What Is It?:
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
Download the TOR package and open a terminal in Linux. Type “tar xzf tor-X.X.X.XX.tar.gz” without quotes *note X.X.X.X is the version number. Next, Change the working directory to the newly unzipped folder by typing “cd tor-X.X.X.XX” without quotes and press enter.
The next thing we need to do is make and configure our files type”/configure && make” without quotes and press enter. We are now ready to install and run TOR. After this we want to type “make install Tor” without quotes and press enter.
Make sure you have Privoxy To use the recently installed Tor on Linux, Privoxy must also be present. Privoxy does not come with the Linux package like it does with the Mac and Windows packages.
When using Tor there are a few items to consider. First, Tor does not anonymize all internet traffic when first installed. The only traffic Tor makes anonymous is the traffic from Firefox.
Other applications must be configured with proxies before they can use the Tor Network. Second, the Torbutton in Firefox blocks technologies that can potentially leak identity.
These include: Java, ActiveX, RealPlayer, QuickTime, and Adobe plug-in. To use Tor with these applications the settings file must be reconfigured.
Third, cookies present before Tor is installed may still give away the identity of the user. To make sure the user has complete anonymity, clear out all cookies before installing Tor.
Fourth, the Tor Network encrypts all data up until the exit router of the network. To fully protect your data users should use HTTPS or other trusted encryption.
And fifth, make sure to verify the integrity of all applications downloaded from Tor. Applications can potentially be a problem if a Tor router is compromised.
Thanks for reading, don’t be evil!
Learning how to hack into systems and networks requires knowledge and understanding of how systems work in the first place, the best way to learn is by setting up your own private network with systems on it.
This is the way I have learned and have found it the most effective way of grasping concepts and thinking about ways of exploitation. We will be covering the following topics:
- Installing Operating Systems
- Configuring Network Settings (For Intercommunication)
- Setting Up Windows Server 2008 (Domain Controller Roles)
- Adding User Accounts In Active Directory
- Joining Windows Instances to the Domain
- Virtual Box Found Here
- Kali Linux 1.0 Found Here
- Copy Of Windows XP SP3 Found Here
- Copy Of Windows 7 64bit or 32bit
- Copy Of Server 2008 Found Here I recommend using Enterprise Edition.
Virtual Box from Oracle is free for personal use.
Windows XP – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
Windows 7 – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
Server 2008 – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
The first thing we need to do is install our operating systems, we are going to be installing Windows 7, Windows XP (SP3), Kali Linux, and Server 2008. Installation is pretty simple and straight forward in Virtual Box.
For demo purposes we are going to install Windows 7 first step by step, once you get a handle on the installation of Windows 7 it’s the same for all the other operating systems we are going to install.
I. Installing The Operating Systems
Step One: In Virtual Box click on the “New’ button to start the process of installing a new operating system. For this blog we are going to be installing XP, the process is the same for each OS. (Shown Below)
Step Two: Enter a name for the operating system, we are going to use Windows XP Pro SP3, make sure the Type is Microsoft Windows and the Version is Windows XP. After that click next (Shown Below)
Step Three: We are ready to select the size of memory we would like to allocate to this instance, set it to 512MB to be on the safe side and click next (Shown Below)
*512MB Should be okay for each OS, Kali Linux can get by on 256MB this is on a 4GB Core i5 Laptop
Step Four: We are ready to select the type of hard drive we are going to be using on this machine, I just leave it as the default “Create a virtual hard drive now” and press Create. (Shown Below)
Step Five: The type of virtual hard drive we are going to select is the default “VDI (VirtualBox Disk Image) select that and click Next (Shown Below)
Step Six: Select the directory in which you would like to save the virtual machine instance and also select the size of the virtual hard drive, since this is Windows XP 10GB should be sufficient. When installing Windows 7 or Server 2008 I recommend at least 25GB to each operating system. (Shown Below)
Step Seven: Now that we have pre configured Virtual Box for Windows XP, it is time point Virtual Box to our ISO file and boot it up so that we can initialize the Windows XP setup wizard. Highlight the new instance created and select Settings. (Shown Below)
Step Eight: Within the settings page, select “Storage” on the left hand side and then select the disc with the green plus sign in front of it (Shown Below)
Step Nine: Select Choose disk and browse to the Windows XP SP3 ISO image, it is now mounted as our CD-ROM device in Virtual Box. Now all we need to do is Start the instance and we will begin the Windows XP Setup wizard.
