No one knows exactly how many computers are connected to the Internet. It is certain, however, that these number in the millions.

No one is in charge of the Internet. There are organizations which develop technical aspects of this network and set standards for creating applications on it, but no governing body is in control. The Internet backbone, through which Internet traffic flows, is owned by private companies.

All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.

An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news, and much more.

The Internet consists primarily of a variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol.


--------------------------------------------------------------------------------

COMPONENTS OF THE INTERNET

--------------------------------------------------------------------------------

WORLD WIDE WEB

The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface. Almost every protocol type available on the Internet is accessible on the Web. This includes e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP. These protocols will be explained later in this document.

The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together these protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the Web is the fastest-growing component of the Internet.

The operation of the Web relies primarily on hypertext as its means of information retrieval. HyperText is a document containing words that connect to other documents. These words are called links and are selectable by the user. A single hypertext document can contain links to many documents. In the context of the Web, words or graphics may serve as links to other documents, images, video, and sound. Links may or may not follow a logical path, as each connection is programmed by the creator of the source document. Overall, the Web contains a complex virtual web of connections among a vast number of documents, graphics, videos, and sounds.

Producing hypertext for the Web is accomplished by creating documents with a language called HyperText Markup Language, or HTML. With HTML, tags are placed within the text to accomplish document formatting, visual features such as font size, italics and bold, and the creation of hypertext links. Graphics and multimedia may also be incorporated into an HTML document. HTML is an evolving language, with new tags being added as each upgrade of the language is developed and released. The World Wide Web Consortium (W3C), led by Web founder Tim Berners-Lee, coordinates the efforts of standardizing HTML. The W3C now calls the language XHTML and considers it to be an application of the XML language standard.

The World Wide Web consists of files, called pages or home pages, containing links to documents and resources throughout the Internet.

The Web provides a vast array of experiences including multimedia presentations, real-time collaboration, interactive pages, radio and television broadcasts, and the automatic "push" of information to a client computer. Programming languages such as Java, JavaScript, Visual Basic, Cold Fusion and XML are extending the capabilities of the Web. A growing amount of information on the Web is served dynamically from content stored in databases. The Web is therefore not a fixed entity, but one that is in a constant state of development and flux.

E-MAIL

Electronic mail, or e-mail, allows computer users locally and worldwide to exchange messages. Each user of e-mail has a mailbox address to which messages are sent. Messages sent through e-mail can arrive within a matter of seconds.

A powerful aspect of e-mail is the option to send electronic files to a person's e-mail address. Non-ASCII files, known as binary files, may be attached to e-mail messages. These files are referred to as MIME attachments.MIME stands for Multimedia Internet Mail Extension, and was developed to help e-mail software handle a variety of file types. For example, a document created in Microsoft Word can be attached to an e-mail message and retrieved by the recipient with the appropriate e-mail program. Many e-mail programs, including Eudora, Netscape Messenger, and Microsoft Outlook, offer the ability to read files written in HTML, which is itself a MIME type.

TELNET

Telnet is a program that allows you to log into computers on the Internet and use online databases, library catalogs, chat services, and more. There are no graphics in Telnet sessions, just text. To Telnet to a computer, you must know its address. This can consist of words (locis.loc.gov) or numbers (140.147.254.3). Some services require you to connect to a specific port on the remote computer. In this case, type the port number after the Internet address. Example: telnet nri.reston.va.us 185.

Telnet is available on the World Wide Web. Probably the most common Web-based resources available through Telnet have been library catalogs, though most catalogs have since migrated to the Web. A link to a Telnet resource may look like any other link, but it will launch a Telnet session to make the connection. A Telnet program must be installed on your local computer and configured to your Web browser in order to work.

With the increasing popularity of the Web, Telnet has become less frequently used as a means of access to information on the Internet.

FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer files between computers. Anonymous FTP is an option that allows users to transfer files from thousands of host computers on the Internet to their personal computer account. FTP sites contain books, articles, software, games, images, sounds, multimedia, course work, data sets, and more.

