Top Ten Password Cracking Techniques

Top Ten Password Cracking Techniques

1. Dictionary attack

The dictionary attack uses a simple file containing words that can be found in a dictionary, hence its rather straightforward name. In other words, this attack uses exactly the kind of words that many people use as their password.

2. Brute force attack

Similar to the dictionary attack, the brute force attack comes with an added bonus for the hacker. Instead of simply using words, a brute force attack lets them detect non-dictionary words by working through all possible alpha-numeric combinations from aaa1 to zzz10.

It's not quick, provided your password is over a handful of characters long, but it will uncover your password eventually. Brute force attacks can be shortened by throwing additional computing horsepower, in terms of both processing power including harnessing the power of your video card GPU and machine numbers, such as using distributed computing models like online bitcoin miners.

3. Rainbow table attack

Rainbow tables aren't as colourful as their name may imply but, for a hacker, your password could well be at the end of it. In the most straightforward way possible, you can boil a rainbow table down into a list of pre-computed hashes the numerical value used when encrypting a password. This table contains hashes of all possible password combinations for any given hashing algorithm. Rainbow tables are attractive as it reduces the time needed to crack a password hash to simply just looking something up in a list.

However, rainbow tables are huge, unwieldy things. They require serious computing power to run and a table becomes useless if the hash it's trying to find has been "salted" by the addition of random characters to its password ahead of hashing the algorithm.

There is talk of salted rainbow tables existing, but these would be so large as to be difficult to use in practice. They would likely only work with a predefined "random character" set and password strings below 12 characters as the size of the table would be prohibitive to even state-level hackers otherwise.

4. Phishing

There's an easy way to hack: ask the user for his or her password. A phishing email leads the unsuspecting reader to a faked log in page associated with whatever service it is the hacker wants to access, requesting the user to put right some terrible problem with their security. That page then skims their password and the hacker can go use it for their own purpose.

Why bother going to the trouble of cracking the password when the user will happily give it to you anyway?

5. Social engineering

Social engineering takes the whole "ask the user" concept outside of the inbox that phishing tends to stick with and into the real world.

A favourite of the social engineer is to call an office posing as an IT security tech guy and simply ask for the network access password. You'd be amazed at how often this works. Some even have the gall to don a suit and name badge before walking into a business to ask the receptionist the same question face to face.

6. Malware

A keylogger, or screen scraper, can be installed by malware which records everything you type or takes screenshots during a login process, and then forwards a copy of this file to hacker central

Some malware will look for the existence of a web browser client password file and copy this which, unless properly encrypted, will contain easily accessible saved passwords from the user's browsing history.

7. Offline cracking

It's easy to imagine that passwords are safe when the systems they protect lock out users after three or four wrong guesses, blocking automated guessing applications. Well, that would be true if it were not for the fact that most password hacking takes place offline, using a set of hashes in a password file that has been obtained' from a compromised system.

Often the target in question has been compromised via a hack on a third party, which then provides access to the system servers and those all-important user password hash files. The password cracker can then take as long as they need to try and crack the code without alerting the target system or individual user.

8. Shoulder surfing

The most confident of hackers will take the guise of a parcel courier, aircon service technician or anything else that gets them access to an office building.

Once they are in, the service personnel "uniform" provides a kind of free pass to wander around unhindered, giving them the opportunity to snoop literally over the shoulders of genuine members of staff to glimpse passwords being entered, or spot passwords that less security-conscious workers have written down on post-it notes or in notepads. 

9. Spidering

Savvy hackers have realised that many corporate passwords are made up of words that are connected to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack.

Really savvy hackers have automated the process and let a spidering application, similar to those employed by leading search engines to identify keywords, collect and collate the lists for them.

10. Guess

The password crackers best friend, of course, is the predictability of the user. Unless a truly random password has been created using software dedicated to the task, a user-generated random' password is unlikely to be anything of the sort.

Instead, thanks to our brains' emotional attachment to things we like, the chances are those random passwords are based upon our interests, hobbies, pets, family and so on. In fact, passwords tend to be based on all the things we like to chat about on social networks and even include in our profiles. Password crackers are very likely to look at this information and make a few – often correct – educated guesses when attempting to crack a consumer-level password without resorting to dictionary or brute force attacks.