Repeat this process for all other operating systems you would like to run, these steps are the same for Windows 7, Windows Server 2008, Kali Linux etc etc…
II. Network Configuration
We want our operating systems to communicate with one another in our virtualized lab this can be done by configuring a few settings both within Virtual Box and the operating systems themselves.
Right click the instance and select settings from there go to network. Make sure Enable Network Adapter is checked off, next we want to select the drop down menu next to Attached to: and use Internal Network, we also want to specify a name for our virtual network (Shown Below)
Do this the same for all of our instances this will ensure that all of our different systems can talk to one another on the network just to make things easy for the time being.
III. Setting Up Server 2008 Server Roles
I am going to assume you know you how to setup a default 2008 server system we are going to cover installing and configuring the Roles, this includes Active Directory Services and DHCP services, it’s going to be our domains authentication / security / IP handling server.
*Make sure you remember your administrator credentials you set while installing 2008 Server Enterprise, you will need them later to join our hosts to the domain.
Step One: Click start and select Server Manager, inside the server manager right click on Roles and then select “Add Roles” You will then get an Add Roles window select Active Directory Domain Services (Shown Below)
Only Active Directory can be installed by itself so do not try and install DHCP along with it, it won’t let you proceed past this point. Click next, next and then install (Shown Below)
Once complete Server 2008 will reboot and Active Directory will be installed now we need to repeat the same process and install DHCP this time around. DHCP will allow our other OS instances to get IP addresses from our Server 2008 machine. (Shown Below)
You will get a message about the server not detecting a static IP being assigned, ignore this for now and continue we will assign a static IP address afterwards. It will ask us to provide a top level domain, name this whatever you’d like your domain name to be. Also provide it will the DNS IP address 10.1.10.1 we will assign our server this IP address statically so it never changes. (Shown Below)
Next you will be asked if anything is using WINS on the network choose No, and click next. We then will need to provide our DHCP scope for our lab we are going to set our scope from 10.0.0.1 – 10.255.255.254 with a subnet mask of 255.0.0.0 This is a standard Class A network that most enterprise class Cisco routers use.
It will ask you about IPv6 Stateless mode, make sure to DISABLE it as we will not have any IPv6 clients right now. Once finished we will have a summary screen and it should look something like this (Shown Below)
IV. Assigning Static IP Addresses
It’s important to assign static IP addresses because if we are going to be using this server as a Domain Controller all the hosts that authenticate to the domain will always need to be able to communicate with this server. Assigning a static IP address does just that.
Step One: Go to control panel and into Network Connections from there select your network interface card and right click it and select Properties (Shown Below)
Step Two: Select Internet Protocal in the window and select Properties, in there we need to configure a few settings. Make sure “Use The Following IP” is selected and plug in the settings shown below.
Click Ok and reboot the server, as you can see we are assigning an IP address of 10.0.0.1 with a Subnet mask of 255.0.0.0 and DNS pointed at 10.0.0.1. That’s it for assigning static IP addresses this is the same in Windows 7 and in Windows XP.
V. Running DC Promo & Configuring AD
We need to promote our 2008 Server into an actual domain controller ready to authenticate our users and computers to the domain. The first thing we need to do is click Start and type “dcpromo” without quotes and press enter. This will begin the wizard for setting up our Active Directory structure.
