Password Attacks Software programmers havedeveloped many password cracking tools. Every tool has its own advantages anddisadvantages. In this document, we will learn about a few of the most popularpassword cracking tools.1. Brutus: This tool was released inOctober 2000.
This tool is available only for windows systems at free of cost.As we read the article we understand that it is the most popular remote onlinecracking tool. It’s fast and flexible. This toolalso supports multi-stage authentication engines and will be able to connect 60simultaneous targets. Attack process can be paused any time and then resume backwhenever you want to resume. It supports HTTP (basic authentication)2. Rainbow Table Attacks: Rainbow table attacks are a type of attack that tries to discoverthe password from the hash. They use rainbow tables.
These tables are precomputed hashes which are huge databases. It helps to look at the process ofhow some password crackers discover passwords without a rainbow table. If anattacker has the hash of a password. The application can use the followingsteps to crack it: The application guesses a password (or uses a password from a dictionary). The application hashes the guessed password. The application compares the original password hash with the guessed password hash. If they are the same, the application knows the password, if they aren’t the same; the application repeats steps 1 through 3 until finding a match.
3. Wfuzz: Wfuzz is a Python-based flexible web applicationpassword cracker or a method to determine unknown value by using an automatedprocess to try a large number of possible values (Brute force). It supportsvarious methods and techniques to expose web application vulnerabilities.Keyfeatures of Wfuzz password cracking tool:· Capabilityof injection via multiple points with multiple dictionary· Outputin colored HTML· Post,headers and authentication data brute forcing· Proxyand SOCK Support, Multiple Proxy Support· MultiThreading· Bruteforce HTTP Password· POSTand GET Brute forcing· Timedelay between requests· Cookiesfuzzing 4. Cain and Abel: Cainand Abel is a well-known password cracking tool that is capable of handling avariety of tasks. The tool is only available for Windows platforms.
It can workas sniffer in the network, cracking encrypted passwords using the dictionaryattack, recording VoIP conversations, brute force attacks, cryptanalysisattacks, revealing password boxes, uncovering cached passwords, decodingscrambled passwords, and analyzing routing protocols. Cain and Abel do not developany vulnerability or bugs. It only covers security weakness of protocols tograb the password.
This tool was developed for network administrators, securityprofessionals, forensics staff, and penetration testers. 5. John the Ripper: John the Ripper is anotherwell-known free open source password cracking tool for Linux, UNIX and Mac OSX. A Windows version is also available. This tool can detect weak passwords. Apro version of the tool is also available, which offers better features andnative packages for target operating systems. 6.
THC Hydra: THC Hydra is a fast network logonpassword cracking tool. New modules are easy to install in the tool. You caneasily add modules and enhance the features. It is available for Windows,Linux, Free BSD, Solaris and OS X. This tool supports various network protocols.Currently it supports Asterisk, AFP, Cisco AAA, and Cisco auth, Cisco enable. 7.
Medusa:Medusa is also a password cracking tool similar to THC Hydra. It claims to be aspeedy parallel, modular and login brute forcing tool. It supports HTTP, FTP,CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin,SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet. While cracking thepassword, host, username and password can be flexible input while performingthe attack. 8.
OphCrack: OphCrack is a free rainbow-tablebased password cracking tool for Windows. It is the most popular Windowspassword cracking tool, but can also be used on Linux and Mac systems. Itcracks LM and NTLM hashes. For cracking Windows XP, Vista and Windows 7, freerainbow-tables are also available. 9. L0phtCrack: This is an alternative to OphCrack. It attempts tocrack Windows password from hashes.
It uses Windows workstations, networkservers, primary domain controllers, and Active Directory for cracking thepasswords. It also uses dictionary and brute force attacking for generating andguessing passwords. It was acquired by Symantec and discontinued in 2006. LaterL0pht developers again re-acquired it and launched L0phtCrack in 2009. It alsocomes with a schedule routine audit feature. One can set daily, weekly ormonthly audits, and it will start scanning on the scheduled time. 10.
