ACTIVE DIRECTORY ATTACK – DCSHADOW

18/09/2018 — Yogi

https://www.c0d3xpl0it.com/2018/06/ad-attacks-dcshadow.html

Posted in Hacking,Tricks. Leave a Comment »

10 Top Websites to get cracked and serial keys of software

30/04/2017 — Yogi

1. http://www.youserials.com/

2. http://www.smartserials.com/

3. http://www.serialportal.com/

4. http://www.cracktop.com/

5. http://www.unlimitedserials.com/

6. http://www.superserials.com/

7. http://www.serialkey.net/

8. http://www.keygenguru.com/

9. http://www.serialcoded.com/

10. http://www.crackdb.org/

 

Posted in Hacking,Tricks. Leave a Comment »

24/11/2015 — Yogi

hacking-tools

Posted in Hacking,Tricks. Leave a Comment »

Command Prompt Commands Tricks

16/10/2015 — Yogi

1. Copy CMD output directly to clipboard

IT guys run some command prompt commands and then to share the output, they copy paste the output by right clicking cmd and marking the stuff and pressing enter, then paste. This is lots of unecessary work 😉 and waste of time.

Here’s the command prompt trick, type in your command for example, ipconfig and postfix ‘ | clip ‘ to directly copy your cmd output to clipboard.

clip

now, Select Paste to paste the stuff directly to notepad, TADAA…! Awesome, ain’t it? 😀 🙂

clip2

2. Open Command Prompt in a specific Folder

CMD usually opens up in either User or System folder depending upon whether you ran it as administrator or not.
If you want to run a particular file in a specific folder (suppose d:\docs\bills.txt), then your approach will be CMD >  (Change directory) cd d:\docs\ so that command prompt can navigate to the location, then you will run the Bill.txt file.

Now here is the Command prompt trick 🙂 , just navigate to the folder and press and hold SHIFT KEY and then Right click and you will see a popup menu with some extra items, like the one in below picture.

cmd1

Select open command window here  to directly open the CMD prompt with the path to that folder directly.

3. Run CMD as Admin

You can simply press Ctrl+Shift+Enter to open command prompt with admin privileges or an Elevated command promt. This Command prompt trick will work for all the programs installed on your system.

4. CMD  History

Check last used command prompt commands in a session using the navigation (Up, Down, Left, Right ) buttons, but you can see list of all the commands by pressing the F7 button.

f7

5. Drag and Drop Files to Change Path

If you are already in command prompt, and you want to copy the exact path to a folder or file to run the file or change the present working directory, you can simply drag and drop file or the folder on the command prompt.

6. Run Commands Simultaneously

You can put && between two commands and execute them one after another. The command on the left will execute first followed by the command on the right of the double ampersand.

amp

Posted in Hacking,Tricks. Leave a Comment »

7 Delicious Layers of Enterprise End-User Computing Security You Need to be Considering

19/04/2014 — Yogi

Here’s how we look at the seven layers of security:

Security

Security Layer #1 – Anti-Virus Scan of Host PC
Malware has become increasingly vicious and an attack can instantly cripple an organization and cost millions of dollars to clean up. In order support this need, Moka5 partnered with security leader AVG. Moka5’s built-in AVG anti-virus constantly monitors for key loggers and screen scrapers, and ensues that these are not present on the host computer at startup.

Security Layer #2 – Full Virtual Machine Encapsulation
With full virtual machine encapsulation, a policy-enforced container keeps corporate data separate from personal files. Although the virtual machine “borrows” what it physically needs from the host (CPU, RAM, keyboard, mouse, monitor, etc.), the operating system, applications and data are kept separate. Not only does this prevent viruses and malware on the host from infecting the container, but it also helps eliminate data leaks and IP loss.

Security Layer #3 – AES-256 Encryption
If encryption is enabled, Moka5 will encrypt all LivePC containers using AES (128-bit or 256-bit) encryption. AES-256 encryption of the container ensures compliance with data security standards and privacy regulations.

Security Layer #4 – Tamper Resistance and Copy Protection
Taper-resistance and copy protection keep the container itself or its metadata from being moved or edited.

Security Layer #5 – Active Directory credentials or Two-Factor Authentication
LDAP/AD integration and two-factor authentication support ensures that you can use your existing access control processes.

