Password Based Attack (THC Hydra)

Password is a secret word that is used for authentication or proves your identity, password is a foundation of security for most computer or computer networks. Usually a normal user do not know the importance of password, many users choose the simplest
password such as a pet’s name to help them remember it.

Nowadays, many services use cryptography technique to secure their information, cryptography is the art of secret communication, by using cryptography techniques you can secure your password and make your password difficult to crack.

There is a different techniques to crack passwords below are the example of different techniques.

Guessing

This is an old but simplest method that an attacker used to crack passwords, as i told earlier that a normal user do not know the importance of password and a normal user do not care about passwords, many of the people use very weak passwords such as their pet’s name, lover name, friend or relative, phone numbers or passport numbers etc.
If your password is so weak than an attacker who knows you personally can easily guess your password, so be careful while choosing your passwords. If an attacker does not you personally so he/she uses some of social engineering technique to get your personal information.

Dictionary Based Attack

Dictionary attack happen when an attacker create a wordlist(a dictionary) which contains some commonly used passwords, name of places, common names, and other commonly used words. To avoid this type of attack you must choose a strong password.
There is various password cracking tools present on the internet like:

● Cain & able
● John the Ripper
● THC hydra
● Aircrack (WEP/WPA cracking tool)
● L0phtcrack
● Brutus
● Or more.

THC hydra

THC hydra is a network authentication cracker which supports many different services, click here for more information.

 

When you will get this screen that ask you to enter the password, if an attacker is not the authorized person than an attacker try to crack it, in our example i will show how to use Thc hydra to pergorm the desired task.

Download thc hydra than use command prompt 

C:\Documents and Settings\user\Desktop>hydra

After that Type "hydra -L userslist.txt -P passlist.txt xxx.xxx.xxx.xxx ftp" and press
enter.

In our case hydra -L wordlist.txt -P passlist.txt 192.168.1.1 ftp and press enter.

 

Hacking A computer With Just IP address!!

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.

It was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.

Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.

Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.

Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.

 I came across to my terminal and open telnet to the victim by using the default password and I was in and now I was able to take control of this computer but this was not include in the plan.

FTP (file transfer protocol), I came to my terminal again and this time I have used FTP command with the same combination of user name and password and successful. Remember FTP access means you can download and upload files on remote computer means full access. You can use some GUI ftp client but I used command.

Countermeasure

• Always use a strong password
• Turn on your Firewall (both on router and computer)

Binding Exe file with Picture or any file extension

1. Firstly, create a new folder and make sure that the options 'show hidden files' is checked and ‘hide extensions for known file types’ is unchecked. Basically what u need is to see hidden files and see the extension of all your files on your pc.

2. Paste a copy of your server on the new created folder. let's say it's called server.exe (that's why you need the extension of files showing, cause you need to see it to change it)

3. Now you’re going to rename this server.exe to whatever you want, let’s say for example picture.jpeg

4. Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5. Now create a shortcut of this picture.jpeg in the same folder.

6. Now that you have a shortcut, rename it to whatever you want, for example, me.jpeg.

7. Go to properties (on file me.jpeg) and now you need to do some changes there.

8. First of all delete all the text on field START IN and leave it empty.

9. Then on field TARGET you need to write the path to open the other file (the server renamed picture.jpeg) so u have to write this: C:\WINDOWS\system32\cmd.exe /c picture.jpeg

10. The last field, c picture.jpeg is always the name of the first file. If you called the first file soccer.avi you gotta write C:\WINDOWS\system32\cmd.exe /c soccer.avi got it?

11. So what you’re doing is when someone clicks on me.jpeg, a cmd will execute the other file picture.jpeg and the server will run.

12. On that file me.jpeg (shortcut), go to properties and you have an option to change the icon. click that and a new window will pop up and u have to write this: %SystemRoot%\system32\SHELL32.dll . Then press OK.

13. You can set the properties HIDDEN for the first file (picture.jpeg) if you think it’s better to get a connection from someone.

