Selasa 22 Mei 2007
saya bingung setelah mencari tutorial tentang hacking namun definisi hacking itu sendiri sudah menjadi satu seperti deface dan carding. Setelah memutuskan untuk melakukan Blog surfing saya mendapatkan Tutorial Hacking yang bagus sekali, kenapa bisa bagus? karena tutorial ini bersifat online dan bisa di ikuti siapa saja namun yang menjadi kelemahan adalah tutorial ini berbahasa inggris. oh iya saya meng-copy ini dari blog http://vigneshvgk.wordpress.com/ GBU 🙂
The basic reason behind writing this article is to make a new comer in this field aware of certain facts and lies.The very favourite question of every novice – “How can I hack password of Yahoo, Hotmail, Gmail, etc” or should I say that this is the question why most people choose hacking as a hobby? What’s a general perception about email password hacking? I have a username now I want to hack his/her password. What I need is a software in which I feed / input the username and the software will take care of the rest (i.e. checking different permutation and combination of passwords – BRUTE FORCE ATTACK) and give me the right password as an output. Great!!!!!!!! Such software exists in an IDEAL world, not REAL.Dear Friends, have you ever gave this fact a thought that when you enter a wrong password three consecutive times you are asked to input the letters shown in a picture, and if you again input the wrong password a certain number of times then the account is closed temporarily for about half hour.So forget about the software which can check for different permutations and combinations because it has to perform certain extra steps mentioned in the above paragraph, which are very hard (almost impossible) to implement.So does it mean that it’s impossible to crack an email account password?Well I’d say impossible is an inappropriate word in the above statement, because in hacking nothing is impossible because nothing is perfect.
TRUTHEvery time a software is created, the beta version is launched first to check the flaws in it (In Hacking These Flaws Are Called DOORS). Those which are discovered are closed, but most of the times some doors are left open intentionally or by mistake. So a hacker’s job is to find out these doors and exploit it to solve his purpose.E.g.: Years ago one open door was found by a hacker in hotmail. Process: You write a java script (hardly a 2 – 3 line code) in the message field and send it to your target. When your target opens the message the java script is executed and a page is displayed on the targets computer saying “you have been logged out of hotmail please re enter your password and username” (a proxy site) once your target enters the required information it is sent back to you. Pretty Simple!!!!!!!!!But this method became so popular that hotmail got hold of it and the door was closed.Another popular method these days is of a Trojan which is used to hack the password of yahoo messenger. The process is quite similar to above. You install a software on your system known as Magic PS 1.5. This software sends the same message to your target (while you are chatting to him / her) that you have been logged out kindly re-enter your username and password. Once your target enters the required information it is sent back to you. Simple Again!!!!!!!!!So are these the only available ways through which you can hack somebody’s password?Nobody can guarantee that some other ways do not exist but ITS CERTAINLY NOT A BRUTE FORCE ATTACK.Important: If somebody says that he knows a way to hack an email password…….please do not send your email address to him/her.
For Cracker –
In this topic we will se that how we can get access to different user accounts on Local Area Network running Windows 98 / Windows XP.
Here we will discuss the simplest method to crack password i.e. the software way.
You need to have the following software’s – 1). Caine & Abel for Windows 98
2). LC5 for Windows XPHow to use these software’s?SCENARIO – A LAN in which every system (not necessarily) is running on Windows 98.Now in order to use the LAN features every user must have a Login Username and Password.Whenever a user creates an account or enters his username and password (for login purpose) the value is stored or compared from a “PWL” file respectively. This file is saved in c:\windows directory and is easily accessible to every user on the LAN. E.g.: I am a user and my login name is “crack”, so the format or name of the pwl file will be “crack.pwl”. So all you need to do is copy this pwl file on a floppy, cd, pen drive, or any other medium you desire. Now open this pwl file in Caine & Abel and run the attack (dictionary or brute force). Depending upon the password length the software will take its time to break the code.Never run this software on a slow machine as it would take weeks to crack a single password. In Windows XP the case is little bit difficult. The password is stored in SAM file. There are three copies of SAM file in XP – One in Windows\system32\config, another in Windows\repair and the last one is stored in windows registry. You will not be able to see or copy these files or values while Windows is running. So Boot your system using a bootable disk i.e. in dos mode and copy the file.
Once you have the SAM file open it in LC5 and it will take care of the rest.Another possible way is – Just install LC5 on the target system and it will tell u all the usernames and password stored in that particular system. But it’s not feasible because LC5 can also take days to crack a single password (depending upon the password length).FOR USER –In order to safe guard your account all you need to do is just set a lengthy password containing alphabets, numbers and one special character i.e. @#%^*&(*(). And kindly change your password on a periodic basis.
Creating / Generating Software Keys / Serial NumbersThe main aim of this chapter is to clear some basic concepts of using Disassembler i.e. how a cracker generates the registration key or Serial number of a software.Below is the C program which perform the following function –1).Prompt for a password2).Display the comparison. 3).Matches the password character by character.
#define PASSWORD_SIZE 100
#define PASSWORD “password\n”int main ()
char buff [PASSWORD_SIZE];
printf (”Enter password:”);
fgets (&buff , PASSWORD_SIZE,stdin);
if (strcmp (&buff , PASSWORD))
printf (”Wrong password\n”);
if (++count>3) return -1;
printf (”Password OK\n”);
}Important: This code is not written by me so i cannot guarantee whether it’ll work or not.