Security Layer #6 – Seamless Updates and Granular Policies
130+ granular security policies give IT full control over the container, allowing them to configure data security in the way that best meets their unique requirements. These security protections can be tailored for specify users or applied across an entire organization.

Security Layer #7 – Remote Kill
The ability to remote revoke or remote kill allows IT to wipe the encrypted container from lost or stolen devices over the Internet or though a timeout mechanism.

Posted in Hacking,Tricks. Leave a Comment »

Offline NT/2000/XP/Vista/7 Password Changer

23/12/2013 — Yogi

Section 0. Background Information
  1. What is Hiren’s Boot CD?
    • Hiren’s BootCD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted.
    • http://www.hiren.info/pages/bootcd
  2. Lab Notes
    • In this lab we will do the following:
      1. Download the Hiren’s iso
      2. Boot Damn Vulnerable WXP-SP2 into the Hiren’s Environment
      3. Use the Offline Password Changer to clear the Administrator’s Password
  3. Prerequisites
    • Instructions:
      1. This will work on Windows NT, 2000, XP, Vista and 7
      2. This lab uses the Damn Vulnerable WXP-SP2 Virtual Machine.
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.
Section 1. Prerequisite
  1. Open A Firefox Browser
    • Notes:
      • Login to the machine that has VM Player Installed.
    • Instructions:
      1. Click on the Windows Start Button
      2. Type firefox in the search box
      3. Click on Mozilla Firefox

     

  2. Place Link in Firefox Browser

     

  3. Navigate and Save
    • Instructions:
      1. Navigate to your external USB hard drive.
      2. Create a directory call Hirens on your
      3. Click Save

     

Section 2. Configuring VMware to play Hiren’s
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable Windows XP
      2. Click on Edit virtual machine

     

  2. Configure CD/DVD (IDE)
    • Instructions
      1. Configure CD/DVD (IDE)
      2. Click the radio button “Use ISO image file:”
      3. Click the Browse button and Navigate to the location of the Hiren’s.BootCD.14.0.iso
      4. Click the Options Tab

     

  3. Configure Operating System Settings
    • Instructions
      1. Settings: General
      2. Guest operating system: Linux
      3. Version: Other Linux 2.6.x kernel
      4. Click on OK

     

  4. Start Damn Vulnerable WXP-SP2
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  5. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the key.
    • Note(FYI)
      1. Beginners be patient, this might take a few times.  <Grin>

     

  6. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

 

Section 3. Starting up the Offline NT/2000/XP/Vista/7 Password Changer
  1. Select “Offline NT/2000/XP/Vista/7 Password Changer” (See Below)
    • Instructions
      1. Arrow Down to Offline NT/2000/XP/Vista/7 Password Changer
      2. Press Enter

     

  2. Linux Kernel Boot options
    • Instructions
      1. Press Enter.

     

  3. Partition Selection
    • Instructions
      1. Type “1
      2. Press Enter.

     

  4. Unclean File System Message
    • Instructions
      1. Do you wish to force it (y/n) [n] y
      2. Press Enter.

     

  5. What is the path of the registry directory?
    • Instructions
      1. [WINDOWS/system32/config] Just Press Enter

     

  6. Select which part of the registry to load
    • Instructions
      1. Type “1
      2. Press Enter.

     

  7. Select Hive
    • Instructions
      1. Type “1
      2. Press Enter.

     

  8. Type in the username that you would like to reset.
    • Instructions
      1. Type “Administrator
      2. Press Enter

     

  9. User Edit Menu
    • Instructions
      1. To clear the password, select 1.
      2. Press Enter
    • Notes(FYI)
      • You also have the ability to do the following
        1. Set a new password
        2. Promote a user to an Administator
        3. Unlock Accounts

     

  10. Reviewing Results
    • Instructions
      1. There will be a message that says “Password cleared!”
      2. To quit the application, type “!
      3. Press Enter

     

  11. Back to Loaded Hives Selection
    • Instructions
      1. Type “q” to quit.
      2. Press Enter

     

  12. Writing back changes selection
    • Instructions
      1. Type “y” to save changes.
      2. Press Enter

     

  13. New Run Selection
    • Instructions
      1. Type “n” to quit
      2. Press Enter

 

Section 4. Proof of Lab
  1. Proof of Lab Instructions
    • Instructions:
      1. date
      2. Press <Enter>
      3. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
      4. Do a PrtScn
      5. Paste into a word document
      6. Upload to Moodle

     

