Open post

Keystroke logging with keystroke recorder and its types

MODULE 8:- System Hacking

  1. How to get administrator privileges on windows 10
  2. Best keylogger Windows 10 pc – Full tutorial
  3. Keystroke logging with keystroke recorder and its types
  4. Top 10 Tools Used For Maintaining Access of Exploited System

Keystroke logging with keystroke recorder software

Keystroke logging is a process to record keys pressed by Keyboard, and you can do this by hardware and software. keystroke recorder software records keyboards activity and store into a log file. In Company, managers use this software to track employees’s activity similar Parents use this software to secure their children from internet spam. In other hand Hacker used remote keylogger   to capture username and password, Credit card information.

Key logger:

keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.Keystroke logging with elite keylogger

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal username and passwords or credit card information.

Most keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Webserver.

Keyloggers are sometimes part of malware packages downloaded onto computers without the owners’ knowledge.

Keylogger Types:

There are two types of keylogger are here hardware device keylogger or Software keylogger.

keylogger software and keylogger hardware

Software Keylogger:

These are computer programs designed to work on the target computer’s software. Working as keyloger from a technical perspective there are several categories:

  • Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes aVirtual-machine.
  • Kernel-based: A program on the machine obtainsroot access to hide itself in the OS and starts intercepting keystrokes that pass through the kernel. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications who don’t have root access. They are frequently implemented as rootkits.
  • API-based: These keyloggershook keyboard APIs inside a running application. The keylogger registers for keystroke events, as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key. The keylogger simply records it.
  • Form grabbing based:Form grabbing -based keyloggers log web form submissions by recording the web browsing on submit events. These happen when the user finishes filling in a form and submits it usually by clicking a button or hitting enter. This records form data before it is passed over the Internet.
  • Packet Analyzer: This involves capturing network traffic associated withHTTP Post events to retrieve unencrypted passwords. This is made more difficult when connecting via HTTPS.
  • Remote access software keyloggers

These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:

  • Data is uploaded to a website, database or anFTP
  • Data is periodically emailed to a pre-definedemail address.
  • Data iswirelessly transmitted by means of an attached hardware system.
  • The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.

Hardware Keylogger:

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.
keyboard logger Hardware

  • Firmware-based:BIOS -level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
  • Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between thecomputer Keyboard and the computer, typically inline with the keyboard’s cable connector. There are also USB connectors based Hardware keyloggers as well as ones for Laptop.
  • Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver.
  • Keyboard overlays: Criminals have been known to use keyboard overlays onATMs to capture people’s PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal’s keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.
  • Acoustic keyloggers:Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via statically method such as frequency analysis.
  • Optical surveillance: A strategically placed camera, such as a hidden surveillance Camera at an ATM can allow a criminal to watch a PIN or password being entered.
  • Smartphone sensors: Researchers have demonstrated that it is possible to capture the keystrokes of nearby computer keyboards using only the commodityaccelerometer found in smartphones. The attack is made possible by placing a smartphone nearby a keyboard on the same desk. The smartphone’s accelerometer can then detect the vibrations created by typing on the keyboard, and then translate this raw accelerometer signal into readable sentences with as much as 80 percent accuracy.
Open post
ntfs alternate data streams

NTFS Alternate Data Streams For Beginner

MODULE 9:- Data Protection 

  1. How to encrypt files and folders by EFS Windows 10
  2. How to Enable bitlocker windows 10 encryption – Full Guide
  3. How to use VeraCrypt portable, Truecrypt replacement in windows 10
  4. Data, file, full disk and Hard drive encryption software Veracrypt
  5. NTFS Alternate Data Streams For Beginner
  6. Top 10 steganography tools for Windows 10

NTFS Alternate Data Streams in Window

NTFS Alternate Data Streams in Window is a method where you can hide one file data into another file data. this is alternate data streams available only on NTFS file system of window

 Scenario:  If you created a text file with name firstfile.txt in notepad and write some matter inside the file. You can see what is written inside the file anytime. Now you create another file name secondfile.txt and you make some entry in this file. Is it possible to hide second file matter into firstfile. And if someone open first file, should be unable to see hidden data into first file only first data should be visible. Answer is yes and it is happened with NTFS stream. And you can see hidden matter when you want.

Create NTFS Alternate Data Streams

The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file’s main unnamed data stream, but by using the syntax ‘file:stream’, you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on a NTFS drive from within a command prompt.

Next, Open terminal and type following command

echo “This is data of first file > firstfile.txt

you have just created a file named firstfile.txt.

Next, run following command to write strem.

echo “This is second data stream” > firstfile:scondfile

alternate data streams

You’ve just created a stream named ‘secondfile’ that is associated with the file ‘firstfile’. Note that when you look at the first file you will find only enter text when opened in any text editor. To see your hidden stream run following command.

more < firstfile:secondfile

retreieving data from hidden file

Delete NTFS Alternate Data Streams from the file

NT does not come with any tools that let you see which NTFS files have streams associated with them,  and cant be deleted this stream. So you have need some extra software to download software https://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

Download software and extract zip file you will get a excitable file with stream.exe name run the following command to see hidden stream and delete stream
remove alternate data streams

More detail: http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

Open post
Unshadow the file and dump Linux password

How to Unshadow the file and dump Linux password

Hello friends, welcome again!

