Brute Forcing Web-Based Authentication With THC-Hydra

Brief Introduction

We will be using  the UNIX distribution of THC-Hydra and I'll go through some of its main features and different attack methods.


How to install:

First you’ll need Backtrack or Kali ( this tutorial is done in backtrack) , of course. You can either run it in virtualization on a virtual machine like VMware or Virtualbox. I will not cover how to boot Backtrack, there have already been lots of tutorials on the net.

Now I suppose most of you know how to run it but nevertheless I included a guide for the installation process under Backtrack 5R2 (or any unix based system as a whole).

Open up a terminal and type:
wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz

Once dowloaded: Extract it : 
tar -xvf hydra-6.3-src.tar.gz

Now Configure and Install
./configure && make && install

make install 

HOW TO USE: 

Note: If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21)

Now in order to brute-force a specific login form you need to define the username (if you don't know it include a file containing some), the wordlists directory, the service attacking and form method and the page itself.

Specifying those parameters the attack would look like:
./hydra -l admin -P /root/Words.txt site.com http-post-form "/login.php&username=^USER^&password=^PASS^"



The -l switch defines the username and the capital -L - a list of usernames for the brute-force attack (if you don't know the login).

The -p switch defines the password and the capital -P - the directory for the wordlists ( the -P is used almost always)


If we're attacking a web form over http and the method is post then we use "http-post-form" if the service is FTP simply use "ftp".

Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the code.


hey could be usr,pwd etc - it's not necessarily for them to be as in most cases "username" & "password". Just view the source and make sure what their names are.

Now there are a lot more options of Hydra. I'll explain some of them below no matter that they are included in the MAN page of hydra

-vV - The verbose mode. This mode shows you every login attempt hydra tries.
-s - We specify the port on which we're running our attack.
-x - For brute-force parameters generation. We define our charset and minimum & maximum length of it.
-R - Restores a previously aborted session of an attack.
-e ns - Checks for blank or no password fields.

So an example of an advanced attack would look like:

./hydra -L /root/usernames.txt -P /root/HugeDB.txt -e ns -vV -s 80 site.com http-post-form "/login.php&username=^USER^&password=^PASS^


The Art of Intrusion - Ebook By Kevin Mitnick



In one of our Previous Post : Guide from Script Kiddie to Hacker , we had mentioned an e-book by Kevin Mitnick, about Real and Actual Hacking Events! Well its for you to download now :)
Download Below

How to get IP address through STEAM

Hello, this is a guide how to get ip adress through Steam.

----------------

Requirements:
Steam  |||  WireShark.

----------------

Basic cryptography - What are Rainbow tables?

Image Courtesy: Wikipedia



What are Rainbow tables?

Hashing and Encryption

When a user enters their username and password into a forum; website; account; etc, their username is checked for existence and if it returns true, then depending on the security system, the password they typed in is either hashed and compared with the password stored on the database, or the password on the database is decrypted and then compared with the password the user entered. These hashes and encryptions are security measures so anyone that has access to the database will not see 'Password123', instead they will see '42f749ade7f9e195bf475f37a44cafcb' which is the MD5 hash value of Password123 (The encryption will not always be MD5 - On another note, if this is your password then I highly suggest changing it because if anyone has an interest in gaining access to your account then you're fucked.

What are Rainbow tables?
So your friend runs moshi monsters and you've forgotten your password (idiot.), he checks his databases and finds the hashed value of your password: a5140b33be807008712c668cf5f30ce2. How will you find your original password quickly? ==> Rainbow tables.

Rainbow tables are files containing precomputed hash values of plain-text passwords, they have every combination of certain characters up to a certain length. These files can vary in size; you can get Rainbow tables specific to operating systems aswell to crack the passwords of the users stored on the computer. So for hashed passwords, you can use a program that compares every precomputed hash with the hash you're trying to crack and when it finds a match; it finds what plain-text password the hash was created from and displays the plain text on screen - the password. You can obtain the password by brute forcing it without Rainbow tables however it will take a lot longer because the hashes are not precomputed.

How to obtain them?

Rainbow tables are available for free download on the internet - there are many different kinds varying in size from 500MB to 1000GB. As you can guess; the larger the file the more precomputed hash values are stored in the Rainbow table. If you are cracking the SAM file of a Windows computer, I would recommend going to the Ophcrack website and downloading a Windows specific Rainbow table. If you just want a general Rainbow table for cracking other passwords or hashes, you can download them.