  2. Poweroff Operating System
    • Instructions
      1. Type “poweroff
      2. Press Enter

     

  3. CPU Disabled Message
    • Instructions
      1. Click OK

     

  4. Poweroff Virtual Machine
    • Instructions
      1. Virtual Machine –> Virtual Machine Settings –> Power Off
      2. Click Yes
Section 5. Configuring your original VMware back to play Windows XP
  1. Edit Virtual Machine Settings
    • Instructions
      1. Select Damn Vulnerable WXP-SP2
      2. Select Edit Virtual machine settings

     

  2. Configure CD/DVD (IDE) Settings
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Use physical drive: Radio Button
      3. Select Auto detect
      4. Click on the Options Tab

     

  3. Configure Operating System Settings
    • Instructions
      1. Select General
      2. Guest operating system: Microsoft Windows
      3. Version: Windows XP Professional
      4. Click on the OK Button

     

  4. Start Damn Vulnerable WXP-SP2
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

 

Section 6. Logging into Windows after password was cleared

 

  1. Login as user administrator (See Below)
    • Instructions:
      1. Remember you cleared the password, so leave the password field blank.
      2. Click on OK.

 

Section 7. Set Administrator’s Password

 

  1. Open Control Panel
    • Instructions:
      1. Start –> Control Panel

     

  2. Open User Accounts
    • Instructions:
      1. Click on User Accounts

     

  3. Open the Administrator Account
    • Instructions:
      1. Click on Administrator

     

  4. Select Create a password
    • Instructions:
      1. Click on Create a password

     

  5. Create a password for your account
    • Instructions:
      1. Type a new password:
      2. Type the new password again to confirm:
      3. Click Create Password
Posted in Hacking,Tricks. Leave a Comment »

Installing BackTrack 5 R1

23/12/2013 — Yogi

Section 0. Background Information
  1. What is BackTrack5
    • BackTrack is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5, code name “Revolution.”
    • BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option
    • BackTrack includes many well known security tools including
      • Metasploit integration
      • RFMON Injection capable wireless drivers
      • Aircrack-NG
      • Kismet
      • Nmap
      • Ophcrack
      • Ettercap
      • Wireshark (formerly known as Ethereal)
      • BeEF (Browser Exploitation Framework)
      • Hydra
    • BackTrack Download
  2. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1. Create a New Virtual Machine
  1. Create a New Virtual Machine. (See Below)

     

  2. New Virtual Machine Wizard
    • Instructions:
      1. Select the radio button “Installer disc image file (iso):”
      2. Click the Browse Button.
      3. Navigate to where you BT5 iso is located.
      4. Select the BT5 iso
      5. Click Next

     

  3. New Virtual Machine Wizard
    • Instructions:
      1. Guest operating system:  Linux
      2. Version: Ubuntu
      3. Select Next

     

  4. New Virtual Machine Wizard
    • Instructions:
      1. Virtual machine name: BackTrack5R1
      2. Location: In my case, I saved it to my USB drive, located in H:\BackTrack5R1\
      3. Select Next

     

  5. New Virtual Machine Wizard
    • Instructions:
      1. Maximum disk size (GB): For our purposes use 20GB.
      2. Radio Button:  Store virtual disk as an single file
      3. Select Next

     

  6. New Virtual Machine Wizard
    • Instructions:
      1. Click on the “Customize Hardware…” button

     

  7. New Virtual Machine Wizard
    • Instructions:
      1. Click on Memory (which is highlighted in blue)
      2. Click on 512 MB. (Recommended is 1024 MB, but not really needed for lab purposes).
      3. Do not click on OK

     

  8. New Virtual Machine Wizard
    • Instructions:
      1. Click on Network Adapter
      2. Click on “Bridged: Connected directly to the physical network”
      3. Click OK.