If your computer is directly connected to the Internet via an Ethernet cable, you can use one of several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.

FTP transfers can be performed on the World Wide Web without the need for special software. In this case, the Web browser will suffice. Whenever you download software from a Web site to your local machine, you are using FTP. You can also retrieve FTP files via search engines such as FtpFind, located at /http://www.ftpfind.com/. This option is easiest because you do not need to know FTP program commands.

E-MAIL DISCUSSION GROUPS

One of the benefits of the Internet is the opportunity it offers to people worldwide to communicate via e-mail. The Internet is home to a large community of individuals who carry out active discussions organized around topic-oriented forums distributed by e-mail. These are administered by software programs. Probably the most common program is the listserv.

A great variety of topics are covered by listservs, many of them academic in nature. When you subscribe to a listserv, messages from other subscribers are automatically sent to your electronic mailbox. You subscribe to a listserv by sending an e-mail message to a computer program called a listserver. Listservers are located on computer networks throughout the world. This program handles subscription information and distributes messages to and from subscribers. You must have a e-mail account to participate in a listserv discussion group. Visit Tile.net at /http://tile.net/ to see an example of a site that offers a searchablecollection of e-mail discussion groups.

Majordomo and Listproc are two other programs that administer e-mail discussion groups. The commands for subscribing to and managing your list memberships are similar to those of listserv.

USENET NEWS

Usenet News is a global electronic bulletin board system in which millions of computer users exchange information on a vast range of topics. The major difference between Usenet News and e-mail discussion groups is the fact that Usenet messages are stored on central computers, and users must connect to these computers to read or download the messages posted to these groups. This is distinct from e-mail distribution, in which messages arrive in the electronic mailboxes of each list member.

Usenet itself is a set of machines that exchanges messages, or articles, from Usenet discussion forums, called newsgroups. Usenet administrators control their own sites, and decide which (if any) newsgroups to sponsor and which remote newsgroups to allow into the system.

There are thousands of Usenet newsgroups in existence. While many are academic in nature, numerous newsgroups are organized around recreational topics. Much serious computer-related work takes place in Usenet discussions. A small number of e-mail discussion groups also exist as Usenet newsgroups.

The Usenet newsfeed can be read by a variety of newsreader software programs. For example, the Netscape suite comes with a newsreader program called Messenger. Newsreaders are also available as standalone products.

FAQ, RFC, FYI

FAQ stands for Frequently Asked Questions. These are periodic postings to Usenet newsgroups that contain a wealth of information related to the topic of the newsgroup. Many FAQs are quite extensive. FAQs are available by subscribing to individual Usenet newsgroups. A Web-based collection of FAQ resources has been collected by The Internet FAQ Consortium and is available at /http://www.faqs.org/.

RFC stands for Request for Comments. These are documents created by and distributed to the Internet community to help define the nuts and bolts of the Internet. They contain both technical specifications and general information.

FYI stands for For Your Information. These notes are a subset of RFCs and contain information of interest to new Internet users.


CHAT & INSTANT MESSENGING

Chat programs allow users on the Internet to communicate with each other by typing in real time. They are sometimes included as a feature of a Web site, where users can log into the "chat room" to exchange comments and information about the topics addressed on the site. Chat may take other, more wide-ranging forms. For example, America Online is well known for sponsoring a number of topical chat rooms.

Internet Relay Chat (IRC) is a service through which participants can communicate to each other on hundreds of channels. These channels are usually based on specific topics. While many topics are frivolous, substantive conversations are also taking place. To access IRC, you must use an IRC software program.

A variation of chat is the phenomenon of instant messenging. With instant messenging, a user on the Web can contact another user currently logged in and type a conversation. Most famous is America Online's Instant Messenger. ICQ, MSN and Yahoo are other commonly-used chat programs.

Other types of real-time communication are addressed in the tutorial Understanding the World Wide Web.

MUD/MUSH/MOO/MUCK/DUM/MUSE

MUD stands for Multi User Dimension. MUDs, and their variations listed above, are multi-user virtual reality games based on simulated worlds. Traditionally text based, graphical MUDs now exist. There are MUDs of all kinds on the Internet, and many can be joined free of charge.
Posted by at No comments:
Labels: , , ,

Monday, 7 September 2015

How To Identify Fake Facebook Accounts....