In the last post I told about Understanding Linux system security for Users After reading this post you have knowledge about Linux file system, and where username and password are stored in Linux? where you can dump this password? when you dump password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password

Unshadow the file and dump password in encrypted format

In this tutorial I am going to show you demo on Ubuntu 14.04 machine to unshadow the files and dump the linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After boot machine with Kali Linux OS Here is great automatic mounting utility in kali linux, you don’t need to mount manually anymore. You just click on linux filesystem under place menu Linux partition will be mounted automatic. Go into Place>filesystem

Linux system will be automatic mount on /media directory with a specific mounting value. Next, If you want to see mounting point value write the following commad

#ls /media

Go into Ubuntu file system by excuting following command

#cd /media/mounting value/

#cd etc

Copy both file shadow and passwd on Desktop

#cp shadow /root/Desktop

#cp passwd /root/Desktop

Unshadow Utility:

The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.

Use unshadow utility in kali linux to unshadow the password hashes, and dump into new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file

#cd /root/Desktop

#ls

#unshadow passwd shadow > unshadow

#ls

Next step is cracking the password hashes with help of john the ripper

#john unshadow

John will detect automatic hashes type if you don’t provide formate type.

Dump Linux hashes and crack with John in Kali Linux Offline mode Video Tutorial

https://www.youtube.com/watch?v=_SvH36bLtFQ

Open post
Understanding Linux system security

Understanding Linux system security for Users

Know about Linux system security

One of the most important Linux system security feature are passwords today. Most of server administrator and users use password to secure their system to get access by others. In Linux (RHEL/DEBIAN) these passwords are saved in passwd and shadow files in /etc directory. In deep description about passwd and shadow both file’s data encrypted.

Most distro uses one way encryption called DES (Data Encryption Standard) to encrypt passwords saved into /etc/passwd and /etc/shadow files. When you attempt the login the username and password, the password encrypted again and compare with saved password, if match found then you are allowed to access otherwise decline by the system.

Understanding /etc/passwd File:

This file contain the required information which used at time of user login. This is text file contains a list of user accounts for System. This contain the following entry in each line each field is separated by : so you can understand easily.

  1. Username : it is used when user logs in.
  1. Password: An x character indicates that password is encrypted and stored in /etc/shadow file.
  2. User ID (UID): Each user must be assigned a unique user ID (UID). UID 0 (zero) is reserved for root.
  3. Group ID (GID): The primary group ID (stored in /etc/group file)
  4. User ID Info: This field allow you to add extra information about the users such as user’s full name, phone number etc.
  5. Home directory: This is path of user’s home directory
  6. Command/shell: this is  path of a command or shell (/bin/bash)

passwd file

Understanding etc/shadow File:

This file stores passwords in encrypted format for user’s account. And also contain additional properties related passwords. It contains the following field and every field is sperated with a colon (:) character.

  1. User name : It is users login name
  2. Password: It is users encrypted password.
  3. Last password change: This contained the information when last password changed.
  4. Minimum: The minimum number of days required between password changes.
  5. Maximum: The password validity for maximum numbers of Days.
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since, that account is disabled

shadow file

 

Open post
Administrator password hashes from SAM database

Find Window password hashes from SAM database

What is Password Hashes and SAM Database?

SAM is stand for Security Account Manager. SAM database is a part of  windows Operating system consist user name and password in encrypted format called password hashes. SAM file is exist under C:/Windows/System32/config in Window 7/8/8.1/10. If User want to logon on the machine, user name and password should be match for authentication entered by user. If user put wrong username and password, authentication being failed. The encryption algorithm is NTLM2 used. The main purpose of SAM to save the computer and data by unauthorized person like hacker’s. But it is not completely work against a professional hacker. Here I am going to show you how hacker dump these encrypted password hashes from database and find out the password by cracking these hashes.

Boot Window machine with Kali Linux?

As I know you are learner here, so you have two option to make exercise on this topic. First create and install window (xp/7/8/8.1/10) machine on Virtual box, it is pretty easy and no harm for base computer. Another method is Do practice on base machine installed window OS already, in this condition you have to boot window machine by Kali Linux live Persistent DVD/Flash Drive.

When penetester boots Window machine with Kali Linux live then can use window file system without any interruption, As described above SAM are saved in the location C:/Windows/system32/config.  So we have main task to go to this location and find out the SAM database. After booting system with Kali Linux you should follow the given instruction to find out the password.

Step1: First step mount the window system partition

click on Place> Filesystem.

Mount window partitoin on Kali Linux

When you clicked on file system window partition will be mounted automatically on /media directory. Open the terminal and type following command to reach in location where SAM database saved.

#cd /media/Mounting Point value/Windows/System32/config

In above mounting value will be changed according the system you can see this value by executing following command

#ls /media

Step2: Relieve bootkey.

#bkhive SYSTEM /root/Desktop/system.txt
bkhive and bootkey

System.txt is a file where bootkey is stored and /root/Desktop is location to save system.txt file.