     

  9. Click on the Finish button.
    • Instructions:
      1. Click the Customize Hardware… button

     

  10.  Start the Boot Process
    • Instructions:
      1. Press Enter

     

  11. BackTrack Live CD
    • Instructions:
      1. Select “BackTrack Text – Default Boot Text Mode”
      2. Press <Enter>

     

  12. Bring up the GNOME
    • Instructions:
      1. Type startx

 

Section 2. Install BackTrack to Harddrive
  1. Install BackTrack to Harddrive
    • Instructions:
      1. Option 1: Double Click on the icon labeled “Install BackTrack”
        • OR
      2. Option 2: System –> Administration –> Install BackTrack Live

     

  2. Select Language
    • Instructions:
      1. In my case: English.
      2. Click Forward

     

  3. Select Language
    • Instructions: (In my case)
      1. Region: English
      2. Time Zone: United States (Chicago)
      3. Click Forward

     

  4. Select Language
    • Instructions: (In my case)
      1. Suggested option: USA
      2. Click Forward

     

  5. Select Language
    • Instructions:
      1. Select “Erase and use the entire disk”
      2. Select Forward
    • OR Note (This is optional)
      1. If you select “Specify partitions manually”, then you can create you own file systems layout.
        • /     – 2000 MB
        • /boot – 500  MB
        • swap  – 1280 MB (Double Memory)
        • /tmp  – 1000 MB
        • /home – 2000 MB
        • /var  – 2000 MB
        • /usr  – 3000 MB
        • Then use the rest as needed using volume management.

     

  6. Select Language
    • Instructions:
      1. Click on Install

     

  7. Informational
    • Note(FYI):
      • The installation process will take between 10 and 45 minutes depending on your systems resources.

     

  8. Consistency Reboot
    • Instructions:
      1. Click on Restart Now

 

Section 3. Login to BackTrack
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Virtual Machine –> Virtual Machine Settings…

     

  2. Edit CD/DVD (IDE)
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Click on Use physical drive:
        • Select Auto detect
      3. Click the OK Button

     

  3. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor

     

  4. Bring up the GNOME
    • Instructions:
      1. Type startx

     

  5. Bring up a console terminal
    • Instructions:
      1. Click on the Terminal Console Icon

     

  6. Change root’s password
    • Instructions:
      1. passwd root
      2. Use our standard class password

     

  7. Create a student account and set password
    • Instructions:
      1. useradd -m -d /home/student -c “Security Student” -s /bin/bash student
      2. passwd student
      3. Use our standard class password

 

Section 4. Installing VMware Tools
  • Why are we installing VMware tools?
    • It’s nice to be able to cut and paste from the host machine into the VMWare instance.
  1. Install build-essentials and linux-headers
    • Instructions:
      1. You must be root!!!
      2. aptitude install build-essential linux-headers-$(uname -r)

     

  2. Installation Question and Answer
    • Instructions:
      1. Do you want to continue? [Y/n/?] Y

     

  3. Mount VMware Tools
    • Instructions:
      1. Virtual Machine –> Install VMware Tools…

     

  4. Check if VMware Tools is mounted
    • Instructions:
      1. df -k
    • Notice that /media/VMware Tools is mounted.

     

  5. VMware Tools Set Up Work
    • Instructions:
      1. cd /media/VMware\ Tools
      2. ls -lrta
      3. cp VMwareTools* /var/tmp
      4. cd /var/tmp
      5. gunzip VMwareTools*
      6. tar xovf VMwareTools*

     

  6. Install VMware Tools
    • Instructions:
      1. cd /var/tmp/vmware-tools-distrib
      2. ./vmware-install.pl
      3. yes

     

  7. Press Enter on the following Questions (See Below)

     

  8. Press Enter on the following Questions (See Below)

     

  9. Press Enter on the following Questions (See Below)
    • Note(FYI):
      • Answer “no” to changing the kernel header path…

     

  10. Press Enter on the following Questions (See Below)

 

Section 5. Proof of Lab
  1. Proof of Lab
    • Note(FYI):
      1. A new /boot/initrd.img-2.6.39.4 will be generated.
      2. You will have to reboot for the changes to take affect.
    • Instructions:
      1. cd /
      2. ls -l /boot/initrd.img-2.6.39.4
      3. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

     

  2. Power Off Machine
    • Note(FYI):
      • If you want to continue using BackTrack, then don’t power off the machine.
    • Instructions:
      1. poweroff

     

 

Posted in Hacking,Tricks. Leave a Comment »

Password Cracking

23/12/2013 — Yogi

{ Using Kali, bkhive, samdump2, and John to crack the SAM Database  }

Section 0. Background Information

What is the SAM Database?

