here is the video that i prepared for you all...
its a bit long but explains everything :D
http://www.mediafire.com/?geje2t72vs0
i made it a long time back... so don't remember the password...
try these :P
satanicNTian
NT
satanism
niktrix
niktrix.info
join http://niktrix.info for more!!
Wednesday, June 25, 2008
Thursday, March 13, 2008
what is hacking??
best example of hacking...
you seen weight measuring tools ;)
tarazu!!
a person who owns a shop and to get more of the machine... thinks and is able to make out that he needs to add some weight below it to increase mass.... so he uses a magnet.....
if you are able to think lyk that you are a hacker :p
if you don't believe me.... then see this logic i created :p
you'd all do anything to get a way to get some1s yahoo password with ease won't ya :p
so see this how i observed and made a gr8 phising technique...
i was sitting and studying... well thats a rare occassion.... and few get a chance to see me studyin :p
my cell was near by... i usually login to yahoo sms service....
so i get a msg from a no. 524893 and something like that...
msg :
you have signed out of yahoo messenger...
to sign back in reply with
:
now how i use it....
i register to online messenging service... try to fynd that has ability to recieve a reply :p
or else buy a bulk messenging server :p
then tell your frnz about yahoo sms service and that you can remain ol the whole day :p
now after a week send em simialar message.... and yo you have the password without the victim knowing it ;)
you seen weight measuring tools ;)
tarazu!!
a person who owns a shop and to get more of the machine... thinks and is able to make out that he needs to add some weight below it to increase mass.... so he uses a magnet.....
if you are able to think lyk that you are a hacker :p
if you don't believe me.... then see this logic i created :p
you'd all do anything to get a way to get some1s yahoo password with ease won't ya :p
so see this how i observed and made a gr8 phising technique...
i was sitting and studying... well thats a rare occassion.... and few get a chance to see me studyin :p
my cell was near by... i usually login to yahoo sms service....
so i get a msg from a no. 524893 and something like that...
msg :
you have signed out of yahoo messenger...
to sign back in reply with
now how i use it....
i register to online messenging service... try to fynd that has ability to recieve a reply :p
or else buy a bulk messenging server :p
then tell your frnz about yahoo sms service and that you can remain ol the whole day :p
now after a week send em simialar message.... and yo you have the password without the victim knowing it ;)
cracking password files
in this tut... im taking example of brute force tool called john the ripper because of its easy usage....and simple algorithm...
Below is an example passwd file:
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash cellier:6VVFRl.ib8J4E:10012:100:Remi Cellier,Promo2001:/home/cellier:/bin/bash dischamp:bAndzoL65f2sY:10017:100:Sylvestre Dischamp, Promo2001:/home/dischamp:/bin/bash artus:z0A3df0OmqmFI:10027:100:Guillaume ARTUS,Promo2001:/home/artus:/bin/bash conti:ai05V8QKeoy5.:10031:100:Igor Conti,Promo2001:/home/conti:/bin/bash villard:/SMP6Kp/Ta7IE:10034:100:Eric villard, Promo2001:/home/villard:/bin/bash thong:ILZ5vYepxdrXI:10036:100:Daniel Thong, Promo2001:/home/thong:/bin/bash caronst:RCKjguAg2gcUA:520:100:Stephane Caron,externe:/home/caronst:/bin/bash humberte:RHLuzAqk4q6tg:524:100:Eric Humbert,externe:/home/humberte:/bin/bash lett:CCstsGLHidWfk:10038:100:Jean-Francois LETT, Promo2002,,:/home/lett:/bin/bash pouillon:3O6MbRS70BOD2:512:100:Yann Pouillon,externe:/home/pouillon:/bin/bash changey:rttCjavOaeC82:10039:100:Sebastien CHANGEY, Promo2002:/home/changey:/bin/bash
This is what it would appear like with most exploits, so now we have to break the passwd file up into single line entries as follows:
---------------------->>
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash
Username: jeunehom
Password Hash: uRavlb2TZc7fA
Permissions: 10009:100
Name: Fanny JEUNEHOMME,Promo2001
Home Directory: /home/jeunehom
Logon Shell: /bin/bash
So to crack this take a text editor and place the entire entry into it, name the file passwd.txt then go into dos and execute john with a simmilar command line to the following:
D:\Apps\JOHN-386\RUN>john-386 passwd.txt
Loaded 1 password (Standard DES [48/64 4K])
John the Ripper is now brute forcing passwd.txt to check its progress you can press space and it will come up with something like the following:
guesses: 0 time: 0:00:00:03 (3) c/s: 37110 trying: shance1 - meter
When John the Ripper returns you to the command prompt the passwd has been cracked, to view it do the following:
D:\Apps\JOHN-386\RUN>john-386 -show passwd.txt
albert:jupiter:666:666:Section 3:/home/section3:/bin/csh
This shows us that the user 'albert' with a password of 'jupiter' has been found.
