Hacking Tips

You have an encrypted Password and you want to find what it is

A good practice is to encrypt a password using a one way encryption, then when the user uses his password, you just encrypt it with the same algorithm and compare the stored encrypted value to the new value, if they are the same then he user entered the right password.

Having the password as encrypted strings is a good measure of security, if you want to find the original password then it is not simple as the encryption works one way only.

But still, in order to find the original password you can try the following:
  • Throw the hashed string to google - you will be amazed
  • Dumb brute-force, by hashing every keyboard sequence using a computer algorithm, the problem with this one is that it is very CPU intensive and it might take a verrrry long time
  • Dictionary attack, doesn't use random keys, but uses real words in order to try and guess the password - this is a much faster method, but if the password wasn't a word or word combination from a dictionary then you are out of luck
  • Rainbow tables - this method is still the regular brute force attack, but instead of generating the random passwords (the actual hashing algorithms takes some time), it uses a huge pre-hashed list of passwords - this method is the same as the regular brute force attack (or dictionary), it just costs more in disk space (tables can range several GBs), but is much faster as it doesn't do any hash.
Which tool should you use for the above task ?
  • Cain & Able (by Oxid)
  • John the Ripper
  • Many others

You are out in the wild and desperately need to connect to a wifi ?

Try Hacking a wifi network and using it!

Wifi networks have several forms of security (generations of wifi protection)
(weakest to more secure)  WEP, WPA, WPA2 etc

How can you get the wifi password ?

  • Use a good tool to detect wifi networks, find a network with a strong signal and weak protection (WEP ?)
  • Don't use NetStumbler as it is old and doesn't support passive detection (which is undetectable)
  • Use a tool like Kismet (best? - also cracks wep), Acrylic wifi, or a simple one like Nirsoft's Wireless NetView
  • Capture packets in order to reveal the wifi password: Aircrack (the best option, although it seems to support only some network cards), please note that this one works on specific network cards and is a uite of tools, so you will need to use several of them for this functionality
  • Or have an all in one solution: Infernal-Twin (python)

Find a username/password to a form online (login?), FTP ? or other 

  • You might not know the url to the login page so you will want a tool which can get as input a website, then do a crawl (+guess work) over it in order to find the login form (DirBuster, can be also found as an extention of OWASP ZAP)
  • You might need to manually fail one login in order to see the failed login message
  • The site might have some protection for brute force attack (maybe you will need a delay between your attacks?)
  • The actual form hacking tool: 
    • Hydra
    • Medussa (maybe not as good as Hydra)
    • Burp Suite (which is a huge thing, which also supports this attack)
    • wfuzz (worth checking)
    • WebSlayer
    • Brutus (Windows! although dev stopped 15 years ago, has lots of features)
    • Bruter (Another windows tool, with added support for proxies)
    • FireForce (Simpler to use but as it is only a firefox plugin I would doubt the proxy support and the functionality is very limited)
    • Many of the above have the ability to generate lists of passwords according to a regexp or you can just run Crunch to generate your own list of passwords

Hack a site using a vulnerability (sql injection, xss ...)

  • Find the vulnerability: Nikto, Burp Suite, OWASP Zed Attack Proxy Project, Vega
  • Exploit it: Metasploit


Popular posts from this blog

Start Working with AutoIT

How to read Android apk contents

SCummVM for Android