Sunday, September 13, 2009

Get Victim's IP Address in 3 steps!

This is a really small method of finding someone's IP address.

1.Go to : http://www.reza24.com/ip/
2.Fill in the username and you email address.
3.Click Submit.

Now you will be given a link. Just give that link to the victim somehow. When the victim will click the link, you will receive his/her IP address in your email and he/she will be led to an error page like 404 error. Don't worry, they won't find out that you're trying to get their IP address.

Note:You will not receive any spam from this website. But it's still better to have a separate account for such adventures.

Thursday, September 10, 2009

Metasploit Basics - Hack Windows XP

Metasploit is a tool which uses certain bugs in Windows and other platforms to carve and develop exploits and lets you apply them using simple commands. Thus, Metasploit is a script kiddie's dream! :D. Well, maybe not.

In this tutorial, I'll teach you:
1>>The basics of metasploit,
2>>How to choose and apply an exploit on a target machine,
3>>Gain control of the victim's computer.

We'll be hacking Windows XP with no firewall installed or enabled.

Here's what we will be doing:

1)Install Metasploit Framework
2)Choose a target machine
3)Choose an exploit
4)Apply the exploit

Now here are the steps you are going to take:

1>>Download and install Metasploit framework by clicking HERE.

2>>Now after installing the framework run the Framework by going to    Start>>Programs>>Metasploit3>>Metasploit 3 GUI.

3>>Now go to Window on the top and click on Console. You can also just press 'Ctrl + O'.


4>>Now you have the console infront of you.



5>>Here's where it all starts and you start typing the commands. Now first of all we'll see which exploits are available for our use. For that click infront of msf> and type: show exploits

6>>You will get the list of exploits available infront of you. It'll be a long list so don't worry if it takes a second to load.

7>>Now you have to choose the exploit which you want to apply. Keep in mind that not every exploit you apply will work and that what might work for each victim may not work for another. For this tutorial I will use the windows/smb/ms08_067_netapi exploit.

8>>Find  windows/smb/ms08_067_netapi in the list of exploits you have infront of you and copy it. You can also copy it from here if you want to.

9>>Now type 'use windows/smb/ms08_067_netapi' in the console where you can replace this exploit by any other exploit you later use for hacking. It should look like this:


10>>Now type 'show payloads' in the console and press enter. You have a list of payloads to use infront of you.

11>>Payload is actually shellcode written in assembly or machine language. If you want to know what shellcode is click HERE.

12>>Now you have to choose a payload to attack the victim. For this tutorial I'm going to use 'windows/shell/bind_tcp' payload.

13>>So you have to type 'set payload windows/shell/bind_tcp' and press enter.



14>>Now you have selected the payload and you just have to set the victim's ip address.

15>>After this type 'set rhost [ip]' and press enter.

16>>Now you're ready to exploit! Just type 'exploit' and press enter! And here you have access to victims's system32 as the promt now shows C:\WINDOWS\System32. Like this:



Use different exploits and play around! See you in the next tutorial!

Note: You can also set the port to attack using different commands. Ask in the comments if you want me to explain anything else.

Sunday, September 6, 2009

Change Your IP Address & HIDE Your Identity! - TOR

Tired of waiting for Rapidshare downloads? Want to skip the 'Orkut/Facebook' ban? Want to be anonymous? Or just don't want anyone to have a clue about your whereabouts? Changing your IP can solve all these problems for you. Need I say more?

Okay, this tutorial is going to teach you how to change your IP address using simple third part software. There are many programs out there which change your external IP address but today I'm going to review the one I find most useful, i.e TOR.

TOR

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships.

Here's what you have to do:

1>>Go to http://www.torproject.org/easy-download.html.en

2>>Now there are two options that you have here. Either you can download the complete TOR bundle for Windows which saves you from manually configuring everything for each browser or IM client that you use OR download a simple installer which you will have to configure yourself after you install it.

3>>I recommend that if you have good bandwidth available, just download the bundle and make your life easy.

4>>Okay, so you haven't downloaded the bundle and want to stick to the simple installer.

5>>Start installing it and you'll be asked whether you want to install the TOR plugin for Firefox which you should if you use Firefox otherwise, don't.

6>>Once you're done with it just Run the 'Vidalia' client by going to Start Menu>>All Programs>>Vidalia Bundle>>Vidalia.



7>>Now you have to first configure Vidalia to make TOR run for your internet connection.