Aircrack-NG:Aircrack-NG is a WiFipassword cracking tool that can crack WEP or WPA passwords. It analyzeswireless encrypted packets and then tries to crack passwords via its crackingalgorithm. It uses the FMS attack along with other useful attack techniques forcracking password. It is available for Linux and Windows systems. A live CD ofAircrack is also available. How to create a password thatis hard to crack: In this Article we learnt 10 password cracking tools. These tools try tocrack passwords with different password cracking algorithms.
Most of thepasswords cracking tools are available for free. So, you should always try tohave a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating apassword. The longer the password, the harder it is to crack: Length of thepassword is most important factor. It takes longer time to guess and should beat least 8 characters long. Always the password should be alphanumeric withspecial characters. Need to keep changing the passwords frequently and shouldnot repeat the same passwords.
What to avoid while selecting the password: Should never use dictionary word, never use pet names, familymember’s name, and phone numbers date of birth. Sequential or repeatedcharacter passwords to be avoided. Go through the worst password list sharedthrough data analysis and ensure to avoid such type of passwords. Reference: http://resources.infosecinstitute.
com/10-popular-password-cracking-tools/ Computer – FavouritiesFor a quicknavigation to the websites, setting Internet bookmarks and favorites are thebest way. Bookmarks can be rearranged, deleted. In this article we will gothrough the process of how to manage bookmarks and favorites in all of themajor Internet browsers. To proceed, select your browser from the list belowand follow the instructions.
Microsoft Edge Internet Explorer Google Chrome Mozilla Firefox Opera Safari Microsoft EdgeTo access favorites: 1. Open the Microsoft Edge Internetbrowser.2. In the upper right-hand corner ofthe screen, select the Hub icon.
3. Select the Favorites icon.To delete favorites or folders: 1. Right-click the favorite orfolder which has to be to deleted.2. Select Delete fromthe drop-down menu that appears.
To move and organize items infavorites:Drag-and-drop yourfavorites or folders to rearrange them.Renaming items in favorites:1. Right-click the favorite or folder whichhas to be renamed.2. Select Rename fromthe drop-down menu that appears.3.
Type in the desired name andpress Enter.To access favorites:Press Alt+Cor1. Open Microsoft InternetExplorer.
2. Click on the Favorites icon inthe upper right-hand corner of the browser window.3. Click any Favorite folder to expandand show its contents.To delete favorites or folders:1. Right-click the favorite orfolder which has to be deleted.2.
Select Delete fromthe drop-down menu that appears.To move and organize items in yourfavorites:Drag-and-drop your favorites or folders torearrange them.Renaming items in favorites:1. Right-click the favorite or folder whichhas to be renamed.2.
Select Rename fromthe drop-down menu that appears.3. Type in the desired name andpress Enter.To access your bookmarks:Press Ctrl+Shift+Oor1. Open the Google Chrome Internetbrowser.
2. Click Customize and controlGoogle Chrome in the upper right-hand corner of the browser window.3.
Move your mouse cursor over Bookmarks andthen click Bookmark manager.Deleting:1. Highlight the bookmark orfolder which has to be deleted by clicking it once.2. Press the delete key on thekeyboard to remove the bookmark or folder.PS: You can also right-click abookmark or folder, then select delete from the menu.Organizing:Drag-and-drop yourbookmarks or folders to re-organize them.Renaming:1.
Right-click the bookmark or folder whichhas to be renamed.2. Select Edit..
. fromthe drop-down menu that appears.3.
Type in the desired name andpress Enter.To access your bookmarks:Press Ctrl+Shift+Bor1. Open the Mozilla Firefox Internetbrowser.2. Click Show your bookmarks inthe upper right-hand corner of the browser window.3.
Select Show All Bookmarks.Deleting:1. Highlight the bookmark orfolder you want to delete by clicking it once.2. Press the delete key onyour keyboard to remove the bookmark or folder.Tip: You can also right-click abookmark or folder, then select delete from the menu.
Organizing:Drag-and-drop yourbookmarks or folders to re-organize them.Renaming:1. Highlight the bookmark orfolder you want to rename by clicking it once.2.
Locate the field labeled Name: inthe lower right-hand section of the Library window.3. Type in the desired name andpress Enter.To access your bookmarks:Press Ctrl+Shift+Bor1.