How can you detect the Fake FB Profile. On these days we are getting so many friend request specially by girls, but there is no way to identify that account is fake or original. So don't worry we are going to tell you simple method to detect fake Facebook account.




So this is a Facebook account which named by Sarikha Agarwal. Now we need to verify this account real or fake, so our first step is going to the images.google.com and click on camera image.




                                                                                                 So when you click on search by image you will get popup like below image.




                                                                                                        Now go to that profile, right click on image and click on copy image URL




Now profile pic URL has copied.. now again go to images.google.com Tab and paste image URL 

When you enter then you get related images search...


Now you can better see that this profile is real or fake..So here is a proof that this profile is fake. Enjoy the trick..

Be aware when you will going to add an beautiful or smart unknown person as your friend. So be checked first.. there are lot of fake profiles are create everyday.
This person might be spy on your profile and steal personal information like your photos, etc for their hacking stuffs.. So Be Safe Online..
Posted by at No comments:
Labels: , , ,

Install window XP In 10Min......



As We all know that During Formatting a Computer After the File Copying is Completed then windows Require 39 Minutes Time...But What Extreme In It.... Yes We can Bypass this faking Time .... How TO DO IT??? So read On..
I have Included Snaps Shots That will help you.

>> INSTALLING WIN XP IN 10 MINUTES! <<


STEP1 : After the Copy Part is Over ... System is Rebooted as we all know In general Foramatting Procedure...
Now After Reboot The Below Image Will Appear....





STEP 2:  
Now As This Image APPEARS You Have to Press  "Shift + F10 "  . This Will Open The command Prompt...  Now type  taskmgr  in it. This will open the Task manager .

STEP 3 : 
After The task Manager Opens Goto Processes ... And Find "Setup.exe"  process and Right CLICK on It.... and set the Priority to Highest....

STEP 4: 
 Now Just Watch the Set It will take around 9 minutes and 2 minutes for Tolerance(depends System to system)....

Thats the Overall Tutorial...Hope You all Have LIKED IT...
So When you Format your PC Next Time It will Really Save Your TIME i.e around 20 to 25 minutes....Enjoy Hacking.~
Posted by at No comments:
Labels: , , ,

Thursday, 3 September 2015

Hacking Tools.....

WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ]

 is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. 
C4 - WAST gives users the freedom to select individual exploits and use them.
BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits
WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.
Download

***********************************************************************************************************

 ARPwner 

is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and
a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.
Download  

***********************************************************************************************************  



Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily.

 Download

***********************************************************************************************************

 Sqlninja 0.2.6



Features:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
 -Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
- Creation of a custom xp_cmdshell if the original one has been removed
-  Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
-  TCP/UDP portscan from the target SQL Server to the attacking machine, in order
   to find a port that is allowed by the firewall of the target network
    and use it for a reverse shell.
-  Direct and reverse bindshell, both TCP and UDP
-  ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
  shell but the DB can ping your box. - DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
 a direct/reverse shell, but the DB server can resolve external hostnames
 (check the documentation for details about how this works). Evasion techniques to confuse a few IDS/IPS/WAF.
-  Integration with Metasploit3, to obtain a graphical access to the remote DB
    server through a VNC server injection.
Download
 
*********************************************************************************************************** 

HexorBase - The DataBase Hacker Tool

To Audit Management and Multiple Databases


HexorBase is a database application designed for management and audit multiple database servers simultaneously from a single location, is able to perform SQL queries and brute force attacks against servers common database ( MySQL, SQLite, Microsoft
SQL Server, Oracle, PostgreSQL ).
This tool is simple to use and very practical, may have to know a little SQL, but the basics.