8>>If you're connecting to internet by using a proxy provided by an organization or an ISP, just click on settings. A dialogue box will appear. Now click on Network on the top and select the option 'I use a proxy to access the Internet'. No you can enter the proxy settings here. If you have a port restriction or a firewall installed you can also enter the allowed ports by clicking on the option right below this one.

9>> Now after you're done with this click on the Advanced Tab on the top and look at the port TOR is using to connect you to the Internet. Note down these settings as these are the ones you're going to enter everywhere to connect to the Internet via TOR.

10>>Once you've noted down the settings click OK and come back to the Vidalia Control Panel.

11>>Now open the browser you want to use and enter the proxy settings for it.

12>>For Firefox, go to Tools>>Options>>Advanced and click on the Network tab and then click on the settings button against 'Configure how Firfox connects to Internet'. Here select Manual Proxy Setting and enter the settings you noted down.


13>>For IE go to Tools>>Internet Options>>Connections>>LAN Settings and select 'Use a proxy server' option and then enter the settings.

 Now go back to the Vidalia Control Panel and click on the button 'Start TOR'. You're done once TOR is connected to the internet. Now to check your IP address and location go to www.dnsstuff.com and you'll see that your IP is being wrongly traced.

Each time you want a new IP address just go to the Vidalia control panel and click on 'Use a New Identity'. Make your life a lot easier by skipping rapidshare and other bandwidth and time based bans! :D

Have fun! With complete privacy! ;)

Note: TOR doesn't change your IP address, it actually hides it behind a proxy.

Friday, September 4, 2009

Cain and Abel - Using the sniffer to get passwords in 15 STEPS!

Okay, so now when you've learnt all the basics of Cain and Abel and the cracker, let's get to the real business. You are now ready to use the sniffer to get the passwords of the people who are on the same network as you. This is unbelievably simple and also warns us of the dangers we are prone to while we are on a network.

Make sure that you've configured Cain before moving on to read this article. If you still haven't configured it, look at the links at the bottom of this article.

So here is what you have to do:

1>>Open Cain and first of all click on the 'Start sniffer' button in the right top corner of your screen beside the radioactivity sign button. Don't worry you're just activating the sniffer.

2>>Now click on the sniffer tab. It should be blank if you're using it for the first time.

3>>Right click and select 'Scan for MAC addresses' and without touching anything click OK.

4>>Now you have a list of IP addresses and MAC addresses on your network.

5>>Now click on 'APR' tab at the bottom beside the 'hosts' tab.

6>>The function of APR is to Hijack the network traffic and pass it through your computer.

7>>Now single click in the upper segment of the empty form-like space on the right side of the window.

8>>Click on the blue PLUS sign (+) on the top which is meant to add new addresses to poison and sniff.

9>>Here, on the left side you have a list of available addresses. I prefer selecting the address of the router so select the address of the router and then on the right side select the addresses of the computers you want to sniff. You can choose as many computers as you like.

10>>Now just click okay and you'll see that address listed in the upper segment of your screen.

11>>Select the addresses with your mouse and click on the 'Start APR' button which appears like a radioactivity sign.

12>>Bingo! You just started sniffing and poisoning the network.

13>>Now click on the 'Passwords' tab at the bottom and here you have a list of all the activity going on and you can sneak the passwords from here.

14>>For web passwords see the HTTP tab and if you want the login information just click on 'SMB' on the left side of your screen where there is a list of the type of passwords available.

15>>From here, select the password you want to crack, right click it and send it to the cracker.

If you still don't know how to use the cracker, refer to the links below.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn how to use the Cain's cracker for a Dictionary Attack to crack passwords!

Learn to use Rainbow Tables to crack passwords!

Want to watch the above tutorial as a video? Click HERE.

Wednesday, September 2, 2009

Cain and Abel - PocketPC Tutorial

This is a quick video tutorial to teach you how to crack passwords using your PocketPC and Cain and Abel Mobile Version.

Keep in mind that this only works for the Dictionary Attacks.


Courtesy Go4the101.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn how to use the Cain's cracker for a Dictionary Attack to crack passwords!

Learn to use Rainbow Tables to crack passwords!

Cain and Abel - Cracking (Rainbow Tables Explained)

Rainbow Tables are a compact representation of related plaintext password sequences. In other words, they are huge lists of passwords that meet certain criteria.

Rainbow tables are used to return a plaintext password from a hash. They can be fastest method amongst all but creating them requires a lot of hardwork.

So to generate a rainbow table, you have to follow these steps:

1>>To generate a rainbow table, we will use a free program called Wintrgen. (http://www.softpedia.com/get/Security/Security-Related/Winrtgen.shtml)




2>>When we'll click 'Add Table' a dialogue box will appear where we'll lbe able to specify the criteria for the Rainbow Table.