Click next until you get to a window asking if you want to join an existing domain or create a new one, select create a new domain in a new forest and press next (Shown Below)
Next the wizard is going to ask at what fuctioning level do we want this DC to operate at. We don’t have any legacy domain controller or software so we can just use Windows Server 2008 and click next (Shown Below)
Click next through the menus and then set a Recovery Mode password incase there is a disaster in the future. (Shown Below)
One last reboot will be required, but now we have a brand new domain controller and our very own virtual domain to fuxx with! Now we need to add user accounts so our hosts can authenticate to the domain.
VI. Adding Snap-Ins / Adding User Accounts To Active Directory
We need to customize our Microsoft Management Console this is the console used to navigate to different services running on the server and make changes if necessary.
Click Start and type “mmc” without quotes and press enter. This will open up the Microsoft Management Console. Once inside select File at the top and select “Add Snap-Ins” (Shown Below)
We are going to add 3 Snap Ins, Active Directory Users And Computers, DHCP, and DNS. highlight them and click Add they will then be added to the right column. Click Ok(Shown Below)
Your MMC console should look like the one shown below, we are going to be adding users now.
Click the plus sign next to Active Directory Users and Computers, then click the plus sign next to our domain nullsetcomputerco.com in our case. After that go down to Users and right click hover over “new” and then select User. (Shown Below)
Add the name of the user, and the login credentials you want them to use to authenticate to the domain. We are going to use Tom Hanks as an example of this (Shown Below)
Click next and then set a password for the new user, we haven’t specified password strength policy for our DC so it doesn’t have to be complex. Make sure to uncheck User has to change password.(Shown Below)
Again click next, now are user is setup on the domain and we are now ready to join our other instances to the domain controller.
VI. Joining Windows Instances To The Domain
We are finally ready to add our computers to the domain. Let’s go over to Windows XP instance and join it to the domain (The Domain Controller Instance Must Be Running!)
The first thing we want to do is make sure that our Windows XP instance has communication with our domain controller on the network. open up a command prompt and ping 10.0.0.1 that is the IP address we statically assigned to our server we are getting replies from the server so that is a good sign. (Shown Below)
After we have verified we have connectivity between the two operating systems we can proceed to the next step. Right click on My Computer and go to properties, once open navigate to the Computer Name tab click Change and enter the domain name that you setup in Server 2008 nullsetcomputerco.com for this example. Enter the Administrator username and password for the Domain Controller not the local machine. (Shown Below)
Once you have entered the correct credentials you will be greeted and welcomed to the domain. (Shown Below)
That’s it! Now just repeat the same steps for your Windows 7 instance so that it can login to the domain. (You can add users to the Domain Controller for Windows 7)
Note: We can also download distributions of firewalls like PFSense to install and configure on our network if we want to make it more authentic, we could also setup an Apache web server or SQL server to exploit for the future.
Thanks for reading don’t be evil!
What Is It:?
Aircrack-NGUI is a combination of the words “Aircrack-NG” and “GUI”. In short, it’s a program written in Java that provides a graphical interface to many hacking tools available for the GNU/Linux operating system. At the core of these tools lie the Aircrack-NG suite (airodump-ng, aircrack-ng, aireplay-ng, etc.), Nmap or Network Map, and the Dsniff suite (arpspoof, dsniff, mailsnarf, urlsnarf, etc.)
Aircrack-NGUI was designed for people who either aren’t very skilled when it comes to using the terminal or those who don’t type very fast but still want to hack quickly. The developer of Aircrack-NGUI also has plans for it to be a learning and scripting tool, so that you can perform your hacking in the program but then save the program calls and arguments it uses to a text file for you to review and learn from or convert to a script.
- Distribution Of Linux (Ubuntu, Kali etc)
- Aircrack NGUI Found Here
Why Should You Use Aircrack NGUI?:
Aircrack-NGUI provides many benefits to hackers, not just from its graphical nature. It allows you to save commonly used “profiles” in the program so you can save configurations and pull them up quickly. For example, on the Discover Networks screen, you can have a profile for capturing WEP network information.