In the last chapter we saw that how a protection mechanism is created, which was demonstrated using a very simple c program which ask user to input a password and if the password matches the correct value it displays a message “Password OK”.Now we will see how to crack that password.
Note: This chapter only covers the basic i.e. how these things are done; we do not guarantee that it will work on every program. However, the process remains the same.What we are trying to do here is called Reverse Engineering. Though we cannot generate the source code from the executable file but we can have an idea what the source code looks like. There are lots of software’s available which can generate the binary code and assembly instructions from the executable file. Therefore, if the reference password is stored in the program itself (like the one which we created) and is not converted to some other form then it can easily be tracked just by looking at the binary code of the file.SOFTWARE’S1). A HEX EDITOR: A hex editor is a computer program that allows a user to edit compiled programs and binary data-files. Hex editors most often present data in hexadecimal format, because it is easier and also because computers tend to work with 8-bit bytes of information. In short, these programs are able to edit the executable files. 2). A DISASSEMBLER: This program can convert the executable file into assembly language. In Short, these programs can help you understand that how a program is working which is necessary to change the way it is working. E.g. if the program will run only after providing the correct password, then by using a Disassembler its function can be changed to accept every password as the correct password. In order to work with a Disassembler a person needs to have a good understanding of all the assembly language instructions such as JMP, PUSH, POP, etc.Try Hacking Test 4 in order to know how these software’s are used.
PASSWORD CRACKING USING RAINBOW TABLEIn order to work with rainbow tables and rainbow crack we must first understand the following keywords-1). LOOKUP TABLE – A lookup table is usually an array which is used to replace a runtime operation (in our case – a real time password cracking) with a simpler LOOKUP operation. This way we can achieve great speed at the cost of memory.The idea is to pre-calculate hashes of all possible passwords and store them in a table in the memory. These tables are called Rainbow Tables. The pre computation of hashes takes a long time, but once it is done, this type of password cracking is hundreds of time faster than the traditional Brute Force Attack.2). SPACE – MEMORY TRADE OFF – It is a situation where the memory use can be reduced at the cost of slower program execution, or vice versa, the computation time can be reduced at the cost of increased memory useA Classic Example – A space-time tradeoff can be applied to the simple problem of data storage. If data is stored uncompressed, it takes more space but less time than if the data were stored compressed (since compressing the data reduces the amount of space it takes, but it takes time to run the compression algorithm). Depending on the particular instance of the problem, either way is practical.How to generate a Rainbow Table?Search for a program called rainbow crack.Warning: Rainbow tables are very large, can take GB’s of system space.Definition of Rainbow Crack – Rainbow Crack tool is a hash cracker. A traditional brute force cracker tries all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.
Since most of the people didn’t get what we were trying to do in Hacking Test 4….here is another variant of it….
The process remains the same however the test file and software changes…….
Download the file test5 from following address….
Change the file extension to .exe
Open it – you’ll see something like this “Evaluation period out of date, purchase new version“
Next – Download “OllyDbg version 1.10″
Read about software functions using inbuilt help menu……
Also read the following topic “Basics of Assembler” posted on the blog……..
What is the test?
You have to edit the program using disassembler. After successful editing (cracking) the output of the program changes to “you really did it!! congratz!!”
All u need to do is just download the file TEST from –
After downloading, rename it as test.exe
What is the Test?
Tell us the password of the file. Also, you have to tell the procedure i.e. how did you break it?
Send the solution to – email@example.com
Hint: Read Lesson 9 & 10.
Software Required : A Hex Editor.
Best Of luck!!!!!!!
Those who are interested in further reading can contact the blog for material…….
This one is pretty simple………………
All you need to do is just read LESSON 8 and tell me the procedure by which you can copy the main SAM file from c:\windows\system32\config folder…….
Just write down the procedure and send it to firstname.lastname@example.org
Whoever will tell the procedure will move to the next level of the test…..
BEST OF LUCK!!!
Check your skills on Chapter Five & Six———
Make sure you perform every step with caution; a single mistake can crash your system. Steps:You have to download a file named “gatekeeper.rar” from the following site-http://www.esnips.com/doc/331bd453-a377-4154-82ae-f8c5313e0074/gatekeeperIt’s a .rar file so first extract it……….you will see a file gatekeeper.exe in the folder, when you click on it, it will ask whether you accept the terms and condition……once you accept the terms and condition it will ask you to enter a password (two times).Y
ou have to enter the following password – hackingOnce the password is entered, the software is ready to use……now you can lock any folder in your system………………….DONT DO IT……since this software was made years ago so it will not work on Windows XP (will only work on windows 98 and earlier version).
What is the test?Now you have to search the registry for this software, find it and recover the password in binary form (as this is the form in which it is stored in the registry). Once you have the password you have to send it to email@example.com
: Whoever will crack the password without any further clue will get a cool software.HACKING TEST 1 Test your skills on LESSON 1.……
For all those who have read lesson 1….here’s a simple way to check how much they understood.
1).You have to download an excel file (Named – Test) from the following site-
2).The file is password protected and to make it a little bit difficult i have set an alphanumeric password.
3).What is required?
-You have to find an excel file password cracker on the net.
-Crack the password.
-Send it to firstname.lastname@example.org
4).Since it would be difficult for a new learner to find the full version of the software, i have set the password length which can be cracked by a demo version of any password cracker.
Who ever will crack the password will get to learn the way to crack any length password of any type.
Your time starts now………………..