 

HexorBase runs on Linux and presumably Windows, and requires:

python-qt4 python python-MySQLdb cx_Oracle python-psycopg2 python-python-qscintilla2 pymssql 
To install it you must download and from the console:
root @ host: ~ # dpkg-i hexorbase_1.0_all.deb


Project website and download HexorBase:

http://code.google.com/p/hexorbase/



Net Tools 5.0 (Net Tools 5.x)


This tools is a hacker friendly. Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET.
There has a 175 tools list in one software.. Tools Content

Download


Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Download

Havij v1.15 Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Download

Ani-Shell


Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Customisation
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting
this feature on make sure you change the default email address (lionaneesh@gmail.com)
 to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better
security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.

Default Login
Username : lionaneesh
Password : lionaneesh

Features
    Shell
    Platform Independent
    Mass - Mailer
    Small Web-Server Fuzzer
    DDoser
    Design
    Secure Login
    Deletion of Files
    Bind Shell
    Back Connect
    Fixed Some Coding errors!
    Rename Files
    Encoded Title
    Traceback (Email Alerts)
    PHP Evaluate
    Better Command Execution (even supports older version of PHP)
    Mass Code Injector (Appender and Overwriter)
    Lock Mode Customization

Latest Version Addition
    Mail Bomber (With Less Spam detection feature)
    PHP Decoder
    Better Uploader
    Fixed some Coding errors

Download

SQL MAP 0.9                                       


sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine.

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Its a good tools for find Sql Vulnerability.

New Features/Changes-->

Rewritten SQL injection detection engine (Bernardo and Miroslav).
Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
Implemented support for Firebird (Bernardo and Miroslav).
Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
Added support to fetch unicode data (Bernardo and Miroslav).
Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

PhotobucketDownload

DRIL – Domain Reverse IP Lookup Tool:


DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.

DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.
There are various other tools which carry out similar tasks..

PhotobucketDownload
























Posted by at No comments:
Labels: , , ,

Types OF Hackers....



1.    White hat hacker
2.    Gray hat hacker
3.    Black hat hacker


White Hat and Grey Hat Hacker & What is the Real Difference? 
What is worse, the public is not able to understand terms like grey hat, white hat, Linux OS, or cracker.
However, the truth is that the subculture of the hacker world is more complex than we think. Especially if we consider that, these are very intelligent people.

So, what is ethical hacking white hat and how does it differentiate from grey hackers? The only way to find out is to submerge ourselves in the world of hackers and understand, at least, the most basic concepts.
 
WHITE HAT HACKER
What Is A White Hat Hacker?
 
A hacker can be a wiz kid who spends too much time with computers and suddenly finds himself submerged in the world of  cyber-security or criminal conspirators. On the other hand, he can be a master criminal who wants to obtain huge amounts of money for him, or even worse, dominate the world.
In the movie Matrix, the concept of hackers changed a bit. Although the agents of the Matrix considered them terrorists, the truth is that they were rebels fighting for the liberty of humanity. Things do not need to reach that extreme, though. We are not at war with intelligent ma chines so that kind of scenario is a bit dramatic.

Therefore, a hacker is an individual who is capable of modifying computer hardware, or software. They made their appearance before the advent of computers, when determined individuals were fascinated with the possibility of modifying machines. For example, entering a determine code in a telephone in order to make free international calls.
 
 When computers appeared, this people found a new realm where they could exploit their skills. Now they were not limited to the constraints of the physical world, instead, they could travel through the virtual world of computers. Before the internet, they used Bulletin Board Systems (BBS) to communicate and exchange information. However, the real explosion occurred when the Internet appeared.

Today, anyone can become a hacker. Within that denomination, there are three types of hackers. The first one is the black hacker, also known as a cracker, someone who uses his computer knowledge in criminal activities in order to obtain personal benefits. A typical example is a person who exploits the weaknesses of the systems of a financial institution for making some money.

On the other side is the white hat hacker. Although white hat hacking can be considered similar to a black hacker, there is an important difference. A white hacker does it with no criminal intention in mind. Companies around the world, who want to test their systems, contract white hackers. They will test how secure are their systems, and point any faults that they may found. If you want to become a hacker with a white hat, Linux, a PC and an internet connection is all you need.
Grey Hat Hackers

A grey hat hacker is someone who is in between these two concepts. He may use his skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills in
order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment they cross that boundary, they become black hackers.
For example, they may hack the computer network of a public agency, let us say, NOAA. That is a federal crime. 