Whenever you need to capture, you can select the profile instead of remembering all of the arguments that you need to set. Also, NGUI is really proficient at sending information from screen to screen. If you want to de-authenticate client computers on a network using airodump-ng (find the network) and aireplay-ng (attack the network), you can use the Discover Networks screen to find the network, right-click the network in question, and click “De-authenticate” and it will load a Replay/Inject Packets screen with the right information populated.
So it’s select, right-click, attack, GO. The need for copying and pasting has been minimized as much as possible within the program. Finally, you get the comfort of a graphical interface behind you. Many hackers enjoy the terminal because it lets them choose exactly what they want and is customizable. The problem is that many non-hackers will view the terminal (black box, white text) as hacking and might report you just for having that magical box open. Not many users question a GUI, no matter if they know what it does or not.
How do I use Aircrack-NGUI?:
In order to use Aircrack-NGUI, you must first be running a Linux-based operating system. This includes (but is not limited to) Ubuntu (and all of its varients), Fedora, BackTrack 5, and Kali. (Note: Compatibility with Kali has not been tested yet. Try with caution.) It doesn’t matter if you’re running it on your hard disk or from a LiveCD. Once you have your Linux system loaded, go to the link above and click on the Downloads tab. Download the first zip file in the list and extract it to one of your folders. Open up a terminal and change into the directory with the extracted files. From there, type:
sudo java -jar AircrackNGUI.jar
su -c ‘java -jar AircrackNGUI.jar’
In BackTrack 5/Kali:
java -jar AircrackNGUI.jar
You will need the Java Runtime Environment (JRE) installed in order to run the software. From there, the program will launch and display the following:
This is the main window of Aircrack-NGUI. The menus at the top allow you to select which tool you want to use.
A list of your registered network devices will appear on the left-side of the screen. If you select a device, its information will appear on the right. If you click on a setting title, it will prompt you to change it. You can also copy the values to your clipboard using the Copy To Clipboard dropdown.
You can save your configuration settings to a file using the “Save to Config…” button. Finally, to create a virtual monitor mode interface click “Create Monitor Interface” (requires aircrack-ng installed and configured!). To destroy a monitor-mode interface, click “Destroy Monitor Interface”. (Shown Below)
From this point, you have the program setup and hardware configured for some wireless destruction! Here’s a breakdown of your different options:
- Discover->Discover Networks: Combines airodump-ng and wash to find wireless networks and which ones are vulnerable for WPS pin guessing (used alongside Reaver).
- Discover->Discover Hosts: Allows you to scan a network or a specific IP for open ports and networking information.
- Discover->Graph Network: Create a graphical representation of a network using airgraph-ng.
- Discover->WPA Dictionary: Create a dictionary to speed up the cracking of WPA handshakes
Greyed-out menu options mean that you don’t have the appropriate programs installed to use the feature, or the feature hasn’t been developed yet (most of these are under the Other Tools dropdown). If you have a program installed but it’s greyed out, use the Settings page (Setup->Settings).
If you’re using BackTrack 5, click the “Default BT5 Settings” button and the settings will auto-populate to match that configuration. If you’re on another system, you’ll need to set the settings yourself. If you added the program to your path variable leave it at “IN PATH”. If it’s in a specific directory, change it to “DIRECTORY” and a textbox will appear for you to provide the path. Once you have your settings configured, click “Save”.
Click on Setup->Network Devices to configure your hardware for hacking.
- Attack->Replay/Inject Packets: Send packets to routers to force them to spill the goods!
- Attack->Crack WEP/WPA Key: Take captured network information to find the password to a network
- Attack->Forge Packets: Create new packets from packets captured
- Attack->ARP Poison Routing: Perform a man-in-the-middle attack with ease using arpspoof
- Attack->Sniff Passwords: Sniff passwords from a victim machine from a man-in-the-middle attack.
And that’s just the beginning! There are more tools available under the Other Tools dropdown and in context menus of the above listed features.
Aircrack-NGUI is a great tool for those who need an inconspicuous, fast tool with lots of room for learning and improvement. Not to mention, it’s free to use and re-distribute! If you have a recommendation for the writer, feel free to create an Issue on his Bitbucket repository page.