now try it yourself... save the data into a file that is the password file....
here is the link to fetch JTR
http://www.openwall.com/john/
i prefer hydra....
here is the link to hydra....
http://myfreefilehosting.com/f/86c562d856_0.23MB
Below is an example passwd file:
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash cellier:6VVFRl.ib8J4E:10012:100:Remi Cellier,Promo2001:/home/cellier:/bin/bash dischamp:bAndzoL65f2sY:10017:100:Sylvestre Dischamp, Promo2001:/home/dischamp:/bin/bash artus:z0A3df0OmqmFI:10027:100:Guillaume ARTUS,Promo2001:/home/artus:/bin/bash conti:ai05V8QKeoy5.:10031:100:Igor Conti,Promo2001:/home/conti:/bin/bash villard:/SMP6Kp/Ta7IE:10034:100:Eric villard, Promo2001:/home/villard:/bin/bash thong:ILZ5vYepxdrXI:10036:100:Daniel Thong, Promo2001:/home/thong:/bin/bash caronst:RCKjguAg2gcUA:520:100:Stephane Caron,externe:/home/caronst:/bin/bash humberte:RHLuzAqk4q6tg:524:100:Eric Humbert,externe:/home/humberte:/bin/bash lett:CCstsGLHidWfk:10038:100:Jean-Francois LETT, Promo2002,,:/home/lett:/bin/bash pouillon:3O6MbRS70BOD2:512:100:Yann Pouillon,externe:/home/pouillon:/bin/bash changey:rttCjavOaeC82:10039:100:Sebastien CHANGEY, Promo2002:/home/changey:/bin/bash
This is what it would appear like with most exploits, so now we have to break the passwd file up into single line entries as follows:
---------------------->>
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash
Username: jeunehom
Password Hash: uRavlb2TZc7fA
Permissions: 10009:100
Name: Fanny JEUNEHOMME,Promo2001
Home Directory: /home/jeunehom
Logon Shell: /bin/bash
So to crack this take a text editor and place the entire entry into it, name the file passwd.txt then go into dos and execute john with a simmilar command line to the following:
D:\Apps\JOHN-386\RUN>john-386 passwd.txt
Loaded 1 password (Standard DES [48/64 4K])
John the Ripper is now brute forcing passwd.txt to check its progress you can press space and it will come up with something like the following:
guesses: 0 time: 0:00:00:03 (3) c/s: 37110 trying: shance1 - meter
When John the Ripper returns you to the command prompt the passwd has been cracked, to view it do the following:
D:\Apps\JOHN-386\RUN>john-386 -show passwd.txt
albert:jupiter:666:666:Section 3:/home/section3:/bin/csh
This shows us that the user 'albert' with a password of 'jupiter' has been found.
now try it yourself... save the data into a file that is the password file....
here is the link to fetch JTR
http://www.openwall.com/john/
i prefer hydra....
here is the link to hydra....
http://myfreefilehosting.com/f/86c562d856_0.23MB
my encryption algorithm idea
what algorithm i made is... (note - im using 5 step encryption over here you can add as many)
1.i accept the password and store it in a array.
2.i declare a integer array dynamically of the same size as the password and a character array of the same size.. this character array would serve as a temporary variable for storing and retrieving the password.
3.now comes the storing part...
well people have made excellent algorithms but the problem comes when the cracker decompiles the program... he though doesn't get the algorithm but with the help of jump statements is easily able to bypass the password protection or can even make out how the encryption works... for instance if you use base64 then the cracker would goto the password file and would make out or try to understand the algorithm that encryption used... its actually not a tough job to bypass password fields esp if you know dll injections and assembly language!!
coming to the point...