Thanx For Supporting....

Basic Linux Commands You Should Know About

I have listed here some Common Linux Commands list :

cd (Change Directory) – If you want to get into another folder, then this command is used like cd /Desktop is used to get into the Desktop Folder.

ls (List Directory Content) – This command lists all the directories which are present in a particular folder.

mkdir (Make Directory) – This command is used to create a new directory in the system.

pwd (Present Working Directory) – This command displays the folder in which you are working presently.

rmdir (Remove Directory) – This command is used to remove a particular directory.

clear – This command is used to clear the page like if you use clear command in your terminal then the terminal page will clear.

locate – It’s meaning is clear from its name to find any file. If you type locate ‘file name’ then it will show all the locations where this file name directory is present.

man – This command is used to opening a manual page of a particular command.

rm (Remove Directories) – This command is used to remove a particular file/directory

w (Who) – This command is used to see who is logged on and what they are using on the system.

top (Linux Task Manager) – This command will open the Linux Task Manager.

Thanks For Reading...

COMPUTER VIRUS

COMPUTER VIRUS

A computer virus is a program which can replicate and attach itself to a program or files infecting the system without its knowledge. A Computer virus can be spread from one host to another by sharing infected file or by downloading infected files from un-trusted sources. All computer viruses are man-made, they spread only with human assistance and support.

Possible ways to get virus into Computers

Virus can be installed in a computer by downloading applications from un-trusted sites, by a removable medium like USB, CD, DVD’s and sharing files from one infected computer to another also virus comes through attachments with e-mails.

1. Opening a e-mail attachments: Whenever you download files with extension .exe, vbs, shs, pif, bat, cmd etc received via email attachment. There is a chance of virus getting into your system. Sometimes the attachments contain an executable code with double extension like hi.doc.exe. If you open such types of files, virus will enter into your system.

2. Downloading files from un-trusted sites: Generally, virus is hidden in the files or program and enters your system whenever you download softwares or applications from untrusted websites.

3. Removable Medium: Whenever you copy files or download files from an infected removable medium like USB, CD, DVD drives then the virus may enter into your system.

4. Downloading games: Virus and worms may enter into a system when you try to download or install a game on your computer. The malicious program may be hidden in the files you download.

5. Sharing files: Virus will install into your system whenever you share files from one infected computer to another computer.

Signs of Computer Virus

• Computer runs more slowly than normal
• Computer stops responding or locks up often
• Computer crashes and restarts every few minutes
• Computer restarts on its own and then fails to run normally
• Applications on your computer don’t work correctly
• Disks or disk drives are inaccessible
• Can’t print correctly
• Unusual error messages
• Distorted menus and dialog boxes

How to prevent virus?

Check for attachments: Always check the attachments by scanning before you open them and make sure that the attachments are received from the known user.

Check for Extensions: Always check the file extension before you download and avoid downloading the files with double extension.

Browser settings: Always set the browser settings to allow the sites only from trusted websites.

Ignore e-mails from unknown users: Avoid downloading the files from unknown user, and it is always better to ignore or delete the files from unknown users.

Anti-Virus Software: Always use anti-virus software and update with latest patches and scan the files before you download.

Thanx For Reading & supporting..

Information Gathering Tool || Online

Information  Gathering Tool || Online

intoDNS checks the health and configuration of DNS and mail servers.

http://www.intodns.com

Web technology information profiler tool. Find out what a website is built with.

http://builtwith.com

Domain information, whois & dns report

http://www.domaincrawler.com

Research domain ownership with Whois Lookup: Get ownership info, IP address history, rank, traffic, SEO & more. Find available domains & domains for sale.

http://www.domaintools.com

Find information on any domain name or website. Large database of whois information, DNS, domain names, name servers, IPs, and tools for searching and monitoring domain names

http://www.who.is

Secure Domain Name Searches, Registration & Availability. Use Our Free Whois Lookup Database to Search for & Reserve

https://www.whois.net

online tools for the daily administration of networks.

http://en.dnstools.ch

Free online network tools, including traceroute, nslookup, dig, whois, ping, and our own Domain Dossier and Email Dossier. Works with IPv6. Some source code included.