Thanks for reading, don’t be evil!
Sabu is infamous across the internet for his hacking ability and the fact that he eventually became an FBI informant, turning against those who he used to work with. He is notorious for his attacks on both US and Zimbabwean governments, along with a massive list of others.
He was eventually identified as Hector Montsegur on the 11th of March, 2011 in a publication known as Nameshub. Somebody known as “The Jester”. The Jester vowed to reveal the actual names and identities of the LulzSec staff, wrongly identified him as first an IT consultant based in Portugal, and then as another IT consultant called Xavier Koatico.
After the identification of Sabu online, The Jester then helped confirm and agree that Mr.Monsegur was in fact Sabu.
In early 2012, “Sabu” was identified as 28-year old Hector Xavier Monsegur, who was unemployed and was foster parent to two children. A non-graduate from Washington Irvine High School, he stayed in his grandmothers – recently passed – house in Riis, New York.
Arrested by the FBI in June 2011 in his apartment following the “Operation Payback” – a host of attacks were made on PayPal, Visa and MasterCard. He shortly after agreed to become an FBI informant, still under the guise of “Sabu”. In a bail hearing in August 2011, Assistant US Attorney James Pastore announced that “Sabu” had been working non-stop with the government to help the government catch other hackers.
In his involvement with “Operation Payback” he acted as a “rooter” where he would be the one to go in and find the chinks in the armor of the website they intended to attack. He spent time working out where it would be easiest to hurt the above websites, and left it to his “Hacktivists” – the people who done the hacking for him – would swoop in.
Shortly after this bail hearing however, “Sabu” pleaded guilty to twelve separate charges, including several counts of conspiracy to engage in hacking, and aggravated identity theft. For these crimes, he faces a possible sentence of 124 years.
During his time as an informant, he passed on the information of several other hackers who were associated with Lulzsec and Antisec, he also assisted in the arrest of James Jeffery and Ryan Cleary of the United Kingdom. Creary was charged with involvement in denial of service attacks on SOCA, as well as other websites.
“Sabu” kept up his pretense to be against the law for a long time after his co-operation began, even tweeting as late as March 2012 that he was “opposed” to government activity. However, on the 6th of March 2012 – the day of his last tweets as “Sabu” – there were five arrests made, two from the United Kingdom, two from Ireland and a USA citizen.
He was also used in the attempt to catch Nadim Kobeissi, who was the creator behind Crpytocat, but this proved fruitless.
In August 2012, the Federal Government won a delay of six-months in the case against “Sabu” as he was, at that time, still involved with the law. He is now scheduled for the 22nd of February 2013.
It looks like the development team over at Offensive Security will not be releasing a Backtrack 6, but are introducing a new more mature and polished product.
Enter Kali Linux 1.0 touting over 300 tools and a complete UI overhaul, it looks very clean and minimalistic. It was in secret development for years and has finally been released.
It’s running Debian XFCE If you are interested in getting a copy, it can be found Here. It comes with GViM as the default text editor and Ice Weasel as the default web browser.
Here is a shot of the new desktop interface (Shown Below) You may click for a larger preview!
Let’s take a look at some of the new tools and menus that have been added. The first thing you will notice is all the standard applications and accessories that you would expect to come pre-installed. (Shown Below)
Underneath we Accessories we have Electronics, this appears to contain the Arduino IDE for development and I’m sure tinkering with Arduino boards pretty sweet! (Shown Below)
Moving right on down the list we have Graphics this has your standard Document Viewer and Image Viewer (Shown Below)
Alright, enough with the boring stuff let’s now take a look at some of the new menu’s and tools that come with Kali Linux. The first thing we will notice under “Kali Linux” is a new menu called “Top 10 Security Tools” as you would expect it contains tools like Aircrack, Hydra, Metasploit, WireShark and SQLMap etc, etc.. (Shown Below)
Just below that we have Information gathering with all kinds of different sub categories SMB Analysis, DNS Analysis, IDS/IPS Identification just to name a few. I’m not going to screen shot every sub menu as it would take forever. (Shown Below)
Moving right on down the list is Vulnerability Analysis, this has things for finding vulnerabilities in things such as databases, cisco equipment, scanners etc.. (Shown Below)
I’m not going to go through every sub menu like I said before, but I did want to show you something new. We have Hardware Hacking now this is both for Android and Arduino we now have tools to hack into Arduino boards and Android phones! (Shown Below)
I hope you enjoyed reading this brief walkthrough of the new Kali Linux 1.0 and as always don’t be evil!