3>>The options marked 'Hash' and 'Charset' are the ones we need to change.

4>>The 'Hash' option allows you to choose the type of hash you'll be cracking and the 'Charset' allows you to specify the character set for the hash you'll be cracking. A character set is actually the list of all possible characters in your hash. Greater the number of characters, larger the amount of time it will take to crack and vice versa.

5>>Now let us start by trying to crack an MD5 hash of max length '8' and numbers-only charset.

6>>The Key Space option shows that these specifications will create a table with 111,111,110 keys and will take a total space of around 631 MB on your hard drive.

7>>Finally hit Ok and then 'Start' to begin creating the table.


8>>Keep in mind that table generation can be very long and tedious.

9>>Once you've created the table, you're ready to proceed to the next tutorial.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn how to use the Cain's cracker for a Dictionary Attack to crack passwords!

Use your PocketPC to crack passwords on the go!

Cain and Abel - Dictionary vs Bruteforce attacks!


Courtesy Go4the101.

In this tutorial we'll be drawing a line between Dictionary Attacks and Bruteforce Attacks.

1>>Bruteforce attacks basically involve trying all possible keys to crack a password. On the other hand, Dictionary attack only tries the most probable passwords which are derived from a given Wordlist such as Aragon Wordlist.

2>>Dictionary attacks are much faster than the Bruteforce attacks but they donot always gurantee that the password will be cracked because there is no guarantee that the password is in your dictionary. Bruteforce attacks, however, always end up cracking the password once given the time to do so.

3>>Thus, a dictionary attack will never be able to crack a password like 'aCe#33&9' whereas Bruteforce will.

4>>Dictionary attack should always be your first choice but Bruteforce should be the last.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn how to use the Cain's cracker for a Dictionary Attack to crack passwords!

Learn to use Rainbow Tables to crack passwords!

Use your PocketPC to crack passwords on the go!  

Tuesday, September 1, 2009

Cain and Abel - Cracker Tutorial (Dictionary Attack)



Courtesy Go4the101.

In this tutorial we'll focus on how to use Cain's cracker to crack and recover passwords.

1>>Open Cain and click on the 'Cracker' tab.

2>>Now to your left is the list of all the various types of hashes that Cain and Abel is capable of dealing with.

3>>Across the top are buttons to crack less secure hashes that simply go through the same algorithm everytime.

4>>Also on the top is a button that looks like a calculator. This is a hash generator that you can use for test purposes.

5>>Clicking on the hash calculator will bring up a pop up with two text boxes with labels 'Text to Hash' and 'Bytes to Hash'. Typing something in the 'Text to hash' text box and clicking 'Calculate' will create many different types of hashes.

6>>The hashes it created are actually encrypted versions of whatever you typed.

7>>Imagine you have typed the word 'anything' in the box and it is a password or something. Going in the reverse direction, I will crack one of the hashes it has created to reveal the password behind it. I will be using the MD5 hash and then will be converting it back to the word 'anything'.

8>>At this point, it is necessary to know that Cain and Abel is capable of a few different decryption methods namely Bruteforce, Dictionary and Rainbow Table.

9>>As we know what is actually behind the hash, let us use the quickest method of cracking i.e Dictionary Attack.

10>>Copy the MD5 hash from the window where you calculated the hashes for the word 'anything' and then close the window.

11>>Now again you have Cain infront of you with the 'Cracker' tab open. Click on MD5 Hashes in the sidepane on your left.

12>>Now right click in the empty space on its right and click 'Add to list'.

13>>A small dialog box will open with a text box where you are going to paste the MD5 hash you copied.

14>>After this click ok. Now you should be able to see the hash you entered at the top.

15>>Right click the hash and select 'Dictionary Attack'.


16>>You will be seeing a screen with the available wordlists on the top and the buttons 'start' and 'exit' at the bottom. If you still haven't added the wordlists, right click in the empty space at the top and choose 'Add to list' and browse for the wordlist you have. (Aragon worldist is a good wordlist)

17>>Now press the 'Start' button at the bottom and Cain will crack the password for you in a matter of minutes depending on the speed of your computer.

In the next tutorial, we'll see how to crack complex passwords using the Rainbow Table and the Bruteforce attack. :):)

Till then, have fun.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn to use Rainbow Tables to crack passwords!

Use your PocketPC to crack passwords on the go!  

Lightweight Linux Distros

Learning to use Linux is a leap towards becoming a good hacker. Linux unlike Windows is more secure and is a lot faster.

