Search This Blog

Wednesday 31 August 2011

Introduction to Linux distributions-Part 1

Hi everyone today I will be talking about OS (operating system) which run on the Linux kernel. BTW, in case you don't understand what a kernel is, it is something which the entire operating system is based on. Ok, so today I will mainly be talking about three linux distros, Linux Mint 11 'Katya', Ubuntu and Backtrack.

First up, Ubuntu.

Ubuntu is the best distro for the beginners ,With its easy installation and user friendly interface, it is highly popular among people migrating from Windows to Linux and  beginners. It comes with many free bundled software like the OpenOffice suite. Ubuntu is a community developed operating system that is perfect for laptops, desktops and servers. Whether you use it at home, at school or at work, Ubuntu contains most of the applications you’ll need. Click here to get Ubuntu 11.04

2nd, Backtrack

Backtrack is an OS designed for pen-testers (penetration testers) and ethical hackers. It contains tons of tools for hacking all in an easy to access menu, just like Ubuntu. In fact, it is based on Ubuntu! Though, sadly, I must say that this OS is really for the more elite hackers, or at least those who know how to use the CLI. Click here to get the latest version of Backtrack, version 5 release 1

Finally, Linux Mint 11 'Katya'

Linux Mint 11, codenamed 'Katya', is highly user friendly. Those migrating from the Windows OS will find this OS very similar to the Windows OS, but with an added search tool. The interface is so good that you can find your long lost applications with speed and ease. Also, it contains some essentials like sticky notes, the LibreOffice Suite etc. Click here to get Linux Mint 11 'Katya'


Conclusion:

I feel that Linux mint 11 is the better one between Ubuntu and Mint, but like I mentioned earlier, Ubuntu is the better one for beginners as it is more user friendly. Nevertheless, Mint is still the more functional of the two. Backtrack is definitely not a 'beginner's OS' like Ubuntu and Mint are, as some tools (Or more correctly, almost all) offer the CLI, which I personally do not like. Only some tools have a GUI offered. So, it is definitely better to try all three, if you're feeling adventurous. My personal opinion is to try Linux Mint. For instructions on how to use the OS with/without installing them, check part two.

Monday 29 August 2011

Password Cracking tools

As I promised in my earlier post, I will be blogging about the top 9 password cracking tools.

1) Cain and Abel

Cain and abel is my favourite password cracker. Besides password cracking, it can also sniff the network for passwords, use ARP poisoning attacks, dump the Protected Storage etc. Linux users often think that hacking tools, the best hacking tools, support their OS, but Cain and abel is a glaring exception.

2) Ophcrack

Ophcrack is an easy to use password cracker. I have already made a tutorial on how to use it, please do check it out.

3) Brutus

Brutus is an online remote password cracker, it can be used to crack http, telnet, ftp etc passwords using brute force or dictionary attack.

4) John the ripper

John the ripper is a fast, cross platform password cracker. Frankly, I'm not so adept at using CLI(Command Line Interface) tools, so I don't really like John the ripper. I've heard its quite fast though.

5)LOphtCrack

LOphtCrack has many ways of generating password guesses like brute force, dictionary attacks etc, however you might want to take a look at an alternative like ophcrack as LOphrCrack isn't free.

6) THC hydra

THC hydra can be used to crack WEP,WPA etc passwords, quite a good tool, also provided in Linux Backtrack OS.

7)Rainbowcrack

Like ophcrack, rainbow crack uses rainbow tables, but it uses a CLI, unlike ophcrack, which uses a GUI. So I prefer ophcrack.

8) Aircrack

One of the fastest WEP/WPA password cracking tools available now.

9)Airsnort

Another WEP/WAP password cracking tool.


Thursday 25 August 2011

Web browser reviews

Today I will be discussing about web browsers. These browsers I am going to discuss about will range from the popular ones like Mozilla Firefox to almost unknown ones like Maxthon (No offense to Maxthon users, i'm one too! :D).

1st up: Mozilla Firefox

Mozilla Firefox is a highly popular web browser, used by lots of people round the world. Firefox is a web browser from the Mozilla corporation, whose motto is 'We Believe In An Open Web' (I think :P). The firefox browser runs on the Gecko rendering engine, which I find is a good all rounder, although some web pages, especially older ones, display properly only in the internet explorer's (IE) Trident engine. But more on that later. The interface is very, very easy to use, and it is very fast. Especially the nightly build one, its called mozilla nightly, but I'll call it mozilla firefox 7. The latest stable one is firefox 4, but the beta and nightly build versions like firefox 5, firefox aurora (firefox 6) and firefox 7 are also very fast. Start up time for the browser is quite fast. I like the fact that you can customise the firefox browser with add ons. One of the few addons I recommend it the hide my ass proxy one click add on. It is very simple to use and has a easy to understand interface.