How to make them?

This is a tutorial on how to make Rainbow tables using Rainbow crack - you can download it for Windows and Linux Please note: If you are using Kali Linux or Backtrack then Rainbow crack should already be installed - you can check by typing 'rcrack' into Terminal. \\Please note that even tough rcrack uses multiple cores - the process of generating Rainbow tables can still take several hours// Once you have it installed, follow the steps below for your OS:

Linux

  1. Run terminal and type 'rcrack' to make sure it's installed correctly (you may have to give the full directory)
  2. Decide which hash algorithm you want to make a rainbow table of and decide which character set you want to use
  3. Now type into Terminal (without brackets): rtgen (Hash algorithm) (Character set) 1 7 0 3800 33554432 0 (For example: rtgen md5 loweralpha-numeric 1 7 0 3800 33554432 0)
  4. The '7' is the max plaintext length the table will generate for - this can be lowered or increased however keep note that it will increase the size of your Rainbow table file.
  5. When it has finished generating - a file with the *.rt extension will be saved in your current directory. You can use this rainbow table to crack passwords hashed in the algorithm you chose within the max length and character set. To crack a single hash using your new rainbow table - type in: rcrack/rcrack_cuda/rcrack_cl (location of Rainbow table) -h (hashed value)
For example: rcrack/rcrack_cuda/rcrack_cl /root/md5_loweralpha-numeric#1-7_0_3800x33554432_0.rt -h a5140b33be807008712c668cf5f30ce2
Windows

  1. Open command prompt
  2. Change the directory to the location of all the rcrack.exe files you downloaded (For example: cd "C:\Documents and Settings\------\Desktop\rainbowcrack-1.6-win32")
  3. Decide which hash algorithm you want to make a rainbow table of and decide which character set you want to use
  4. Now type into Cmd (without brackets): rtgen (Hash algorithm) (Character set) 1 7 0 3800 33554432 0 (For example: rtgen md5 loweralpha-numeric 1 7 0 3800 33554432 0)
  5. The '7' is the max plaintext length the table will generate for - this can be lowered or increased however keep note that it will increase the size of your Rainbow table file.
  6. When it has finished generating - a file with the *.rt extension will be saved in your current directory. You can use this rainbow table to crack passwords hashed in the algorithm you chose within the max length and character set. To crack a single hash using your new rainbow table - type in: rcrack/rcrack_cuda/rcrack_cl (location of Rainbow table) -h (hashed value) (For example: rcrack/rcrack_cuda/rcrack_cl /root/md5_loweralpha-numeric#1-7_0_3800x33554432_0.rt -h a5140b33be807008712c668cf5f30ce2)

    Any issues just drop them in the comments below and I'll help you out

CyberGhost VPN 3 Month Key



Welcome to CyberGhost 5, the VPN that makes privacy simple and accessible! They offer you  3 months Premium for FREE. Unlimited traffic and bandwidth, access to servers in Germany, US, Switzerland and other countries are just a few of the excellent features of this subscription. 


GET THE DEAL HERE

Free Lifetime Hosting



Basically this site offers a free trial on hosting, BUT lets you start another trial before the first one ends!

SIGN UP HERE


Select hosting package (whichever you want) , free trial
Enter your details.

IMPORTANT: (you can only do this 6 days before your trial ends)
Start a new domain by following the same steps with a new account. The trial domain will expire, and your new one will take its place.

Rinse and repeat each month ( But make sure to keep the backup databases) :) 

SIGN UP HERE


More Free hosting will be published in our next post! 

How to get Free Gems In Clash of Clans



Clash of Clans is a typical strategy game which involves making one’s own tribe the most powerful and winning over other tribes by fighting battles. But the difference arises from the fact that it is innovative and unique in concept as compared to other strategy games which had become monotonous after a certain level and gamers were easily getting bored. Clash of Clans has come as a refresher for the people who love strategy games and wanted a captivating game to play. But Today, I am not here to talk about the game, I am here to talk about how you could get free gems in Clash of clans! What are clash of clan gems? Gems are gems :P, but more specifically, ingame you can use them to speed up upgrades, buy  coins, get more elixir etc. SO just use the download below for the method.