14. But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.



This method can be applied to ANYTHING....Just use the imagination,mp3, etc etc

Setting Up Darkcomet RAT with pictures (Noob friendly)

                       How To Setup Darkcomet RAT In Depth

I have seen many guides related setting up Darkcomet and even though some have pictures and some don’t they really don’t appeal to me so I am making a nice in depth comprehensive guide.

1. Download Darkcomet Here (took this out of another topic cannot remember which one)
2. Unpack to desktop or other location

Now that you have done those 2 simple steps the next step is rather easy. In order for your server to connect to you, you will need a dns that will update along with your IP so your server will always connect.

Create a account at http://www.no-ip.com/

Create a host by:
1. Clicking on Host/Redirects and then on add host.

2.Click in hostname and create your own for instance test then in the drop down box pick a domain name in this case it is zapto.org so your full hostname would be test.zapto.org. The IP Address etc. will be entered automatically.

 3. Once completed click create host.

The next step is to download No-IP DUC http://www.no-ip.com/downloads.php?page=win

Once it is downloaded installed it enter your username and password for username and then select your domain name and the IP will update automatically.

Part 2: How To Setup Darkcomet + Port Forward

First port forwarding now that is a problem I use a livebox and you use something else so best thing to do is find a guide on here http://portforward.com/. The next thing you do once you are in your router port forward 1604 on TCP and UDP.

Now all that is done lets get on to setting up Darkcomet.

1. Run Darkcomet
2. Once open click Darkcomet on top left and click client settings

3. Once you clicked settings click on No-IP Updater and fill out the relevant information.

 Now all of that is done you are ready to create a server and start spreading!.

Part 3: Creating A Server

This next part is really simple! And rather quick.

1. On the top left click Darkcomet RAT got to server module then full editor

 2. Now you will see the screen below!

 • Process Mutex: Click it a few times
• Server ID: Give it a ID so you know what it is
• Profile Name: Pretty self explanatory.

3. Click network settings.

 Ok this one is a important step

• IP/DNS put in your No-IP.com host you made and the port 1604 which is what you portforwarded and then click add.

Ok now you want to click build the stub and tada you created your server if all is done correctly you should see a slave if they open your file if not test it on your self using sandboxie.

If all goes well you should see this:

 I also forgot to add that the server will not be FUD you will need to encrypt it so anti-viruses will not detect it. (This will be a new tutorial) {HERE}

How to find Admin Login page Of a website

In this tutorial We will Use a Perl script and Use it to Find the admin page of a website

First:Download HERE It is script You will use to Find the admin page
Second:Download and install Activeperl From their Website,Its free

Procedure:
 After installation Of Active perl ,Extract the Admin Script In C:\perl\bin Folder and Then Goto Start>RUN>Type CMD and hit enter. Type in command Prompt "cd C:\perl\bin"

Now Type "admin.pl"

Now type The Url of website You wish to Find the admin Page of ,And Its done.

Hacking a website with SQL injection

SQL injection:

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software More On Wikipedia.

 Now the point is that we are going to use a tool for Hacking a website By SQL injection Method.

Requirements:

• This Software Here
• A website That is Exploitable.

Lets Begin !!

Now After you have found a vulnerable site Copy the link to the Havij Bar and leave every thing in that software Exactly the same.

Click analyze And after It has finished Click The "Tables" column

And Then Get DBs It will then download the databases from the website, After completion Select The database and then click Tables Tab It will Bring some Tables On the database server.

Select Any Table Involving Name like 'Users' 'Admin' etc and click Get Columns Tab, After the columns are loaded explore the and Find the username Or User column and password column.And click "Get data" You will get the data of columns you selected So There you are You have got the username and password of accounts ,Find The Id Number "1" Which is usually the Id Of the Admin ,Use the username and Password to go to Admin Panel of website.

 Thats It !!! Now you Can deface The website Using this Method .(Here)

And You can find the Admin Login Page Of a Website (Here)

How To Deaface A Website