If the authorities capture them, they will feel the long arm of justice. However, if they only get inside, and post, let us say, their handle, and get out without causing any kind of damage, then they can be considered grey hackers.

If you want to know more about hackers, then you can attend one of their annual conventions. Every year, hackers from all over the US, and from different parts of the world, reunite and meet at DEF CON. These conventions are much concurred. In the last one, 6,600 people attended it.
GRAY HAT
Every year, DEF CON is celebrated at Las Vegas, Nevada. However, hackers are not the only ones who go to this event. There are also computer journalists, computer security professionals, lawyers, and employees of the federal government. The event is composed by tracks of different kind, all of them related, in some way, to the world of hackers (computer security, worms, viruses, new technologies, coding, etc). Besides the tracks, there are contests that involve hacking computers, l ock picking and even robot related events. Ethical hacking, white hat hacking or whatever names you wish to use, at the end, it has a purpose: to protect the systems of organizations, public or private, around the world. After all, hackers can now be located anywhere, and they can be counted by the millions. Soon, concepts like white hat, linux operating system or grey hat will become common knowledge. A real proof of how much has our society been influenced by technology.


Black Hat Hackers

Black hat hackers have become the iconic image of all hackers around the world. For the majority of computer users, the word hacker has become a synonym for social misfits and criminals.
Of course, that is an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hacker (or cracker) does. So, let's learn about black hat techniques and how they make our lives a little more difficult.
Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. The black hat hacker may also make the exploit known to other hackers and/or the public without notifying the victim. This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.
 
BLACK HAT
What Is Black Hat Hacking?
 
A black hat hacker, also known as a cracker or a dark side hacker (this last definition is a direct reference to the Star Wars movies and the dark side of the force), is someone who uses his skills with a criminal intent. Some examples are: cracking bank accounts in order to make transfernces to their own accounts, stealing information to be sold in the black market, or attacking the computer network of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick, who used his black hat hackers skills to enter the computers of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems (it must be mentioned that he is now a white hat hacker); Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest (the prize was a Porsche 944 S2); and Vladimir Levin, which is the handle of the mastermind behind the stealing of $10'000,000 to Citigrou.
Posted by at No comments:
Labels: , , ,

Tuesday, 1 September 2015

Hack Windows Admin......


Today, i am going to show you many aspects of the Windows Password Storage path, Method of Encryption, and breaking into Windows by cracking the admin password. We need this often for many reasons:
 
1) Sometime we have forgotten our old password and Hint isn't helping out.
2) We want to break into someone computer to get the information.
3) Just want to take revenge from someone.
4) Stealing computer data.

Lets, take a deep dive in Cracking Windows password and also where these are stored and in which format.

SAM file and Password Hashes~Place where these passwords are stored in Hashes:
 
Password Hashes - When you type your password into a Windows NT, 2000, or XP login Windows Seven, Vista etc Windows encrypts your password using a specific encryption scheme that turns your password into something that looks like this:
                    7524248b4d2c9a9eadd3b435c51404eddc5

This is a password Hash. This is what is actually being checked against when you type your password in. It encrypts what you typed and bounces it against what is stored in the Registry and/or SAM File. 
You can break this hash password from


SAM File - Holds the user names and password hashes for every account on the local machine, or domain if it is a domain controller.

Location of SAM/Hashes:
 
You can find what you're looking for in several locations on a given machine.
It can be found on the hard drive in the folder %systemroot%system32config (i-e C:\windows\system32\config). However this folder is locked to all accounts including Administrator while the machine is running. The only account that can access the SAM file during operation is the "System" account.

The second location of the SAM or corresponding hashes can be found in the registry. It can be found under HKEY_LOCAL_MACHINESAM. This is also locked to all users, including Administrator, while the machine is in use.(GO to Run and Type Regedit and Hit enter, Now scroll to HKEY_LOCAL_MACHINESAM, However you may not access to it.)