Step 3: Dump the password hashes

Password hashes is retrieved with combination of bootkey and SAM database, This process is completed with the help of samdump2 utility found in kali linux by default. Command is giving following

#samdump2 SAM /root/Desktop/system.txt > /root/Desktop/hashes.txt
samdump2 to get administrator password hashes

In implemented command SAM database and system.txt filed has been merged and created new file name hashes.txt. To see the password hashes dumped into hashes.txt file use given command

#cat /root/Desktop/hashes.txt

Change directory to /root/Desktop by using following command

#cd /root/Desktop

Step 4: John the Ripper a password cracking tool

After reaching the directory to crack hashes use excute john by given command

#john –formate=nt2 –users=vijay hashes.txt

john and ripper example to crack the password hashes

Open post

Dictionary attack tool thc-hydra tutorial for beginner

A very fast network login cracker with dictionary attack tool which support many different services.

Dictionary attack tool thc-hydra Description:

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however none does Either support more than one protocol to attack or support panellized Connects.

Protocols supported by thc-hydra

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,  HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,  MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,  PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,  SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to use hydra in Kali Linux

Thc-hydra is available in kali linux already you don’t need to install or configure it. In Kali Linux hydra available in two mode Graphical and Command line.

Graphical Interface of Hydra in Kali Linux:

Graphical interface is easy to use so let’s look on graphical interface of hydra:

  1. Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
    Open hydra-gtk
  2. Configure Hydra for Attack
  3. Target: there are following option are available:
    1. Single Target: Give the IP address of Single target
    2. Target List: you can upload file consist targets list.
    3. Define Port: specify port
    4. Protocol: Select protocol for attack
      configure target tab
  4. Passwords: In this tab you set the username and password and more…
    1. Username: Give the username if you know
    2. Username list: if you don’t know the username provide file location consist multiple usernames
    3. Password: This option for single password
    4. Password List: Here you provide the wordlist location
    5. Check on try login as password
    6. Check on Try empty password
    7. Check on Try reversed login
      configure passwords tab
  5. Tuning: Following options for this tab:
    1. Number Task: Repeat task
    2. Time out: configure timeout on not response
    3. Proxy: Set proxy if you are using. Or leave by default No proxy
  6. Specific: Leave default
  7. Start: Here you can start stop attack and save result
    start and result tab

Command line Interface of Hydra in Kali Linux:

As in Linux command line have their own importance and value and most of tools are available with command line interface for linux, Hydra is one of them. to know more about the hydra just execute following command

#Hydra –h

This command will show all options used with hydra command.

hydra -h

 

You have many options on how to attack with logins and passwords

With -l for login and -p for password you tell hydra that this is the only

login and/or password to try.

With -L for logins and -P for passwords you supply text files with entries.

e.g.:

hydra -l admin -p password ftp://localhost/

hydra -L default_logins.txt -p test ftp://localhost/

hydra -l admin -P common_passwords.txt ftp://localhost/

hydra -L logins.txt -P passwords.txt ftp://localhost/

Additionally, you can try passwords based on the login via the “-e” option.

The “-e” option has three parameters:

s – try the login as password

n – try an empty password

r – reverse the login and try it as password

If you want to, e.g. try “try login as password and “empty password”, you

specify “-e sn” on the command line

 

 

Source: https://www.thc.org

https://github.com/vanhauser-thc/thc-hydra

Open post
Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes with rcracki_mt

Rcracki_mt is a tool used to crack hashes and found in kali linux by default.  It is used rainbow tables to crack the password. Some other tools generate rainbow tables. You can download Rainbow table https://www.freerainbowtables.com/tables2/ if you don’t want to download rainbow table you can create you own by Using winrtgen in window and rtgen in Kali Linux

Generate Rainbow Tables in Kali Linux

You have entred in next step. here you can learn to generate rainbow tables by using some tools, There are some tools working for rainbow table are found in kali linux, location is /usr/share/rainbowcrack if you want to generate rainbow table

  1. Opne Terminal
  2. #cd /usr/share/rainbowcrack
    here you will see some tools. Use rtgen to create rainbow table.
  3. #rtgen hash_algorithm charset plaintext_length_min plaintext_length_max table_index chain_len chain_num part_index
    Example #rtgen md5 loweralpha-numeric 6 8 0 3800 33445532 0
  4. Your rainbowtable will be saved in the current location (/usr/share/rainbowcrack)

Generate Rainbow Tables

Crack Hashes with rcracki_mt in Kali Linux

Then issue the command rcracki_mt -h [hash] -t [num threads] [directory of rainbow tables]
For this example, [hash] is the cryptographic hash you wish to reverse. [num threads] is how many threads you wish to dedicate to the task. You should usually use an amount equal to the amount of processor cores available on your computer. The last parameter is the directory where the rainbow tables are located.

crack hashes

RCRACKI_MT in depth

The RCRACKI_MT process can be divided into 3 distinct phases.

  1. The pre-calculation phase
  2. The search phase
  3. The false alarm checking phase

RCRACKI_MT in depth

 

Scroll to top