Saturday 22 August 2015

Top Hacking Tools as Password Cracker

Number one of the biggest security holes are passwords, as every password security study shows.
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. Password cracking isn't done by trying to log in to, say, a bank's website millions of times; websites generally don't allow many wrong guesses, and the process would be unbearably slow even if it were possible. The cracks always take place offline after people obtain long lists of "hashed" passwords, often through hacking.

Below are the top Hacking Tools used as a Password cracker
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
THC Hydra is a fast and flexible Network Login Hacking Tool. It uses a dictionary attack to try various password/login combinations against an Internet service to determine a valid set of login credentials. It supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH.
Ophcrack is a free open source (GPL licensed) program that cracks Windows passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes.
John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:
  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Wednesday 19 August 2015

Top Hacking Tools for Exploitation

A good Exploitation tool is a framework of several services and tools not only limited to identify a vulnerable remote host and all the attacks we can perform on that particular remote host but actually exploit the host, offering a shell or various other functions on the remote host.  Below are the Top Hacking Tools for Vulnerability Exploitation.
Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules.
Core Impact Pro is widely considered to be the most powerful exploitation tool available. Core Impact Pro is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.
•Endpoint systems
•Passwords and identities
•Mobile devices
•Wireless networks
•Web applications and services
•Network systems and devices
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. The strength of Canvas is that it provides one of the most flexible and powerful frameworks for exploitation, intrusion detection device testing, and exploit crafting. However, that very flexibility combined with its GUI makes.
 A web application security testing framework built on top of a browser. Supports Windows, Linux and Macintosh.  Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it good software for performing basic security checks and sometimes, exploitation.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

Wednesday 12 August 2015

Tutorials, Cheat Sheet and Tools for Hacking

In the following tutorial we will learn how to hack anyone's computer and android mobile phone
Hacking Android phone using Metasploit
http://infosecaffairs.blogspot.in/2014/11/hacking-android-phone-using-metasploit.html
Hack anyone’s computer by using malicious PDF
http://infosecaffairs.blogspot.in/2014/11/hack-anyones-computer-by-using-malicious-PDF.html

Cheat sheets aren't only meant for programmers. Rather, with the number of things that they have to know, hackers often require cheat sheets too. When it comes to hacking, it's always good to have a few sheets. Below are the sheets you can use while hacking.
Google Dorks List for SQL injection
http://infosecaffairs.blogspot.in/2014/10/google-dorks-list-for-sql-injection_16.html
Remote file inclusion (RFI) dork list
http://infosecaffairs.blogspot.in/2014/11/remote-file-inclusion-rfi-dork-list.html
Sqlmap cheat sheet
http://infosecaffairs.blogspot.in/2014/10/sqlmap-cheat-sheet.html
Password Cracking: Dictionary Attack Password List
http://infosecaffairs.blogspot.in/2014/10/password-cracking-dictionary-attack-Password-List.html

As an information security professional, your toolkit is the most critical item you can possess. Following are the tools and applications you can use while hacking
Penetration Testing Apps for Android Devices
http://infosecaffairs.blogspot.in/2014/09/penetration-testing-apps-for-android.html
Tools to hack WiFi
http://infosecaffairs.blogspot.in/2014/11/tools-to-hack-wifi.html
DDOS Attack and Free Tools for DDOS
http://infosecaffairs.blogspot.in/2014/10/ddos-attack-and-tools-for-ddos.html 
Top Hacking Tools as Password Cracker
http://infosecaffairs.blogspot.in/2015/08/top-hacking-tools-as-password-cracker.html
Top Hacking Tools for Exploitation
http://infosecaffairs.blogspot.in/2015/08/top-hacking-tools-for-exploitation.html

Prevention Techniques: Cross-site request forgery (CSRF)

1. The best defense against CSRF attacks is unpredictable tokens, a piece of data that the server can use to validate the request, and wh...