So the two (Some other also) locations of the SAMHashes are:
 
- %systemroot%system32config
- In the registry under HKEY_LOCAL_MACHINESAM

Cracking or Breaking Into Admin Account:
How to get Hashes form SAM file?
 
Well, Below are the methods to do so:
 
1) Well, the easiest way to do this is to boot your target machine to an alternate OS like NTFSDOS or Linux and just copy the SAM from the %systemroot%system32config  folder.
It's quick, it's easy, and it's effective. You can get a copy of NTFSDOS from Sysinternals(http://www.sysinternals.com) The regular version of NTFSDOS is freeware, which is always nice, but only allows for Read-Only access. This should be fine for what you want to do, however, if you're the kind of person that just has to have total control and has some money to burn. NTFSDOS Pro, which is also by Sysinternals has read/write access but it'll cost you $299.

2) You can also get password hashes by using pwdump2 (Google It to get software ~ Search at openwall.com). pwdump uses .DLL injection in order to use the system account to view and get the password hashes stored in the registry. It then obtains the hashes from the registry and stores them in a handy little text file that you can then  paste them into a password cracking utility like l0phtcrack or John the ripper (Linux Based works well) also cain and abel can be used. 

3) Import Hashes directly from l0phtcrack, and let them open to you by cracking.


Obtained Hashes? Now crack them:
 
Well, as i have said that these can't be reversed but somehow automated famous cracking softwares can be used to achieve the target. Yes, it is possible, All we have to do is to have a bit patience. The software will use a lot of strings and will compare these hashes also, Inshort it will decode them.
 
1) John the Ripper - John the Ripper is to many, the old standby password cracker. It is command line which makes it nice if you're doing some scripting, and best of all it's free and in open source. The only real thing that JtR is lacking is the ability to launch Brute Force attacks against your password file. But look at it this way, even though it is only a dictionary cracker, that will probably be all you need. I would say that in my experience I can find about 85-90% of the passwords in a given file by using just a dictionary attack.

2) L0phtCrack - Probably the most wildly popular password cracker out there. L0phtCrack is sold by the folks at @Stake. And with a pricetag of $249 for a single user license it sure seems like every one owns it. This is probably the nicest password cracker you will ever see. With the ability to import hashes directly from the registry pwdump and dictionary, hybrid, and brute-force capabilities. No password should last long. Well, I shouldn't say "no password". But almost all will fall to L0phtCrack given enough time.

Making Your Own Password in Windows:
 
Injecting Password Hashes into the SAM:
Easiest ways to gain Administrator privileges on a machine, is by injecting your own password hashes into the SAM file. In order to do this you will need physical access to the machine and a brain larger than a peanut. Using a utility called "chntpw" by Petter Nordhal-Hagen you can inject whatever password you wish into the SAM file of any NT, 2000, or XP machine thereby giving you total control, just burn the .iso on a disk and use it. I would give a tip like backing up the SAM file first by using an alternate OS.Make a USB disk of linux or Windows Live dsik can also work. Go in, inject the password of your choosing. Login using your new password. Do what you need to do. Then restore the original SAM so that no one will know that i was hacked.




You need to have admin access to perform this change from the command line. This is an especially handy trick if you want to change a password on an account but you’ve forgotten the original (going through the Control Panel can require confirmation of the old password).

Now we hack Admin Password To verify the user name, by simply typing net user, I get a list of all the user names on that windows machine. Now, go to the command prompt and enter:

                                                                 cd\
cd windows\system32
net user  
If there are people near you and you don’t want them to see the password you type, enter:
net user *
                                                             E.g. > net user username *
                                                      > Type a password for the user:
                                                      > Confirm the password:





Another Easy method, Using  ophcrack to Hack into Admin Account:
 
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.

This is a type of offline cracking, Just grab .iso of ophcrack from here. Burn it and enjoy using.
 