http://centralops.net/co

DNS tools, Network tools, Email tools, DNS reporting and IP information gathering. Explore monitoring products and free DNS tools at DNSstuff.

http://www.dnsstuff.com

Research domain ownership with Whois Lookup: Get ownership info, IP address history, rank, traffic, SEO & more. Find available domains & domains for sale.

http://whois.domaintools.com

View IP information

https://geoiptool.com

Internet Archive is a non-profit digital library offering free universal access to books, movies & music, as well as 436 billion archived web pages.

https://archive.org/index.php

The most comprehensive people search on the web. Pipl finds high-quality results in pages that cannot be found on regular search engines. Free People Search.

https://pipl.com

Find people free with Zabasearch directory engine that includes free people search, reverse phone number lookup, address lookup, and more.

http://www.zabasearch.com

TinEye is a reverse image search engine. Search by image: Give it an image and it will tell you where the image appears on the web.

https://www.tineye.com

Find search engines from the UK, USA, and many other countries.

http://www.searchenginecolossus.com

Zuula is an innovative Internet search service that gives its users quick access to web, image, news blog and job search results from all the major search engines.With Zuula, users have the ability to get search results from their favorite search engine, such as Google or Yahoo!, but they also have one-click access to search results from a number of other search engines.

http://zuula.com

Reverse IP Lookup & Domain Check DNS Tool by myIPneighbors to find all domains hosted on an IP address by domain or IP address.

http://www.myipneighbors.com

Batch File Programming..

Batch File Programming..

What is a batch file?

A batch file is a collection of instructions that are used to run multiple commands at a time. It is basically a bundle of packages that are written In a sequence so that user does not have to put commands and instructions again and again. These files contain .bat extension. This means that you have to save the batch files by using .bat extension at the end of file name. These are basically DOS commands and also can run on command prompt.

How to write a batch file?

To write a batch file, first open a text editor (i.e, Notepad or Notepad++).

In Notepad, type the commands which you want to execute.

Example –
@echo off
echo Hi Techammer!

pause

Save them with .bat extension.

The output will be shown in command prompt as –
Hi Techammer!

Thanks For Supporting......

TOP HACKING APPS FOR ANDROID SMART PHONES AND TABLETS

TOP HACKING APPS FOR ANDROID SMART PHONES AND TABLETS

AnDOSid

AnDOSid tag’s posts with two unique numbers which relate to the Android device that sent the request. AnDOSid allows security professionals to simulate a DOS attack.

AndroRAT

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server. The name Androrat is a mix of Android and RAT (Remote Access Tool)

APKInspector

APKinspector is another open source project that comes to reverse and analyze Android applications. project owners have created a graphical interface to allow visualizing the structure of the application modules this will make security analysts select the good Android application that is safe to use.

dSploit

dSploit is an advance toolkit to perform network security assesments on mobile phones. It is a complete toolkit so you can perform various attacks like password sniffing, real time traffic manipulation, etc

DroidSheep

DroidSheep [Root] is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.

Faceniff

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.

Hackode

Hackode is an android app developed by Ravi Kumar for penetration testers, ethical hackers and cyber security professionals. It contains various modules including Reconnaissance, Scanning, Exploits and Security Feed.

Nmap for Android

Nmap is a popular network security scanner which is also available for android devices. It is used by professionals for network exploration. It works on both non-rooted and rooted phones, But if your device is rooted then you have access to some more features.

Penetrate Pro

Penetrate Pro is an excellent Android app that calculates WEP / WPA keys for some wireless routers. Also, no advertising and 3G routers search based on Thomson.

 SpoofApp

SpoofApp is a Revolutionary iPhone Caller ID Spoofing, Voice Changing, and Call Recording Application.

Network Spoofer

Network Spoofer lets you change websites on other people’s computers from an Android phone.

WhatsApp Sniffer

WhatsApp Sniffer Android APK is a Android Application that lets you see anyone’s WhatsApp Conversations as long as you know their phone number

 Wi-Fi Killer

this app you can disable internet connection for a device on the same network. So if someone (anyone) is abusing the internet wasting precious bandwidth for a Justin Bieber video clips you could just kill their connection and stay happy with a full bandwidth just for yourself.

Thanks For Reading............