Avoid Detection with nmap Port Scan Decoys

Posted on June 2nd, 2008 in Cracking, Networking by admin

nmap has -D option. It is called decoy scan. With -D option it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 5-10 port scans from unique IP addresses, but they won’t know which IP was scanning them and which were innocent decoys. While this can be defeated through router path tracing, response-dropping, and other active mechanisms, it is generally an effective technique for hiding your IP address.

Installing & Using John the Ripper: The Linux Password cracker

Posted on May 19th, 2008 in Cracking, Security by admin

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.

Three Approaches to Cracking the Windows Password

Posted on May 13th, 2008 in Cracking, Windows by admin

Method #1: Requires access to the box by some account other than the one you need.

Get the Flash Player to see this player.

Method #2: Download the ophcrack live cd burn the iso to cd, boot your computer off the cd, and ophcrack should spend 5-15 minutes to crack the password.

Method #3: Cain and Abel Password Cracker (can be used over a network)

Application

User Guide

What? You think it’d be harder? From a company that never treats security seriously anyways?

Howto: crack a wireless network with Wired Equivalent Privacy (WEP)

Posted on May 12th, 2008 in Cracking by admin

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia

Crack Password Protected zip, rar, 7z, and pdf files in Linux

Posted on May 12th, 2008 in Cracking by admin


Crack Password Protected Zip Files with fcrackzip

Why, the hell, another zip cracker? fcrackzip isnt just any other file cracker, it is quiet old (born in 1998) and I believe the last version was from 2004. However it is simple mentioned for being the first open-sourced zip-cracker out there.

fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.

FCrackZip is The Ultimate password cracker for zip archives fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results.

It can also crack cpmask’ed images.

Howto: arpspoof, webmitm, and ssldump to sniff passwords via https

Posted on May 11th, 2008 in Cracking by admin

Let me show you how easy it is to sniff someone elses password/cookies via ssl/https on the lan/wlan with ubuntu linux.

We will be using Arp Spoofing/Poisoning for this attack

You can learn more about arp spoofing and poisoning here