2nd competitor: Lunascape

This is the world's only triple engine browser, with the Trident, Gecko and Webkit engine. It is very good as you can associate certain pages with certain engines, and choose a default engine too. Best of all, you can use firefox, chrome, IE and lunascape addons. Sadly, there is a severe lack of english lunascape addons, so I'll recommend you to stick with the other three engine's addons. Oh, and a reminder. you can only use the addon if it works with the engine you're using. For eg, you must use the Gecko engine for firefox addons, etc. Only lunascape addons can be used in any engine. I feel that this browser, frankly, is very good, but is more for experienced users as the interface is not exactly user friendly. Only major drawback is that the installation might take a couple more minutes than firefox and the others. Even so, it is worth the 5 minute or so wait. And when the screen asking you to choose what you want to install appears, I suggest you to choose all. By default, the Webkit plugin is not installed and the plug in or whatever that is for speeding up the startup speed of Lunascape is also not installed. These two are worth the wait.


3rd participant: Google Chrome

Google Chrome is a web browser by Google (DUH). Chrome has a classy and non cluttered interface, so it is very easy to use. Besides that, Chrome has lots of addons, one example is the HideMyAss proxy one click add on, which is also available for firefox. Combine these with the fact that Chrome, which runs on the Webkit rendering engine, is very fast and you get one of the world's most favourite browsers. There is a problem with it though. The webkit engine has known compatibility issues with some websites. Still, I find it better than IE.

4th participant: Rockmelt

There is something different in these browser compared to all the rest. It is actually Google Chrome, but it is a social networking browser, with built in facebook chat and instant news feed at the side of your browser. Choose to hide the 'edges' as they are called in rockmelt, or leave it all on. Again, it runs on the webkit engine, so compatibility issues strike again. Still, I recommend the Rockmelt browser if you are a chrome lover.

5th participant: Maxthon browser

This browser gives you the best of both worlds. It is special in the number of rendering engines it has. It has the Trident engine and the webkit engine, so you get both speed and compatibility. Use ultra mode (webkit) or retro mode (Trident). The maxthon team also has encrypted storage online, so you can save files online. Of course, it requires you to sign up for an account. It has some useful tools, like Reader mode, online notepad etc etc. Problem is, there are not much english addons in the Maxthon website. Even so, it wouldn't harm to give it a try, as startup speed really beats most of the others.

6th participant: Opera web browser

This is one really good browser. In fact, its one of my favs. I like its tab stack function, so no more cluttered browsers. Another is its panel toggle function, so you can browse the web from the side of your browser, in case you need to hide anything ;D. Then theres the private tab function, instead of the usual private window, although you can of course choose either of both. It supports quite a no. of add ons too, like PanicButton. Personally, it has an easy to use and user friendly interface. Remember to read the whole web tutorial thoroughly and you'll know of the many cool functions in Opera. Oh, and its rendering engine is not Gecko, Trident or Webkit. In fact, they use they're own rendering engine, Presto. It is a fast and very good all rounder. I would definitely recommend this browser. Best of all, it has a turbo feature to speed up browsing on slow networks. You simply must try it to believe it.

7th and last participant: IE (Internet explorer)


Internet explorer is the default web browser by Microsoft. Personally, I feel that this browser pales much in comparison to the rest of the browsers. It runs on the Trident rendering engine, which is compatible with most, if not all, websites. A major drawback is its speed and stability. IE has been known to crash easily and has a very, very slow speed. (No offense to IE users!) I don't use IE much as I find it not reliable.




Conclusion: For experienced users, Lunascape is the best among the best. For users with lesser experience, you should try opera or maxthon. For the social people, Rockmelt is better than chrome and for the all rounders, firefox is the best among the rest.

Sunday 21 August 2011

Types of password cracking attacks.

Today I will be blogging on how password cracking attacks work. There are three types, rainbow table attack (also called cryptanalysis attack), dictionary attack and brute force attack. Below are how these work.

Rainbow table attack- These use a table called a rainbow table. To understand this, we must first understand how a password works. Passwords go through an algorithm, in windows it is the LM (LANmangaer) algorithm. The outcome is called a hash. These are 'one way' processes, so it is difficult to determine the actual password. When we type words in the password field, it goes through the algorithm and the outcome is compared with the correct password's hash. If it matches, you are allowed access and vice versa. So rainbow tables use a table with lots of precomputed hashes and compare the hashes with the hashes extracted from somewhere, in windows it is the SAM database. By the way, hashes have to be EXTRACTED from the database, or the table cannot be compared with the hashes. When there is a matching hash between the table and the extracted hash, the table then finds the plaintext of the hash which it was precomputed from. This plaintext is the password.