1.  Opchrack can crack passwords for Windows 7, Windows Vista, and Windows XP.
2. Ophcrack can recover 99.9% of passwords from Windows XP, usually in a matter of seconds. Any  14-character or smaller password that uses any combination of numbers, small letters, and capital letters should be crackable.
3.  Ophcrack can recover 99% of passwords from Windows 7 or Windows Vista. A dictionary attack is used in Windows 7 and Vista.
4.  The Ophcrack LiveCD option allows for completely automatic password recovery.
5.  LiveCD method requires no installation in Windows, making it a safe alternative to many other password recovery tools.
6.  No Windows passwords need to be known to use the Ophcrack LiveCD to crack your Windows passwords.


I think this ophcrack method is far better, Try this one just get a disk and write it, Or else USB disk can aslo be used.

Some security Tips ~ Making strong passwords:
 
Now, You might have come to know that how passwords can be cracked, So there are some tips for you.
1) Do not make common passwords like 123456 or the one of your own name.
2) Use @, *, # or other symbols in your passwords to ensure maximum security in this case John the ripper and Ophcrack and also other cracking tools may take long time, it will be frustrating for hacker.
3) Keep changing your password. So, that if long time is taken by one hash to decode, until it decodes you have generated another hash.
 
Posted by at No comments:
Labels: , , ,

Hack WhatsApp Account......




On Daily we have heard news about online services is suffering from a lack of security. In February WhatsApp has been down for nearly four hours,
as if this were not enough, people became aware of the security flaw that allows conversations that should be read by anyone provided it learn properly perform the procedures.

Steps to follow:
1 - First of all you need to have the device at hand, use the Social Engineering and be quick in getting the e-mail and backup files msgstore-2014-05-02.1.db.crypt5.
To get the email for this follow the procedures below.

Enter the Play Store and view the e-mail, or write down mentalize somewhere without the person noticing.


Now Go to the device settings from Settings -> Accounts & Sync, look for the email from Google and mentalize or write down somewhere without the person noticing.


2 - Now let's take the msgstore-2014-05-08.1.db.crypt7 file To do this, use Polaris Office or any other app that allows you to navigate between folders and manage files.

Follow this path: My files -> WhatsApp -> Databases - In this directory you will find all the backup files of your messenger.
When you do find the file sharing for your mobile phone via bluetooth.






3 - Have we got the e-mail and file backup http://whatcrypt.com/?cmd=_decrypt
we enter the site and send the backup file.

To Submit follows:
Account: Enter the email of the victim
Database: Select the database backup
Click Process / download zip
Save the zip file on your desktop


4 - Once you have downloaded the backup file in zip format we now need to download the tool to extract the backup and we have access to conversations. Save on the desktop.



5 - From the desktop to extract the file WhatsApp Decrypt.zip install python-3.4.0 folder and enter the WhatsApp.
Browse by: WhatsApp -> Whatsapp_Xtract_V2.1_2012-05-10-2


When you install python-3.4.0 do the following steps:
1 - Go to My Computer, click with the right mouse button and Properties -> Advanced System Settings
2 - In the System Properties navigate to the Advanced tab -> Environment Variables
3 - Environment Variables look for Path
4 - Edit the PATH
5 - At the end of PATH add ;C:\Python34
6 - Click ok and close
 

6 - Now extract the file from step 3 msgstore_decrypted on the desktop, copy and paste it on WhatsApp folder -> Whatsapp_Xtract_V2.1_2012-05-10-2 and replace the file



7 - Replace the WhatsApp folder -> Whatsapp_Xtract_V2.1_2012-05-10-2 from step 5 and
look for msgstore.dll file, drag it onto the whatsapp_xtract_drag'n'drop_database file (s) _here


After you drag it will create a file called msgstore.db.html the folder and ask you to press any key at the command prompt to continue ...
Pressing any key it will open in your default browser displaying the file msgstore.db.html all conversations, dates, numbers, etc...

 
Note: In step 2 print shows the crypt 7 but the crypt is correct 5!
Disclaimer: This tutorial is educational purpose only. HOC is not responsible for any kind of illegal activities. We believe in Security.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Ads Inside Post

Flickr User ID

Comments system

Disqus Shortname