    • The SAM database is the Security Accounts Manager database, used by Windows that manages user accounts and other things. It is implemented as a registry file that is locked for exclusive use while the OS is running.
  2. What is Kali?
    • Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution.
    • Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards, which contains for the following features:
      • More than 300 penetration testing tools
      • Vast wireless device support
      • Custom kernel patched for injection
      • Secure development environment
  3. What is bkhive?
    • bkhive dumps the syskey bootkey from Windows NT/2K/XP/Vista system hive.
  4. What is samdump2?
    • samdump2 dumps the Windows NT/2K/XP/Vista password hashes.
  5. What is John the Ripper?
    • John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
  6. Lab Notes
    • In this lab we will do the following:
      1. We will boot Windows into Kali.
      2. We will use Kali to mount the Windows Disk Partition that contains the SAM Database.
      3. We will use bkhive and samdump2 to extract password hashes for each user.
      4. We will use John the Ripper to crack the administrator password.
  7. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.
Section 1. Log into Damn Vulnerable WXP-SP2
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
      3. Click the OK Button
Section 2. Change Administrator Password
  1. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt
  2. Change the Administrator Password
    • Instructions:
      1. net user administrator football
    • Note(FYI):
      1. We are changing the password to something that is in the dictionary to show you how easily it can be cracked.
    • .
  3. Shutdown Windows Machine
    • Instructions:
      1. shutdown -s -t 0
    • Note(FYI):
      1. shutdown -s, shutdown the machine.
      2. -t 0, give the user a grace period of 0 seconds.  The default is 30 seconds.
Section 3. Configure Windows to boot from Kali
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Check the Connect at power on checkbox
      3. Click on the Use ISO Image File: radio button
      4. Click the Browse Button and Navigate to Kali.iso location
      5. Select the Kali.iso
      6. Click on the OK Button
Section 4. Power on Virtual Machine and Obtain Boot Menu
  1. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  2. Obtain Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the “<Esc>” key
    • Note(FYI):
      1. This might take you a few times so be patient!!!
  3. Boot Menu Options
    • Instructions:
      1. Arrow Down to CD-ROM Drive
      2. Press <Enter>
Section 5. Mount Windows Disk Partition with Kali
  1. Kali Linux Boot Menu
    • Instructions:
      1. Arrow Down to Live (686-pae)
      2. Press <Enter>
    • Note(FYI):
      1. Note this will usually be the first selection.
  2. Open a Terminal Window
    • Instructions:
      1. Click on the Terminal Window Icon
  3. View and Mount Windows Disk
    • Instructions:
      1. fdisk -l
        • Where “-l” is the lower case letter L.
      2. mount -t ntfs /dev/sda1 /mnt
    • Note(FYI):
      1. The fdisk command will allow you to see the partition table for one or many disk(s)
      2. The mount command will mount a file system.  Since this is a Windows file system, I am specifying the “-t ntfs” option.
  4. View Mount Point
    • Instructions:
      1. df -k
    • Note(FYI):
      1. The df command reports on file system disk space usage.
      2. Arrow #1 is point to the Windows Disk.
      3. Arrow #2 is the /mnt point that the Windows Disk is not mounted on.
  5. View Windows Disk Contents
    • Instructions:
      1. cd /mnt
      2. ls
      3. cd WINDOWS/system32/config
    • Note(FYI):
      1. Since we mount the windows disk boot partition (/dev/sda1) on top of the /mnt directory, we have to cd into it to see its’ contents.
      2. The ls command will list the directories contents.
      3. This is where the SAM database lives.  The SAM database is where all the Windows passwords live. 
Section 6. Using bkhive and samdump2
  1. Using bkhive and samdump2
    • Instructions:
      1. ls
      2. bkhive system /root/hive.txt
      3. samdump2 SAM /root/hive.txt > /root/hash.txt
    • Note(FYI):
      1. ls the contents of the /WINDOWS/system32/config directory.
      2. bkhive dumps the syskey bootkey from Windows NT/2k/XP/Vista system hive.
      3. samdump2 dumps the Windows NT/2k/XP/Vista password hashes.
  2. View Hash Contents
    • Instructions:
      1. cd /root
      2. ls -l *.txt
      3. file *.txt
      4. cat hash.txt
    • Note(FYI):
      1. Change directory into /root, because that is where we put our hive and hash files.
      2. List out the files using a wildcard (*).
      3. Determine the file type of the hash and hive files, where the hash file is (ASCII) and the hive file is (Compressed Binary).
      4. View the contents of the hash file
Section 7. Using John the Ripper
  1. Run John the Ripper
    • Instructions:
      1. john /root/hash.txt -format=nt2 -users=Administrator
      2. cd /root/.john
      3. ls -l
      4. cat john.pot
    • Note(FYI):
      1. John is a password cracking tool.
      2. After john is ran, it stores the results in the .john directory under the current user’s home directory.  (e.g., /root/.john).
      3. Use “ls -l” to show the detail listing of the files.
      4. View the contents of the john.pot file which contains the cracked passwords.
Section 8. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. cd /root/.john
      2. ls -l
      3. cat john.pot
      4. date
      5. echo “Your Name”
        • This should be your actual name.
        • e.g., echo “John Gray”
    • Proof of Lab Instructions:
      1. Do a PrtScn
      2. Past into a word document
      3. Upload to Moodle.
Section 9. Post Installation Instructions
  1. Un-Mount and Poweroff the Virtual Machine
    • Instructions:
      1. cd
      2. umount /mnt
      3. poweroff
  2. Remove Disc Message
    • Instructions:
      1. Press Enter
  3. Edit Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  4. Edit Virtual Machine Settings
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click on the Use physical drive: radio button
      3. Select Auto detect from the down drop menu
      4. Click on the OK Button
Posted in Hacking,Tricks. Leave a Comment »