PROS:  -Fast
             -Quite reliable
CONS: - Takes up lots of space, as in the table size.
             - Takes lots of resources and time to precompute the tables.
             - Limitation as to how long the actual password can be. In xp it is 12 if I'm                not wrong and vista and windows 7 is should be 8.

Dictionary attacks: This attack is exactly what the name implies. It uses a wordlist full of commonly used passwords and it keeps on guessing until it gets the right password.

Pros: Works on human psychology, most pple will use a word from a dictionary as their password, so dictionary attacks will get their password easily.

Cons: -not very fast, not very slow either.
          -Cracks only the weaker passwords.
       

Brute force attacks: These are the only attacks guranteed to crack a password. Problem is, it tries every single possible keyboard combination to crack a password, so it is damn slow, unless your password is sth like 'pas' or 'qpo', in which you can set the no. of letters/numbers. This is, personally, a nightmare for cracking passwords which are 7 to 8 letters.numbers long. If a password is really strong, it can take months or weeks or days to crack.

Pros: Guranteed to crack all passwords

Cons: Too freakin slow
          Lots of keyboard combinations, so cracking strong passwords would take a very, very long time.



FOR ENQUIRIES ON PASSWORD ATTACKS PLEASE COMMENT AND PLEASE DO CHECK OUT MY POST ABOUT PASSWORD CRACKING TOOLS COMIN OUT SOON!!!

Ophcrack

(This will be my first post on a hacking tool.) Passwords, as we know, are one of the many security measures that everyone can implement. In fact, passwords are so common that almost all, if not all, accounts use passwords. However, a chain is only as strong as its weakest link. Passwords can be one of these weak links which compromise security. Today, I will be showing you how to use ophcrack, a password cracking distrubution. Firstly, how does it work? Well, ophcrack has the ability to use two different types of password attacks- rainbow tables and brute-force attacks. To find out how these work, please view my next post. Heres the video tutorial. Oh, and ophcrack comes in two 'modes', the live, bootable version and the GUI version. This tutorial is on the GUI one. The tutorial for the bootable one will come out later in another of my posts. Meanwhile, take a look at the instructions too! :DD



Instructions:

1) Download the GUI program by going to http://ophcrack.sourceforge.net/download.php?type=ophcrack , then clicking on windows.

2)After finishing the download, go to the directory where you downloaded ophcrack and double click on the installer.

3) Follow the instructions in the installler, but DO NOT check any of the boxes when ophcrack asks you to download the tables. If you do, the installer will screw the thing up quite badly (as in the rainbow tables, not the program), so just install the ophcrack program will do.

4)Go to  http://ophcrack.sourceforge.net/tables.php   and select the types of tables you want, and according to your operating system. Mine is Windows XP, so I'll choose the biggest free tables for xp. For windows 7 users, please get the vista tables, they are the same.

5) Download the tables which are in a zip file. Extract the file inside to the desktop or some other directory.

6) Open up the ophcrack program. Click on 'Load', then 'Local SAM'. Wait for a couple of seconds until the new command prompt screen closes, then continue to step 7.

7) Click on 'Tables', then click on the type of table you downloaded. For e.g., I downloaded the xp free small tables, so I click on 'XP free small'. Do this step according to the type of table you download (IMPORTANT).

8) Then click ok and close the tables window. You should see a jumble of letters and numbers in one of the columns in the ophcrack window and also the name of the tables with 'on disk' beside it at the bottom of the ophcrack window.

9) Finally, click 'crack' and ophcrack will begin to crack the passwords. When it's done it will show you all the passwords if they are found and display 'Not found' for usernames which ophcrack cannot find.


IF THERE ARE ANY PROBLEMS PLEASE COMMENT!  :D

Friday 19 August 2011

Introduction

Hi guys my name is patrick, but just call me pat if you want to. In this blog, I will be giving reviews on some freeware like peazip and be providing some hacktools plus tutorials. This is my first post since I joined blogger in August 2011. I was greatly inspired by two other blogs, www.hackhaholic.blogspot.com and www.rafayhackingarticles.blogspot.com. The creators of these two blogs are very experienced hackers and I definitely pale in comparison to them. So please do check out their blogs too if you have the time!