I would also like to note that while running the new OS I tested a few different wireless cards including a NetGear and an ALFA Networks wireless cards both works without a hitch, overall the new OS seems stable and responsive. Very good for a 1.0 release.
What Is It?:
Cloud Cracker is an online password cracking service for penetration testers and network auditors who need to check the security of WPA protected wireless networks, crack password hashes, or break document encryption.
This is really an excellent idea and it was only a matter of time until someone thought of the ability to crack passwords within the cloud. Yes it does cost a little bit of change but you are getting a lot for your money in my opinion :)
- Web Browser https://www.cloudcracker.com/
- NTLM / WPA / WPA2 / MD-5 / MS-CHAPV2 Hash Dump
This website is extremely easy to use simply open a browser and direct yourself to https://www.cloudcracker.com/ once you are on the website you will be presented with an upload box. (Shown Below)
To begin, simply select the file type of the hash you are trying to crack whether that be WPA or NTLM or even MD5 it supports quite a bit of different encryption types even MS-CHAPV2 for cracking Point To Point Tunneling Protocol (PPTP). Shown Below
After we have selected the type of encryption we are going to use, we simply need to upload the hash dump file that we have. Click “Choose File” and find your hash dump file. For demo purposes we are going to use an NTLM hash dump from a domain controller. (Shown Below)
Cloud Cracker will tell you if your hashdump file is not in the correct format, the hash dump should look like this for Windows Vista and later Administrator:500:NO PASSWORD*********************:0CB6948805F797BF2A82807973B89537::: After the file has been uploaded simply click next. You will then be greeted with the Dictionary screen (Shown Below)
Today I am going to show you a simple trick to reveal hidden passwords that have been saved on a computer. A lot of people have the web browser remember their credentials for convenience with just a few simple steps we can reveal what the saved password is. Let’s take a look
- Web Browser With Debugging (Chrome Or FireFox)
The first thing we need to do is find a page where credentials are stored in the browser for this blog we are going to use PayPal as an example. (Shown Below)
As we can see this user has saved their credentials in the web browser so that they can simply just login, but what if we needed to know what that password was? Maybe they use the same password on all of their other logins? The first thing we want to do is right click in the password field and select “Inspect Element” (Shown Below)
Once we are in the debugging console in Google Chrome we are going to look at a specific section of the code that comes up it looks like this <input type=”password” id=”login_password” name=”login_password” (Shown Below)
We are going to simply double click the “password” field next to <input type= and enter “clear text” without quotes. And Press enter(Shown Below)
After we hit enter the browser will now show the hidden password, revealing it in clear text (Show Below) This should work all saved passwords in login fields.
I hope you enjoyed reading this blog, and as always don’t be evil!
Today I am going to show you a clever little trick that can be used on Windows 7 machines, this type of exploit only works if you have physical access to the computer you are trying to compromise. It requires knowledge of a few basic Linux commands and just a minute or two of time.