Open the Opera Internetbrowser.2. Click Customize and controlOpera in the upper left-hand corner of the browser window.3.
Select Bookmarks fromthe drop-down menu that appears, and then select Show allbookmarks.Deleting:1. Locate the folder or bookmark youwould like to delete and move your mouse cursor over it.
2. A circled X shouldappear in the upper right-hand corner; click it to delete.Organizing:Drag-and-drop yourbookmarks or folders to reorganize them.Renaming:1.
Right-click the bookmark or folder youwant to rename.2. Select Edit…
fromthe drop-down menu that appears.3. Type in the desired name andpress Enter.To access your bookmarks:1. Open the Safari Internetbrowser.2. Select Bookmarks fromthe toolbar at the top of the screen.
3. Select Show Bookmarks fromthe drop-down menu that appears.Deleting:1.
Open the Safari Internetbrowser.2. Select Bookmarks fromthe toolbar at the top of the screen.
3. Select Edit Bookmarks fromthe drop-down menu that appears.4.
Click the bookmark you’d like toremove so it is highlighted, and then press Delete.Organizing:Drag-and-drop yourbookmarks or folders to reorganize them.Renaming:1. Open the Safari Internetbrowser.
2. Select Bookmarks fromthe toolbar at the top of the screen.3. Select Edit Bookmarks fromthe drop-down menu that appears.4. Click the bookmark you want torename, wait a moment, and then click it again.5.
The text in the bookmark should turnlight blue. Type the name you’d like for the bookmark.Referencehttps://www.computerhope.com/issues/ch000859.
htmInformation Gathering ToolsInformationgathering is the process of collecting the information from different placesabout any individual company, organization, server IP, address or person. Thereare numerous tools for information gathering. Eg. Surveys or Questionnaires,Interviews, Focus group, review of literature, procedures, and forms. Onsiteobservations. Information is gathered from two principal sources, personnel orwritten documents from within the organization and external sources arevendors, doctors, newspapers and professional journals. Information gatheringis the first step of hacking most of the time (90%) a hacker spends in thisprocess.
Information gathering plays a very vital role for both investing andattacking purposes.Referencehttp://www.teamreporterapp.com/information-gathering/Vulnerability AnalysisVulnerability is threatsrelated to safety. Ensuring safety in societyrequires, what is to be protected, what poses a threat, and the means forstrengthening safety are seen in the same context. According to the government,the general goals for the safety of society to protect are: the population’s lives and health, Publicfunctionality, the ability to maintain our basic values like democracy, therule of law, and human rights and freedoms. Vulnerability, security flaw is afailure of security policies, procedures and controls that allow asubject/hacker to commit an action that violates the security policy.Vulnerability analysis is divided into two types: static vulnerability anddynamic vulnerability.
Referencehttp://www.wseas.us/e-library/conferences/2006venice/papers/539-128.pdfWebApplication AnalysisWeb application analysis is a tool to runfor allapplications that we access through a browser. Security testing is critical and we learn that there are two type oftesting.
Static testing is conducted through codes to check the vulnerabilityand dynamic testing is done by running the application to checkList of the software’s/Tools/Utilities:web proxies, web scanners, web testing frameworks, web Browser Assessment, Webbrowser for penetration testing, Fuzzers, Database assessments.http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html ReverseEngineeringIt is a process of redesigning anexisting product to improve its function, add quality and increase its utilityvalue. The main aim of reverse engineering was originally applied to hardware,but it is now being applied to software, databases and the definition ofreverse engineering in a software environment is the process of takingsoftware’s binary code and reproducing it to trace the functionality andidentify certain bugs. In the field of cyber security, this isapplied to trace the hacker’s activities.
Cyber criminals behind the attack,utilize the full spectrum of computer techniques to breach into corporatenetworks. Reverse engineering helps us to identify their techniques and helpsto understand the prevention in future. Kali Linux is an example for reverseengineering tool. http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber-security-professionals/#gref Wireless AttacksIn a wireless network thedataflow is through the medium of air.