Linux has a lot of free distributions available. So once you decide to get your first taste of Linux, it is important to decide which Linux distro to use. If you're ready to completely convert to Linux and banish Windows from your PC forever, you should probably go for fully featured distros like Fedora, Debian and Ubuntu. But if you're a novice and you haven't got any experience of using Linux before, you should better turn towards one of the very lightweight Linux distros available.

I've tested many Linux distros on my machine and have managed to shortlist these five:

1>>Damn Small Linux
2>>Puppy
3>>Feather Linux
4>>XUbuntu

Damn Small Linux (http://www.damnsmalllinux.org/)

Damn Small Linux or DSL (some people find the word 'damn' offensive) is an extremely small distro which is also immensely popular because of its very small size. It can be run off a Live CD and can completely run in RAM without consuming a chunk of Hard Drive. You can also boot with a USB and use it. It can run extremely fast with RAM as little as 128 MB! And the good part is, if you start liking the Linux interface, you can transform it into Debian which is a fully featured OS.

DSL can be downloaded as a 50 mb file from its website. Although it is extremely small in size, it has a couple of disadvantages aswell. First of all, the installation is not very user friendly, and secondly it doesnot have a great driver library though the drivers can be downloaded and installed once you're on with it.

PuppyLinux (http://www.puppylinux.org//)

Another great lightweight Linux distro is PuppyLinux. It should run on any Pentium with at least 32 MB and boot under 60 seconds. It aims to be as easy to use as possible and assumes no technical expertise. PuppyLinux is a well featured distro which is very fast but also provides you with all the necessary tools to keep you moving. The installation is a piece of cake and the boot up is pretty fast too.


Feather Linux (http://featherlinux.berlios.de//)

It is a Linux distribution which runs completely off a CD. It takes up under 128Mb of space. It is based on Debian and includes software which most people use every day. Feather can be installed on a USB stick but as far as I know, it cannot be installed on a Hard drive.

Xubuntu (http://www.xubuntu.org//)

Xubuntu, or Jaunty Jackalope, is the little sister of the fully featured Linux OS, Ubuntu. It is the heaviest of all the distros listed here, but also the most well featured and best suited if you want to run Linux as the only OS on an old machine. The boot time and the installation is significantly greater than the rest of the distros here. But this is the OS which can best convince you to completely switch to Linux, at least on your Laptop.

Conclusion

From all of these, the one I like the most is Puppy for the ease of use and the briskness it provides to you. But after all, people are different, and you can't decide until you really get to experience stuff. So go ahead, play around. But be on the safe side!

Don't be afraid of the penguins, people! :-)

Happy Linuxing!

Edit FLV Videos in seconds! - RichFLV

Okay, this isn't really a hack but this thing caught me so much I had to let you guys know about it. Now you can edit your favorite FLV Videos in seconds, cropping or cutting or doing almost everything with them at will. There's this extremely light utility which happens to do it for you.

The utility is RichFLV and can be downloaded by clicking HERE.

The basic environment of the program is explained as follows:

File Menu

Use the Open menu item in the File menu to open and play FLV files and use the Save menu item in the File menu to save your edited FLV files.

Window Menu

You can use “Show Video Player Only” menu item in the Window menu while playing a FLV file, but it will be a good idea to show the Info Panel and Control Panel, both through the Window menu, when editing the FLV file.

Info Panel

This shows all available info about the FLV file, and you can add or delete data.

In the Metadata tab you may see some name, value pairs. You could add more metadata from here.

The Cue Points tab allows you to add or delete cue points of navigation and event types, and add or delete parameters about each of the cue points. These cue points will be useful if you are creating a SWF from the FLV file. 

The Keyframes tab lists all the key frames based on timestamp and file position. You can set Inpoint and Outpoint to the frames of your choice in this tab. The Inpoint is where your edited clip starts and Outpoint is where it ends.

Cue points are used for creating a SWF from the FLV file. 

The inpoint and outpoint, on the other hand, are used for cutting or cropping clips. Inpoint is where the clip you want to cut starts and Outpoint is where it ends.

Control Panel

You can navigate across the FLV, move your previously created cue points (the white and red downward arrows), and set your Inpoint and Outpoint (by moving the black markers on either side of the red tape).



Export Menu

After you select your Inpoint and Outpoint you can export the clip as either FLV or FLV (no sound) or FLV (sound only) or MP3 or SWF or XML (exports only the Cue points).

Import Menu

You can import a FLV file into another already opened one to stitch them together end to end, or import a MP3 file into the opened FLV file to add soundtrack to it.

Enjoy! :D