- Backtrack 5 DVD or Thumbdrive
- Windows 7 Workstation
To begin I will explain what makes this exploit possible, Windows 7 has a feature that comes installed called “Ease of Access” this utility can be used by pressing the Windows Key + U. The utility works and can be activated on the computer even if a user is not logged in or has locked their workstation. (Shown Below)
First you will need to power down the workstation and insert your Backtrack DVD or Thumbdrive and get into the boot menu of the computer almost always the F12 Key. Once we are booted up inside of Backtrack let’s open up a terminal and take a look at the Windows directories on the local machine. type “fdisk -l” without quotes and press enter. (Shown Below)
This will give us a list of all of our disks for this demo we are focusing on the NTFS file system since this is a Windows 7 Machine it is shown as “hda1”. Let’s go into our mount folder type “cd /mnt” without quotes and press enter. After that, in our mount folder we are going to make a directory called hda1 just to keep things simple. Type “mkdir hda1” without quotes and press enter.
Now we want to mount the /dev/hda1 drive into the newly created directory. Type “mount /dev/hda1 /mnt/hda1” without quotes and press enter. It will then copy the files over to our new directory if we type “ls” without quotes and we will have all of the windows files in that directory (Shown Below)
The Ease of Access utility is called “Utilman.exe” and it resides in the system32 folder. Type “cd system32” without quotes and press enter. Now that we are in the system 32 directory we need to type “mv Utilman.exe Utilman.old” without quotes and press enter.
The command prompt is also in this same directory so we are going to copy it over essentially replacing the Utilman.exe with cmd.exe. Type “cp cmd.exe Utilman.exe” without quotes and press enter.
Alright all of our commands have been executed hopefully successfully, all we need to do now is reboot the workstation type “reboot” without quotes and press enter. Now the fun part comes when we are presented back with the Windows 7 Login screen.
All we need to do is press Windows Key + U and we are greeted with a command prompt running as “SYSTEM” which has NT Authority. This also means we can run explorer.exe, and when we run it we get a fully functional task bar. (Shown Below)
That’s it, I hope you enjoyed this blog, and as always don’t be evil! ** Note I had to take a picture of the desktop at a client’s when I was testing the exploit**
What is It?:
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (eleven architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS).
It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, auto detects password hash types, and includes a customizable cracker.
It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, My SQL, and others.
John The Ripper’s Modes:
- Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.
- Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.
- Incremental : This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john’s documentation, including how to define your own cracking methods.
The first thing we need to do is get a list of hashes from somewhere, for this blog and for demo purposes we are going to use one from NetForce security training. Click Here For Link! (Shown Below)
The hash dump that we are going to be focused on in this blog is the one that has NetForce in the name and a DES encrypted hash next to it. (Shown Below) Copy and Paste it into a text document and save it in your root folder.
Next, use the unshadow command to combines the /etc/passwd and /etc/shadow files so John can use them. You might need this since if you only used your shadow file, the GECOS information wouldn’t be used by the "single crack" mode, and also you wouldn’t be able to use the -shells option.
On a normal system you’ll need to run un-shadow as root to be able to read the shadow file. So login as root or use old good sudo. Type “sudo /usr/sbin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db” without quotes and press enter.
To use John, you just need to supply it a password file created using unshadow command along with desired options. If no mode is specified, john will try "single" first, then "wordlist" and finally "incremental" password cracking methods.
type “john /tmp/crack.password.txt” and press enter (make sure to change the directory to wherever your password hash file is located.
Our output looks like this:
john /tmp/crack.password.txt Loaded 1 password (FreeBSD MD5 [32/32] Cracking the hashes will take time, so please be patient!…
To see the crack passwords after complete type “john –show /tmp/crack.password.txt” without quotes. (Shown Below)
test:123456:1002:1002:test,,,:/home/test:/bin/bash didi:abc123:1003:1003::/home/didi:/usr/bin/rssh 2 passwords cracked, 1 left
That’s it! I hope you enjoyed reading, and as always don’t be evil!
Aaron Swartz, born in Chicago, Illinois, has been described as a computer programmer, political organizer, and Internet activist. During his short life, Swartz had many accomplishments including being a co-founder of the social media site Reddit, helping to develop the web feed format RSS and the website framework web.py, and become a research fellow at Harvard University in 2010. Swartz was also actively involved in the promotion of a free Internet, co-founding Demand Progress and Creative Commons. After facing federal charges of wire fraud and violations of the Computer Fraud Abuse Act, Swartz committed suicide on January 11, 2013 at the age of twenty-six.