Let’s learn about few types of wirelessattacks. Packet sniffing: Theinformation flow is done through a lot of traffic (FTP, HTTP etc) back andforth and it is in a simple plain text which is easily readable by anybody.Using a tool like “wireshak” helps in reading the data which is gettingtransferred in plain text. Hackers can easily steal a password or hacksensitive information very easily. Rougeaccess point: This is an unauthorized access point (AP) which appears on anetwork. It is left open to variety of attacks from an employee. Password theft: If a network does notuse platforms like SSL or TSL then there are chances of a hacker stealing ourpassword.
https://phoenixts.com/blog/types-of-wireless-network-attacks/ Sniffing and SpoofingGoing by the terminology, Spoofing means to pretend to besomeone else and Sniffing means to illegally listen into another’s conversation.Let us understand these terms in computer language. Sniffing is done to hackpasswords, emails, financial account information, any confidential information,protocol information attack to trace hardware addresses, IP addresses androuting etc.
Spoofing is penetration techniques to exploit at any level and onany model and disrupts the normal flow of data. Attacks are based onvulnerability level in spoofing. http://www.techiwarehouse.com/engine/423a5281/IP-Spoofing-and-Sniffing- ForensicsComputer forensic is the processof identifying, preserving, analyzing and presenting digital evidence in alegally accepted manner. Computer forensic ensures integrity of the computersystem, to produce evidence and respond to hi-tech offenses.
Computer forensicexperts not only find the criminal but also find out the evidence and presentin a manner that leads to legal action against the cyber criminals. Cyber crimeand evidence occurs when information technology is used to commit or conceal anoffence. Digital evidence can be Persistent data – Data remains intact when acomputer is turned off (eg. hard disks/drives, USB or Flash drives). Volatile Data – Data is lost when acomputer is turned off (eg. Deleted files, computer history, temporary files andweb browsing history).http://resources.
infosecinstitute.com/7-best-computer-forensics-tools/#grefReporting tools :These tools are sources ofbusiness intelligence which enables self-service reporting, analysis andexecutes advanced queries, helps to access, analyze and prepares dashboards. Thesetools help in presenting big data in a precise and readable format. We willunderstand some of the tools in our learning’s. 1. BIRT- This is written inJava and runs on Windows, Linux and MAC operating systems currently and helpsin preparing and publishing standalone reports. 2. Jasper Report – Written injava and runs on Windows, Linux and MAC OS and supports in excellentdocumentation, eg.
Search engine like wiki.3.Pentaho – This tool runs on JavaEnterprise Edition and can be used on Windows, Linux, and Mac. It supports manycommunity resources such as documentation, wiki, and more.4.
Spago BI – It is writtenin Java, and it is licensed under the Mozilla Public License version 2.0.This is used for reporting, charts, cockpits, data-mining, ETL, and many more.5. KNIME – It is an analytical platform developed primarily for pharmaceuticalresearch, expanded to industries like banks, car manufacturers, telcos. 6.ReportServer – allows for reporting, ad-hoc analyses, Excel and Word reporting,and multidimensional OLAP analytics. It is java based and runs on ApacheTomcat, Wild fly.
Supports Windows, Linux, OSX. 7. Seal Report – framework forproducing reports and dashboards through open database. https://opensource.
com/business/16/6/top-business-intelligence-reporting-toolsSocial Engineering tools: A social engineering toolkithelps address the human element aspect of penetration testing. SocialEngineering Toolkit has many number of downloads and helps in enhancing attacksin social engineering type environment. Many consulting companies believe thatsocial engineering is one of the hardest attacks to protect against and now oneof the most prevalent. http://www.ijera.com/papers/Vol4_issue12/Part%20-%206/AI041206240244.
pdf Post ExploitationPost-Exploitation phaseis to determine the value of the machine compromised and to maintain control ofthe machine for later use. The value of the machine is determined by thesensitivity of the data stored on it and the machines usefulness in furthercompromising the network. The various phases of post exploitation includes, understanding the victim, Privilege escalation, cleaning tracks andstaying undetected, collecting system information and data setting upbackdooring and root kits and pivoting to penetrate internal networks https://www.packtpub.com/mapt/book/networking_and_servers/9781782163589/7/ch07lvl1sec34/what-is-post-exploitation