Page

Tuesday, March 31, 2009

Password Hacking

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.


Most passwords can be cracked by using following techniques :


1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.


Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.


A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.


Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.


Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.


Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

 

Source:- http://www.insecure.in/password_hacking.asp

Posted by at 1 comment:
Labels: , , , ,

Network Hacking

Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.


It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.


Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.


To ping a particular host the syntax is (at command prompt)--

c:/>ping hostname.com

example:- c:/>ping www.google.com

Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.


Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It's syntax is (at command prompt)--

c:/>netstat -n

Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--

c:/>telnet hostname.com

By default telnet connects to port 23 of remote computer.
So, the complete syntax is-

c:/>telnet www.hostname.com port

example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21


Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It's syntax is (at command prompt)--

c:/>tracert www.hostname.com

example:- c:/>tracert www.insecure.in

Here "*    *    *    Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact operating system running on target system.

 

Source:- http://www.insecure.in/network_hacking.asp

Posted by at No comments:
Labels: , , , , , , ,

Increase Virtual RAM - To Make Your System Faster

Follow the steps given below :-
1) Hold down the 'Windows' Key and Press the 'Pause/Break' button at the top right of your keyboard.
Another way is Right-Clicking 'My Computer' and then Select 'Properties'.
2) Click on the 'Advanced' tab.
3) Under 'Performance', click 'Settings'.
4) Then click the 'Advanced' tab on the button that pops up.
5) Under 'Virtual Memory' at the bottom, click 'Change'.
6) Click the 'Custom Size' button.
7) For the initial size (depending on your HD space), type in anywhere from 1000-1500 (although I use 4000), and for the Maximum size type in anywhere from 2000-2500 (although I use 6000).
8) Click 'Set', and then exit out of all of the windows.
9) Finally, Restart your computer.
10) You now have a faster computer and 1-2GB of Virtual RAM..!

Article Source:- http://www.insecure.in/system_faster_trick.asp

Posted by at No comments:
Labels: , , , , ,

Wednesday, March 11, 2009

Yahoo Messenger User Status Checking Ways Yahoo Invisible User Detection

Many people now days prefer to stay offline while using Yahoo Messenger so how to find Status of someone?

Yahoo Messenger

There are many ways of finding people who are online but yet invisible.I'm going to describe many of those methods by this post As all we knows that Yahoo has a Stealth settings feature that lets you choose the people who see you as online and offline (Invisible Mode). But may be you want to figure out these peoples really online or offline.

There are few methods for check user stats in yahoo messenger.I'm going to discuses them one by one: Doodle IMvironment Method Double Click on the user whose status you want to check.

Message window will open. Click IMVironment button, select See all IMVironments, select Yahoo! Tools or Interactive Fun, and click on Doodle.

After loading the Doodle IMVironment, there will be two possibilities.


  • If the user is off line, the Doodle area will show “waiting for your friend to load Doodle” continuously.
  • If the user is online (in invisible mode), after few seconds (it can take up to one minute, depending on connection speed), you will get a blank page. So the user is online!
k by that you can find out user is offline or invisible.
BuddySpy Method:
Buddy Spy is a program for Yahoo Messenger status checking. Buddy Spy you can bypass Yahoo Messenger's Invisible Settings and check user stats for you. With its quick and intuitive interface Buddy Spy offers you the ability to see if your friend is truly online or if they are invisible. Buddy Spy offer you online checking, but it will also tell you whether your friend is in a Chat Room or even if their Web Cam is online, isn't it great ?
Download it from here BuddySpy
Using online Free tools:
I always use like this kind of tools if they available because they are easy to use and no need to install to my pc. Also with those sites we can secure our privacy because when we doing this we do connect through the site.
These are great sites I found that we can use to find peoples in yahoo messenger invisible mode.
  1. Open invisible-scanner
  2. Open Invisiable Net
  3. Open myspytool com
Posted by at No comments:
Labels: , , , , , , , ,

Convert a FAT volume or a FAT32 volume to NTFS Fomat

This tutorial will show you how to convert FAT or FAT32 Volume to NTFS Format

Convert a FAT volume or a FAT32 volume to NTFS Fomat

Please Note:
Backup your any important data before doing this we highly recommend to do so because
there is a chance to corruption or data loss during the conversion is minimal, So we recommend that you perform a backup of the data on the volume that you want to convert before you start the conversion.
Now I'm going to show you how to convert Fat , Fat32 to NTFS format by 5 steps:

  • First Click "Start" , Then "All Programs", "Accessories", and then click "Command Prompt".
  • At the command prompt, type the following, drive letter is the drive that you want to convert:
convert drive letter: /fs:ntfs
Ex: convert d:/fs:ntfs
If the operating system is on the drive that you are converting, you will be prompted to schedule the task when you restart the computer because the conversion cannot be completed while the operating system is running. When you are prompted, click "YES".
  • When you receive the following message at the command prompt, type the volume label of the drive that you are converting, and then press ENTER:
The type of the file system is FAT.
Enter the current volume label for drive drive letter
  • When the conversion to NTFS is complete, you receive the following message at the command prompt:
Conversion complete
  • Quit the command prompt and you're done!
  • Article Source: http://tutorial-net.blogspot.com/2008_05_03_archive.html
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)