we have a user name, for example: admin ... then we try each of character combinations as a password using automated script (program).
for example:
user: admin password: 1 -- login fail
user: admin password: 2 -- login fail
... (many login attempts) ...
user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail
... (many login attempts) ...
user: admin password: T3h_s3cr3t -- login success.
Dictionary Attack on Password.
we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated (joined, glued together) into a longer password. again we use automation tool as script for example.
opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.
often it's better to start with a dictionary, before trying brute force or other methods later.
all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.
for a simplified example:
username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.
after using script we'd have following dictionary attack:
user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail
... (many login attempts) ...
user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail
... (many login attempts) ...
user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success.
Hacking Router.
... tried this with my router (TL WR740N), with a success.
 |  |
Attack on Router's Password with Brutus Software.
Words List,
a 'Dictionary' file.
Attack on Router's Password with THC-Hydra Software.
 |  |
Login Success.
Other Use Cases.
perhaps this can be used with web applications as well, didn't have time to check this properly as of yet - but my Computer Sciences knowledge tells me that this can be done, not sure if with this versions of software ... if protections such as 'Captcha' won't interfere.
i read that THC-Hydra at least can be used to attack other protocols/software as the SSH for example.
there are protections as well,
there are other similar tools as well.
Hacking Tools' writing urge.
... something tells me i should learn HTTP, Telnet, SSL/TLS & SSH protocols properly, then write a tool similar to Brutus & Hydra.
it's best to know Your hacking tools, to write them from scratch, i think.
Router Firmware Upgrade.
The Router's Firmware Upgrade is possible.
this can be done as is seen on a image above,
there's the danger of turning a router into a spy-tool.
... a lot of low-level programming knowledge & effort is neccessary, i think ...
... probably certain hackers did that already, however, i think.
Saturday, November 14, 2015
About Computer Sciences & Hacking.
Computer Sciences.
Computer Sciences are a vast field of knowledge, it's more than one person can learn during a lifetime. Large projects last for years, many employees work on them at the same time. In case of programming, it's not only knowing a single programming language, but also mathematics, software production methodologies & a lot of theoretical background. Programmers are people who understand how computers work, are able to make them work in a certain way, as ordered by customers.
Technology Race.
Once a while new technologies, new solutions appear, competing to float above others as far as sales go. These can be compared to a toolbox of a programmer, different hammers, drills, nails, etc ... Part of these technologies are open source & freely available, as for example emerging Dragonfly Algorithm is, others are patented trade secrets. Because of competition & a fast work pace, security errors are a part of the race.
Hacking.
Hackers are Information Technology personnel who specialize in Software Security. Once they are aware of a problem in application's security they can break it, gaining access & control over a machine it's run on, or disable the Service’s Internet access, for a while at least.
Common hacking Methods.
Most known of hacks is the Buffer Overflow Hack, where computer memory is overwritten with specificially prepared data, known as shellcode ... in the end shellcode is run instead of original application, doing hackers' will. Other important parts of hackers' toolbox are: Heap Overflow Hacks, Format String Hacks, Rootkits, Backdoors, Social Engineering Hacks, SQL Injection Hacks, Denial of Service Hacks, probably more as well ...
Service Security.
It's not uncommon for Corporations to hire hackers as Security Personnel to 'patch the holes', as well as to use other means of increasing security of Corporate Systems. Antivirus software also helps, often it's best to use a combination of Firewall Software, Antivirus Software, Intrusion Detection System Software & Security Personnel.
Computer Sciences are a vast field of knowledge, it's more than one person can learn during a lifetime. Large projects last for years, many employees work on them at the same time. In case of programming, it's not only knowing a single programming language, but also mathematics, software production methodologies & a lot of theoretical background. Programmers are people who understand how computers work, are able to make them work in a certain way, as ordered by customers.
Technology Race.
Once a while new technologies, new solutions appear, competing to float above others as far as sales go. These can be compared to a toolbox of a programmer, different hammers, drills, nails, etc ... Part of these technologies are open source & freely available, as for example emerging Dragonfly Algorithm is, others are patented trade secrets. Because of competition & a fast work pace, security errors are a part of the race.
Hacking.
Hackers are Information Technology personnel who specialize in Software Security. Once they are aware of a problem in application's security they can break it, gaining access & control over a machine it's run on, or disable the Service’s Internet access, for a while at least.
Common hacking Methods.
Most known of hacks is the Buffer Overflow Hack, where computer memory is overwritten with specificially prepared data, known as shellcode ... in the end shellcode is run instead of original application, doing hackers' will. Other important parts of hackers' toolbox are: Heap Overflow Hacks, Format String Hacks, Rootkits, Backdoors, Social Engineering Hacks, SQL Injection Hacks, Denial of Service Hacks, probably more as well ...
Service Security.
It's not uncommon for Corporations to hire hackers as Security Personnel to 'patch the holes', as well as to use other means of increasing security of Corporate Systems. Antivirus software also helps, often it's best to use a combination of Firewall Software, Antivirus Software, Intrusion Detection System Software & Security Personnel.
Wednesday, February 4, 2015
Hacking Wireless.
how to crack password in a wireless router?
(of a network, not router's).
using aircrack-ng tool suite, for example.
we need also a computer with wireless network card that can go into 'monitor mode'.
this tutorial shows how, with kali linux pc (Paco):
first we turn on network card's monitor mode.
then we start 'sniffing' for data with airodump-ng tool.
we have to provide a dictionary file, either script-generated or downloaded.
if we want to use letter/digit/word/syllable combinations or something similar, we have to prepare dictionary properly, for example with a script.
this time i've provided modest three-word dictionary by typing it in Linux's vi editor.
i didn't see a Linux version without this editor as of yet.
then we can use aircrack-ng command to attack password.
command below attacks password protected by WPA standard, using dictionary method.
for more, reader should consult linux man pages or a proper course, perhaps more.
data 'sniffed' can be also decrypted with airdecap-ng tool, for example.
see also, if You wish: Wireless Network Cards with Linux.
(of a network, not router's).
using aircrack-ng tool suite, for example.
we need also a computer with wireless network card that can go into 'monitor mode'.
this tutorial shows how, with kali linux pc (Paco):
first we turn on network card's monitor mode.
then we start 'sniffing' for data with airodump-ng tool.
we have to provide a dictionary file, either script-generated or downloaded.
if we want to use letter/digit/word/syllable combinations or something similar, we have to prepare dictionary properly, for example with a script.
this time i've provided modest three-word dictionary by typing it in Linux's vi editor.
i didn't see a Linux version without this editor as of yet.
then we can use aircrack-ng command to attack password.
command below attacks password protected by WPA standard, using dictionary method.
for more, reader should consult linux man pages or a proper course, perhaps more.
data 'sniffed' can be also decrypted with airdecap-ng tool, for example.
see also, if You wish: Wireless Network Cards with Linux.
Subscribe to:
Posts (Atom)