Hacking Software

05/03/2013 — Yogi

1. Nmap –The Network Mapper :

Nmap is one of the most widely used open source network mapping utility which scans & detects for ports, Operating systems, its services & used to manage networks. Nmap is available for windows & Linux also but it was  basically designed for a linux/Unix box, which works best with it also.

Learn More about Nmap

Download Nmap

2. John The Ripper Password Cracker

John the Ripper is a fastest password cracker, Now available for many distros of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. It is also well known as JTR, the most deadliest cracker of all time.

Learn More About John The Ripper

Download John The Ripper

3. Nessus Remote Security Scanner

Nessus is basically a vulnerability scanner used by most of the well known organizations of the world for making their security audits. Nessus were open source in past, but now its a closed source one but a free software, which scans for thousands of general & critical vulnerability problems in any network.

Learn More About Nessus

Download Nessus

4. Wireshark – The Sniffer

It was formerly knows as Eathereal. It  is  network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. Its open sources’ness gives it to grow from all dimensions & it gives more than a quality network analyzers that are present in the market.

It have a GUI works great with both Linux & Windows.

Learn More About Wireshark

Download Wireshark

5. Eraser

Eraser is an advanced security tool (for Windows). We can completely remove sensitive data from your hard drive by overwriting it several times which is done with carefully selected patterns. Eraser is Free software and its source code is released under GNU General Public License as it is a open source one. Works with all versions of windows as -> Windows 95, 98, ME, NT, 2000, XP and DOS.  Its great tool for hiding secret things & mainly deleting it.

Learn More About Eraser

Download Eraser

6. LCP – Windows Password Cracker

LCP is one of the well known free software for cracking windows passwords in many versions like Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing can be easily done by LCP. It is similar to LOphtcrack.

It have various modes like bruteforce, dictionary attack & hybrid attack.

Learn More About LCP

Download LCP

7. Cain & Able Passwords Cracker

Its another password cracker for windows based system. P It collects passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, uncovering cached passwords, revealing password boxes,and analyzing routing protocols.

Interesting part is it sniffs itself, we don’t have to search for password files of any kind.

Learn More About Cain & Able

Download Cain & Able

8.SuperScan- Port Scanner

Superscan is great TCP/IP port scanner which is widely used for detecting the open ports or live hosts in given IP ranges. It have a GUI & made for windows & easy to use, don’t miss it.

Learn More About Superscan

Download Superscan

9. Nikto – CGI Scanner

Nikto is a great CGI scanner, which  is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. Which includes 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.

Learn More About Nikto

Download Nikto

10. Pof

Passive OS fingerprinting tool used widely for scanning operating system and it can scan for any operating system.

P0f can identify the operating system on:

– SYN Mode
– SYN+ACK mode,
– RST+ mode,
– machines whose communications you can observe.

It listens to any communication for detecting OS

Posted in Hacking,Tricks. Leave a Comment »

remote administration tool in C language

05/03/2013 — Yogi

http://www.hackingloops.com/search/label/Keyloggers?updated-max=2011-08-11T18:38:00-07:00&max-results=20&start=9&by-date=false

Posted in Hacking,Tricks. Leave a Comment »
« Older posts
%d bloggers like this: