Password systems at free of cost. As we

Password Attacks

 

Software programmers have
developed many password cracking tools. Every tool has its own advantages and
disadvantages. In this document, we will learn about a few of the most popular
password cracking tools.

1.    
Brutus: This tool was released in
October 2000. This tool is available only for windows systems at free of cost.
As we read the article we understand that it is the most popular remote online
cracking tool. It’s fast and flexible. This tool
also supports multi-stage authentication engines and will be able to connect 60
simultaneous targets. Attack process can be paused any time and then resume back
whenever you want to resume. It supports HTTP  (basic authentication)

2.     Rainbow Table Attacks: Rainbow table attacks are a type of attack that tries to discover
the password from the hash. They use rainbow tables. These tables are pre
computed hashes which are huge databases. It helps to look at the process of
how some password crackers discover passwords without a rainbow table. If an
attacker has the hash of a password. The application can use the following
steps to crack it:

The application guesses a
password (or uses a password from a dictionary).
The application hashes the
guessed password.
The application compares the
original password hash with the guessed password hash. If they are the
same, the application knows the password, if they aren’t the same; the
application repeats steps 1 through 3 until finding a match.

 

3.     Wfuzz: Wfuzz is a Python-based flexible web application
password cracker or a method to determine unknown value by using an automated
process to try a large number of possible values (Brute force). It supports
various methods and techniques to expose web application vulnerabilities.

Key
features of Wfuzz password cracking tool:

·       
Capability
of injection via multiple points with multiple dictionary

·       
Output
in colored HTML

·       
Post,
headers and authentication data brute forcing

·       
Proxy
and SOCK Support, Multiple Proxy Support

·       
Multi
Threading

·       
Brute
force HTTP Password

·       
POST
and GET Brute forcing

·       
Time
delay between requests

·       
Cookies
fuzzing

 

4.    
Cain and Abel: Cain
and Abel is a well-known password cracking tool that is capable of handling a
variety of tasks. The tool is only available for Windows platforms. It can work
as sniffer in the network, cracking encrypted passwords using the dictionary
attack, recording VoIP conversations, brute force attacks, cryptanalysis
attacks, revealing password boxes, uncovering cached passwords, decoding
scrambled passwords, and analyzing routing protocols. Cain and Abel do not develop
any vulnerability or bugs. It only covers security weakness of protocols to
grab the password. This tool was developed for network administrators, security
professionals, forensics staff, and penetration testers.

 

5.     John the Ripper: John the Ripper is another
well-known free open source password cracking tool for Linux, UNIX and Mac OS
X. A Windows version is also available. This tool can detect weak passwords. A
pro version of the tool is also available, which offers better features and
native packages for target operating systems.

 

6.    
 THC Hydra: THC Hydra is a fast network logon
password cracking tool. New modules are easy to install in the tool. You can
easily add modules and enhance the features. It is available for Windows,
Linux, Free BSD, Solaris and OS X. This tool supports various network protocols.
Currently it supports Asterisk, AFP, Cisco AAA, and Cisco auth, Cisco enable.

 

7.     Medusa:
Medusa is also a password cracking tool similar to THC Hydra. It claims to be a
speedy parallel, modular and login brute forcing tool. It supports HTTP, FTP,
CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin,
SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet. While cracking the
password, host, username and password can be flexible input while performing
the attack.      

 

8.    
 OphCrack: OphCrack is a free rainbow-table
based password cracking tool for Windows. It is the most popular Windows
password cracking tool, but can also be used on Linux and Mac systems. It
cracks LM and NTLM hashes. For cracking Windows XP, Vista and Windows 7, free
rainbow-tables are also available.

 

9.    
L0phtCrack: This is an alternative to OphCrack. It attempts to
crack Windows password from hashes. It uses Windows workstations, network
servers, primary domain controllers, and Active Directory for cracking the
passwords. It also uses dictionary and brute force attacking for generating and
guessing passwords. It was acquired by Symantec and discontinued in 2006. Later
L0pht developers again re-acquired it and launched L0phtCrack in 2009. It also
comes with a schedule routine audit feature. One can set daily, weekly or
monthly audits, and it will start scanning on the scheduled time.

 

10.  Aircrack-NG:
Aircrack-NG is a WiFi
password cracking tool that can crack WEP or WPA passwords. It analyzes
wireless encrypted packets and then tries to crack passwords via its cracking
algorithm. It uses the FMS attack along with other useful attack techniques for
cracking password. It is available for Linux and Windows systems. A live CD of
Aircrack is also available.

 

How to create a password that
is hard to crack: In this Article we learnt 10 password cracking tools. These tools try to
crack passwords with different password cracking algorithms. Most of the
passwords cracking tools are available for free. So, you should always try to
have a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating a
password. The longer the password, the harder it is to crack: Length of the
password is most important factor. It takes longer time to guess and should be
at least 8 characters long. Always the password should be alphanumeric with
special characters. Need to keep changing the passwords frequently and should
not repeat the same passwords.

 

What to avoid while selecting the password: Should never use dictionary word, never use pet names, family
member’s name, and phone numbers date of birth. Sequential or repeated
character passwords to be avoided. Go through the worst password list shared
through data analysis and ensure to avoid such type of passwords.

 

Reference:

 http://resources.infosecinstitute.com/10-popular-password-cracking-tools/

 

Computer – Favourities

For a quick
navigation to the websites, setting Internet bookmarks and favorites are the
best way. Bookmarks can be rearranged, deleted. In this article we will go
through the process of how to manage bookmarks and favorites in all of the
major Internet browsers. To proceed, select your browser from the list below
and follow the instructions.

 

Microsoft Edge
Internet Explorer
Google Chrome
Mozilla Firefox
Opera
Safari

 

Microsoft Edge

To access favorites:

 

1.     Open the Microsoft Edge Internet
browser.

2.     In the upper right-hand corner of
the screen, select the Hub icon.

3.     Select the Favorites icon.

To delete favorites or folders:

 

1.     Right-click the favorite or
folder which has to be to deleted.

2.     Select Delete from
the drop-down menu that appears.

To move and organize items in
favorites:

Drag-and-drop your
favorites or folders to rearrange them.

Renaming items in favorites:

1.     Right-click the favorite or folder which
has to be renamed.

2.     Select Rename from
the drop-down menu that appears.

3.     Type in the desired name and
press Enter.

To access favorites:

Press Alt+C

or

1.     Open Microsoft Internet
Explorer.

2.     Click on the Favorites icon in
the upper right-hand corner of the browser window.

3.     Click any Favorite folder to expand
and show its contents.

To delete favorites or folders:

1.     Right-click the favorite or
folder which has to be deleted.

2.     Select Delete from
the drop-down menu that appears.

To move and organize items in your
favorites:

Drag-and-drop your favorites or folders to
rearrange them.

Renaming items in favorites:

1.     Right-click the favorite or folder which
has to be renamed.

2.     Select Rename from
the drop-down menu that appears.

3.     Type in the desired name and
press Enter.

To access your bookmarks:

Press Ctrl+Shift+O

or

1.     Open the Google Chrome Internet
browser.

2.     Click Customize and control
Google Chrome in the upper right-hand corner of the browser window.

3.     Move your mouse cursor over Bookmarks and
then click Bookmark manager.

Deleting:

1.     Highlight the bookmark or
folder which has to be deleted by clicking it once.

2.     Press the delete key on the
keyboard to remove the bookmark or folder.

PS: You can also right-click a
bookmark or folder, then select delete from the menu.

Organizing:

Drag-and-drop your
bookmarks or folders to re-organize them.

Renaming:

1.     Right-click the bookmark or folder which
has to be renamed.

2.     Select Edit… from
the drop-down menu that appears.

3.     Type in the desired name and
press Enter.

To access your bookmarks:

Press Ctrl+Shift+B

or

1.     Open the Mozilla Firefox Internet
browser.

2.     Click Show your bookmarks in
the upper right-hand corner of the browser window.

3.     Select Show All Bookmarks.

Deleting:

1.     Highlight the bookmark or
folder you want to delete by clicking it once.

2.     Press the delete key on
your keyboard to remove the bookmark or folder.

Tip: You can also right-click a
bookmark or folder, then select delete from the menu.

Organizing:

Drag-and-drop your
bookmarks or folders to re-organize them.

Renaming:

1.     Highlight the bookmark or
folder you want to rename by clicking it once.

2.     Locate the field labeled Name: in
the lower right-hand section of the Library window.

3.     Type in the desired name and
press Enter.

To access your bookmarks:

Press Ctrl+Shift+B

or

1.     Open the Opera Internet
browser.

2.     Click Customize and control
Opera in the upper left-hand corner of the browser window.

3.     Select Bookmarks from
the drop-down menu that appears, and then select Show all
bookmarks.

Deleting:

1.     Locate the folder or bookmark you
would like to delete and move your mouse cursor over it.

2.     A circled X should
appear in the upper right-hand corner; click it to delete.

Organizing:

Drag-and-drop your
bookmarks or folders to reorganize them.

Renaming:

1.     Right-click the bookmark or folder you
want to rename.

2.     Select Edit… from
the drop-down menu that appears.

3.     Type in the desired name and
press Enter.

To access your bookmarks:

1.     Open the Safari Internet
browser.

2.     Select Bookmarks from
the toolbar at the top of the screen.

3.     Select Show Bookmarks from
the drop-down menu that appears.

Deleting:

1.     Open the Safari Internet
browser.

2.     Select Bookmarks from
the toolbar at the top of the screen.

3.     Select Edit Bookmarks from
the drop-down menu that appears.

4.     Click the bookmark you’d like to
remove so it is highlighted, and then press Delete.

Organizing:

Drag-and-drop your
bookmarks or folders to reorganize them.

Renaming:

1.     Open the Safari Internet
browser.

2.     Select Bookmarks from
the toolbar at the top of the screen.

3.     Select Edit Bookmarks from
the drop-down menu that appears.

4.     Click the bookmark you want to
rename, wait a moment, and then click it again.

5.     The text in the bookmark should turn
light blue. Type the name you’d like for the bookmark.

Reference

https://www.computerhope.com/issues/ch000859.htm

Information Gathering Tools

Information
gathering is the process of collecting the information from different places
about any individual company, organization, server IP, address or person. There
are numerous tools for information gathering. Eg. Surveys or Questionnaires,
Interviews, Focus group, review of literature, procedures, and forms. Onsite
observations. Information is gathered from two principal sources, personnel or
written documents from within the organization and external sources are
vendors, doctors, newspapers and professional journals. Information gathering
is the first step of hacking most of the time (90%) a hacker spends in this
process. Information gathering plays a very vital role for both investing and
attacking purposes.

Reference

Information Gathering

Vulnerability Analysis

Vulnerability is threats
related to safety.  Ensuring safety in society
requires, what is to be protected, what poses a threat, and the means for
strengthening safety are seen in the same context. According to the government,
the general goals for the safety of society to protect are:  the population’s lives and health, Public
functionality, the ability to maintain our basic values like democracy, the
rule of law, and human rights and freedoms. Vulnerability, security flaw is a
failure of security policies, procedures and controls that allow a
subject/hacker to commit an action that violates the security policy.
Vulnerability analysis is divided into two types: static vulnerability and
dynamic vulnerability.

Reference

http://www.wseas.us/e-library/conferences/2006venice/papers/539-128.pdf

Web
Application Analysis

Web application analysis is a tool to run
for all
applications that we access through a browser. Security testing is critical and we learn that there are two type of
testing. Static testing is conducted through codes to check the vulnerability
and dynamic testing is done by running the application to check

List of the software’s/Tools/Utilities:
web proxies, web scanners, web testing frameworks, web Browser Assessment, Web
browser for penetration testing, Fuzzers, Database assessments.

http://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html

 

Reverse
Engineering

It is a process of redesigning an
existing product to improve its function, add quality and increase its utility
value. The main aim of reverse engineering was originally applied to hardware,
but it is now being applied to software, databases and the definition of
reverse engineering in a software environment is the process of taking
software’s binary code and reproducing it to trace the functionality and
identify certain bugs.