4. mark this whatever is the password array just use its address in the main i'll tell you the reason y... but use it in main() and now within a loop that runs the number of times the password arrays size
initiate a random() with range 5 and don't forget to use randomize() within the loop/..
so it would randomly send number from 1-5... now here is the trick..
if it sends 1 then i take the element of the password array and change its base to hex... and send 1 into the integer array....
if it sends 2 then i change base to oct and send 2 into the integer array....
if it sends 3 i perform base64 and send 3 to array
if it sends 4 i perform md5 and send 4 to array
if it sends 5 i add value 666 to the ascii of the character and send 5 to array!!
while doing this i pass the encrypted character into the temp password array!!
so in the password file i save the encrypted password and in another file i place the numbers that occured in the random()...
eg. of this is...
within the loop...
password[m] is say 'a'
random() generated 5 and i store 5 in a integer varianble x
so
temppass[m]=(char *)(password[m] + 666);
then i use randomize function to make sure 5 doesn't appear the next iteration...
i store 5 in the integer array...!!
since the program doesn't know what is the encryption algorithm decompilation won't help... atleast not to guess how encryption algorithm worked...
cracker opens a password file he gets many encryptions which is confusing for him....
now 2 ways to crack are left...
1. he decompiles the program again... now he performs bypasses the password field... using jump statements... that is why i prefered to encrypt within the main rather than a seperate function... that is why it depends on where the programmer places encryption so as to offer least jump statements...
2.he gets the various algorithm i used say he comes to know all 5 placements... now he opens the file containing numbers and decrypts it!!
so either use many encryptions well it doesn't help 100% but yes 25% it might...
or hide the file in a secure place... like for windows in the application data folder...
i don't regard it as the best algorithm... but i tried to make 2 brute force tools for it...
1st one hanged and couldn't calculate even abc password...
2nd one worked because this time i used the file with the numbers!!
i tried bypassing my own password field via dll injection and i faced failure...!!
so you all are left to judge.. infact it is simpler than the rest algorithms!!
i made it after i was able to decrypt sdes encryption algorithm... sum 2 months ago... its a master piece... try using it... as projects or whatever you want ;)
1.i accept the password and store it in a array.
2.i declare a integer array dynamically of the same size as the password and a character array of the same size.. this character array would serve as a temporary variable for storing and retrieving the password.
3.now comes the storing part...
well people have made excellent algorithms but the problem comes when the cracker decompiles the program... he though doesn't get the algorithm but with the help of jump statements is easily able to bypass the password protection or can even make out how the encryption works... for instance if you use base64 then the cracker would goto the password file and would make out or try to understand the algorithm that encryption used... its actually not a tough job to bypass password fields esp if you know dll injections and assembly language!!
coming to the point...
4. mark this whatever is the password array just use its address in the main i'll tell you the reason y... but use it in main() and now within a loop that runs the number of times the password arrays size
initiate a random() with range 5 and don't forget to use randomize() within the loop/..
so it would randomly send number from 1-5... now here is the trick..
if it sends 1 then i take the element of the password array and change its base to hex... and send 1 into the integer array....
if it sends 2 then i change base to oct and send 2 into the integer array....
if it sends 3 i perform base64 and send 3 to array
if it sends 4 i perform md5 and send 4 to array
if it sends 5 i add value 666 to the ascii of the character and send 5 to array!!
while doing this i pass the encrypted character into the temp password array!!
so in the password file i save the encrypted password and in another file i place the numbers that occured in the random()...
eg. of this is...
within the loop...
password[m] is say 'a'
random() generated 5 and i store 5 in a integer varianble x
so
temppass[m]=(char *)(password[m] + 666);
then i use randomize function to make sure 5 doesn't appear the next iteration...
i store 5 in the integer array...!!
since the program doesn't know what is the encryption algorithm decompilation won't help... atleast not to guess how encryption algorithm worked...
cracker opens a password file he gets many encryptions which is confusing for him....
now 2 ways to crack are left...
1. he decompiles the program again... now he performs bypasses the password field... using jump statements... that is why i prefered to encrypt within the main rather than a seperate function... that is why it depends on where the programmer places encryption so as to offer least jump statements...
2.he gets the various algorithm i used say he comes to know all 5 placements... now he opens the file containing numbers and decrypts it!!
so either use many encryptions well it doesn't help 100% but yes 25% it might...
or hide the file in a secure place... like for windows in the application data folder...
i don't regard it as the best algorithm... but i tried to make 2 brute force tools for it...
1st one hanged and couldn't calculate even abc password...
2nd one worked because this time i used the file with the numbers!!
i tried bypassing my own password field via dll injection and i faced failure...!!
so you all are left to judge.. infact it is simpler than the rest algorithms!!
i made it after i was able to decrypt sdes encryption algorithm... sum 2 months ago... its a master piece... try using it... as projects or whatever you want ;)
Subscribe to:
Posts (Atom)