Swartz had always demonstrated an aptitude for computers and programming, beginning at an early age, and he advocated for the free flow information in society. At the age of fourteen, he took part in a group that developed the RSS 1.0 web syndication specification. Swartz also founded the software company Infogami which eventually merged with Reddit in 2005 and grew into the popular social media site. Swartz also created the web.py website framework and co-founded Jottit, an online website creator application. In 2010, he became a research fellow at Harvard University’s Edmond J. Safra Research Lab on Institutional Corruption.
Besides his programming, Swartz was an ardent activist for the Internet and free and open information sharing. He worked with Larry Lessig to develop Creative Commons, a non-profit organization devoted to the legal use and sharing of creative works. Swartz founded Watchdog.net for petitions and co-founded Demand Progress, an advocacy group that organizes people online for political change. Demand Progress also launched a famous campaign against the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Swartz spoke at a Freedom to Connect event in Washington D.C. in 2012 after the defeat of SOPA. Demand Progress acquired over 300,000 petitions against the bill along with the protests of several other websites. Swartz also developed the site theinfo.org.
On top of that, Swartz busied himself with retrieving large amounts of information and making them accessible online for free. He once acquired the complete bibliographic dataset from the Library of Congress for a fee and made it available by posting it on Open Library. In 2008, Swartz downloaded and released twenty percent of the Public Access to Court Electronic Records (PACER) database. This database contains U.S. federal court documents. The FBI decided not to press charges because the documents are a matter of public record anyway.
Swartz ran into trouble, however, when he downloaded over four million academic journal articles from the database JSTOR. JSTOR archives content from journal articles, manuscripts, and GIS systems and then distributes it online. Only those with access from an authorized institution can search the digital repository. Swartz accessed JSTOR through MIT’s computer network and downloaded the documents through a laptop connected to a networking switch in a controlled-access closet. Authorities arrested Swartz near Harvard in January of 2011.
In July of that year, a federal grand jury charged Swartz with wire fraud, computer fraud, unlawfully obtaining information from a protected computer and the reckless damage of a protected computer. Prosecutors also claimed that Swartz intended to make the documents available on a fire-sharing site. He pleaded not guilty to all of the charges and was released on a $100,000 bail. In September 2012, Swartz was also charged with thirteen counts of felony hacking. For this alleged crimes, Swartz faced up to thirty-five years in prison and a $1 million fine.
Swartz struggled to pay his legal fees and stay float while fighting the Department of Justice. The wife of Larry Lessig, Bethina Neuefeind established and organized a site to raise money for Swartz’s defense. Wired Magazine suggested that the Department of Justice wanted to make an example of Swartz. After a two-year struggle, Swartz hung himself in his Brooklyn apartment and was found dead on January 11, 2013. His last published blog post discussed the struggle against institutional corruption, but he also wrote a significant amount about working towards optimism and encouraged his readers to value mistakes.
In the aftermath of Swartz’s death, the hactivist group Anonymous hijacked the homepage of a federal judiciary agency called the Federal Sentencing Commission. The group cited the suicide of Aaron Swartz as having crossed the line and blamed the justice department for pushing him too far. Members of the group also hacked two websites on the MIT domain and replaced them with tributes to Swartz. In an ironic twist, his suicide came only two days after JSTOR announced its release of more than 4.5 million articles to the public.
Despite his untimely death, Aaron Swartz will be remembered as someone who made a significant contribution not only to the Internet but also to the movement dedicated to an open Internet and free access to information. Swartz not only co-founded Reddit, Creative Commons, and Jottit but also worked for political change through Demand Progress and Watchdog.net. Maybe Swartz’s greatest legacy is his efforts to defeat the Stop Online Piracy Act. No matter how you look at, Swartz had a large impact on the campaign for a free and open Internet.