 In the field of cyber security, this is
applied to trace the hacker’s activities. Cyber criminals behind the attack,
utilize the full spectrum of computer techniques to breach into corporate
networks. Reverse engineering helps us to identify their techniques and helps
to understand the prevention in future. Kali Linux is an example for reverse
engineering tool.

http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber-security-professionals/#gref

 

Wireless Attacks

In a wireless network the
dataflow is through the medium of air. Let’s learn about few types of wireless
attacks. Packet sniffing: The
information flow is done through a lot of traffic (FTP, HTTP etc) back and
forth and it is in a simple plain text which is easily readable by anybody.
Using a tool like “wireshak” helps in reading the data which is getting
transferred in plain text. Hackers can easily steal a password or hack
sensitive information very easily. Rouge
access point: This is an unauthorized access point (AP) which appears on a
network. It is left open to variety of attacks from an employee. Password theft: If a network does not
use platforms like SSL or TSL then there are chances of a hacker stealing our
password.

Types of Wireless Network Attacks

 

Sniffing and Spoofing

Going by the terminology, Spoofing means to pretend to be
someone else and Sniffing means to illegally listen into another’s conversation.
Let us understand these terms in computer language. Sniffing is done to hack
passwords, emails, financial account information, any confidential information,
protocol information attack to trace hardware addresses, IP addresses and
routing etc. Spoofing is penetration techniques to exploit at any level and on
any model and disrupts the normal flow of data. Attacks are based on
vulnerability level in spoofing.

 

http://www.techiwarehouse.com/engine/423a5281/IP-Spoofing-and-Sniffing-

 

Forensics

Computer forensic is the process
of identifying, preserving, analyzing and presenting digital evidence in a
legally accepted manner. Computer forensic ensures integrity of the computer
system, to produce evidence and respond to hi-tech offenses. Computer forensic
experts not only find the criminal but also find out the evidence and present
in a manner that leads to legal action against the cyber criminals. Cyber crime
and evidence occurs when information technology is used to commit or conceal an
offence. Digital evidence can be Persistent data – Data remains intact when a
computer is turned off (eg. hard disks/drives, USB or Flash drives).       Volatile Data – Data is lost when a
computer is turned off (eg. Deleted files, computer history, temporary files and
web browsing history).

http://resources.infosecinstitute.com/7-best-computer-forensics-tools/#gref

Reporting tools :

These tools are sources of
business intelligence which enables self-service reporting, analysis and
executes advanced queries, helps to access, analyze and prepares dashboards. These
tools help in presenting big data in a precise and readable format. We will
understand some of the tools in our learning’s. 1. BIRT- This is written in
Java and runs on Windows, Linux and MAC operating systems currently and helps
in preparing and publishing standalone reports. 2. Jasper Report – Written in
java and runs on Windows, Linux and MAC OS and supports in excellent
documentation, eg. Search engine like wiki.3.Pentaho – This tool runs on Java
Enterprise Edition and can be used on Windows, Linux, and Mac. It supports many
community resources such as documentation, wiki, and more.4.Spago BI – It is written
in Java, and it is licensed under the Mozilla Public License version 2.0.
This is used for reporting, charts, cockpits, data-mining, ETL, and many more.
5. KNIME – It is an analytical platform developed primarily for pharmaceutical
research, expanded to industries like banks, car manufacturers, telcos. 6.
ReportServer – allows for reporting, ad-hoc analyses, Excel and Word reporting,
and multidimensional OLAP analytics. It is java based and runs on Apache
Tomcat, Wild fly. Supports Windows, Linux, OSX. 7. Seal Report – framework for
producing reports and dashboards through open database.

https://opensource.com/business/16/6/top-business-intelligence-reporting-tools

Social Engineering tools:

A social engineering toolkit
helps address the human element aspect of penetration testing. Social
Engineering Toolkit has many number of downloads and helps in enhancing attacks
in social engineering type environment. Many consulting companies believe that
social engineering is one of the hardest attacks to protect against and now one
of the most prevalent.

http://www.ijera.com/papers/Vol4_issue12/Part%20-%206/AI041206240244.pdf

 

Post Exploitation

Post-Exploitation phase
is to determine the value of the machine compromised and to maintain control of
the machine for later use. The value of the machine is determined by the
sensitivity of the data stored on it and the machines usefulness in further
compromising the network. The various phases of post exploitation includes, understanding the victim, Privilege escalation, cleaning tracks and
staying undetected, collecting system information and data setting up
backdooring and root kits and pivoting to penetrate internal networks

 

https://www.packtpub.com/mapt/book/networking_and_servers/9781782163589/7/ch07lvl1sec34/what-is-post-exploitation