Find us on Google+ Bypass The Security: November 2013

Sunday, 3 November 2013

Crack password protected zip files


Crack the password

 protected zip files using 

fcrackzip - Backtrack





We frequently use zipped files due to its small size and strong encryption algorithm. These zipped files comes with a facility of password protection which maintains the security of the files.
But sometimes this security feature turns into a drawback if we somehow forget the password. In that case the password cracker play their role. You can also use them if you downloaded a zipped file with password protection on it.
In my last article, if you followed then we learned to
 make a bootable USB of backtrack. So here I'm gonna introduce a tool which is present in Backtrack and if you have no past experience with Linux then no issues you can start from here. The open source tool we are gonna use is called fcrackzip.
fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results.


Here, for the demonstration I'm gonna make a file crackme.zip with a password abcde using winrar. You can also try with me from here.

1) Right click on the file > select add to archieve..
2) Under General tab select ZIP rather than RAR, then under Advanced tab > set Password
3) Suppose our final password protected zip file is crackme.zip (you can use your own)
4) Now copy this file on the desktop for ease in your Backtrack
5) Then click on the Top Right button saying Applications.
6) Navigate to Backtrack > Privilege Escalation > Password Attacks >Offline Attacks > fcrackzip
7) The following terminal screen will pop up


The fcrackzip is loaded with the following options:
-b brute force
-D dictionary Attack
-B benchmark
-c charset characterset
-h help
-V validate
-p init-password string
-l length min-max
-u use-unzip
-m method num
-2 modulo r/m

8) I'm going to apply the brute force attack for password cracking. So the following command will be useful...
fcrackzip -b -c a -l 1-6 /root/Desktop/crackme.zip
here,
-b > bruteforce
-c a > charset lower case alphabets
-l 1-6 > length of expected password

9) Hit Enter and wait for few minutes. fcrackzip combining with Backtrack turns into a more faster password cracking tool
10) That's it. It'll show the password after certain attempts.


Note: Brute force assures gurantee of the result but often take very much time even years for a very strong password to crack. If you use Encrypted language for the password then it may be impossible to apply the brute force. In such case do search for other working alternatives.

"The quieter you become, the more you are able to hear"


Bootable USB for Backtrack

Make a Bootable USB for Backtrack 5



Here I come up with another article in which I'm gonna show you how to make a bootable USB for Backtrack 5. Before leading to the executing process let me introduce Backtrack 5.
Backtrack is based on Ubuntu Lucid (10.04 LTS) with Linux kernel 2.6.38 and some WiFi drivers to allow injection attacks. It is currently most popular choice among hackers for pen testing. It is filled with a collection of more than 3000 open source security tools, which are organised in a real decent way.
It menu consists of several tools like  “Information Gathering”, “Vulnerability Assessment”, “Exploitation Tools”, “Privilege Escalation”, “Maintaining Access”, “Reverse Engineering”, “RFID Tools”, “Stress Testing”, “Forensics”, “Reporting Tools”, “Services”, and “Miscellaneous”.
Alright Lets get start to get hands on such powerful OS:
  • First grab a copy of the latest version of Backtrack. go to the official site click here
  • Click on Download tab, either register your copy or directly click on Download button

  • Then configure the version according to your need and requirement. Click on Download
           
  • In order to make bootable USB we are going to use a small freewareUNETBOOTIN. Download it from here
  • Take a 4GB USB (recommended) backup all its data and make a QuickFormat using FAT32 File System
  • Now run the application unetbootin
           
  • Configure it: In Diskimage, select ISO. 
  • Click browse and select the IMAGE which you just downloaded
  •  In Type select USB Drive, Drive select your USB drive letter
  •  Leave the rest as default.
  •  You are always free to configure it in your way :)
  • Click OK
  • Finally the burning process begins. It generally takes 5-10 mins but may take longer depending upon your system configuration.
            
  • When its done hit the Reboot button of your system.
  • Switch to BIOS and select the USB as First boot device.
  • Viola its done now you can get rid off from Virtual Machine because it slows down the speed in my case. Run the Backtrack directly on your machine.
                

"The quieter you become, the more you are able to hear"


Add Folder Into Send to Option

Add Folder Into Send to Option

Hello Friends!!
YES…!!!You can add Folder to Send to option.if you didn’t get it,It may occur when you send the data into USB drive.by right click on folder and click on Send to option where you will be able to see the destination drive.From this trick you can put your required destination folder in that particular field.
Note: This trick is working properly in Windows XP.Windows 7 and 8 users may not found this as useful.



So without wasting much time..Here are the Steps:

Step 1)
Go to my computer.

Step 2)
open C drive (Drive in which you have installed windows OS).

Step 3)
Navigate to Users -> xyz(administrator) .

Step 4)
Be sure that visibility of System hidden files  is turned ON.
As go to
tools ->
 folder options
then check the checkbox Show hidden files and also uncheck Hide protected operating system files“. click on yes and press OK.

Step 5)
Now Open send to folder.

Step 6)
Now create shortcut of required folder.you may check for how to create shortcut for more guideline.

Done!!

In Windows 7 and 8 operating system this is not working.So it will helpful if somebody want to share if they know anything regarding this.
Thank you


Saturday, 2 November 2013

Introduction To Pentesting

Introduction To Pentesting - BackTrack

Penetration testing is the legal and authorized attempt to exploit a computer system with the intent of making a network or system more secure. The process includes scanning systems looking for weak spots, and launching attacks and prove that the system is vulnerable to attack from a real hacker.
Penetration Testing has several names:
§  Pen Testing
§  Ethical Hacking
§  White Hat Hacking
As you learn more about the art of hacking, you will see three terms used a lot. The white hats, the black hats, and the gray hats. The white hats are the “good guys”. They hack systems and networks so that the black hats (“bad guys”) can not. The black hats, also known as “crackers” are those that use hacking with malicious intent. They’re the ones that want to steal company secrets or your credit card information. For this reason, it is important for the white hats to know the tools and tricks of the black hats to stay a step ahead of them. As for the gray hats, they’re a combination of white and black. They often hack just because they can or like the challenge.
By now you may want to download and install backtrack Linux on your computer. Recommended Reading: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easyhttp://www.assoc-amazon.com/e/ir?t=novice2guru-20&l=as2&o=1&a=1597496553
A great book for anyone just learning how to hack or just wants to know more about security. Covers a lot of what you’ll find here plus a lot more. I can’t recommend this enough for beginners.
Hacking Lab
Having a place to practice is necessary to learn how to hack. This is were your own home hacking lab comes in. It is a place where you can control your attacks without harming any other systems. We want out lab to be isolated and have no chance of escaping to targets we didn’t mean to attack.
Option 1:
§  Two computers
§  Ethernet Cable
§  A switch
Option 2:
§  Use Virtual Machines
You will need 3 or more virtual machines. One for backtrack, one for a windows machine, and one for another linux box. The linux box will act as out victim server: SSH, Webserver, FTP, etc.
Option 1 is in case you have older hardware that can’t handle running more than one VM. However, these days, modern hardware can handle them. Option 2 is the better choice because you only need one computer.
Steps in Penetration Testing
1.      Reconnaissance
2.      Scanning
3.      Exploitation
4.      Maintaining Access

Hope you'll find almost every kind of need here. Check out Penetration Testing steps mentioned above.