hacking and cracking

Seminar on hacking and cracking presented by me at MIET, during 7th semester.

Hi friends a very good afternoon to all of you this is dushyant joshi and i am going to express some thoughts on the most exiting unwanted and unofficial theory of hacking cracking and virus making friends I select this topic because there are a number of misassumption in ur mind related to the hacking I want to remove them and strongly emphising that the hacking is the need of today's fast growing world.

“there is only a single way to make the rules, and a no. of ways to break them ”

So think because

the best security system is yet to be done.

Who is a hacker?

Most of u think that hackers are computer criminal there work is to damage system ,breaking server, deface websites and release viruses all these type of stupid works. And all these type of stupid work; but the reality is far away from that

Actually the hackers in my opinion are computer geeks who know almost every thing about Computers (both h/w and s/w) .hackers know every thing about how a s/w or a system application work .they know of things the normal people would only dream of. Even a computer engineer can only dream of .and they have the ability to do the impossible things .and we have to respect them due to their wide array of knowledge.

Who is a cracker?

Crackers are the person who does all the above type of stupid work.

cracker gain popularity only amongst a small part of the population that is the underground world. there are a number of cyber laws and punishment are there for them like huge fines ,imprisonment ,life time ban to use the computer .and in china the sentence of death is the final judgment ,California is the capital of the computer fraud and computer criminal .

Who is an Ethical hacker?

The new buzz word in the cyber world is ETHICAL HACKER .an ethical hacker is a hacker who prevent the cracker to break the system by closing the security holes he tell a system administrator about the security hole and also suggest him to close the hole. Recently the Indian govern with infosys will going to make an institute which start a course on hacking or correctly says as ethical hacking.

Password Basics

This section deals with the basics regarding passwords.

What are some password basics?

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not "decrypt" the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here -- NT, Netware, and Unix -- all use an algorithm that has been made publically available and has been scrutinized to some degree.

To "crack" a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available on the Internet for NT, Netware, and Unix.

What is a "dictionary" password cracker?

A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can "manipulate" each word in the wordlist by using filters. These rules/filters allow you to change "idiot" to "1d10t" and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can "pre-treat" the wordlist. Therion's Password Utility for DOS is a good example of a wordlist manipulation tool that allows all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

What is a "brute force" password cracker?

A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

Which method is best for cracking?

It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let's go through several scenarios.

If you remotely retrieved the password file to a system through some system bug, your goal may be to simply get logged into that system. With the password file you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means I recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program's manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

"dangers" of cracking passwords?

The dangers are quite simple, and quite real. If you are caught with a password file from a system you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason some hackers like to run cracking on someone else's systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is -- cracking is fairly CPU intensive), it looks to belong to someone else. Obviously you would want to run this under system administrator privileges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator). Being on a system you have legit access to also allows you better access to check on the progress. Of course if it is known you are a hacker, you'll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running ;-) but there are a couple of things you can do to protect yourself.

First, encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them. Also, have a legitimate copy of the OS whose password you are trying to correct, and import the one-way hash into your own password file. Therefore you are cracking "your own" passwords to protect your own system. Granted this isn't exactly foolproof, but it could only help.

Are there any password schemes that are safe?

No password scheme is "safe". In both NT and Netware, you have no choices. Any problems found with recovering the password hashes or problems in the protocols used during logon are usually left unsolved and simply "worked around". A good example with NT is the fact that the LanMan hash is much easier to crack. To eliminate the LanMan hash requires a lot of work, but it still doesn't erase the fact that you can still crack the NT hashes.

Windows login cracking:

All, Windows, users would probably be familiar with the infamous ‘pwl’ files or the files

here the Windows login passwords are stored. Well, this manual is aimed at, simplifying how the authentication works when you type in your User name And password, what exactly .pwl files contain, where exactly they come into the picture and a whole lot of related things.

The *.pwl files are basically files in which the Windows Login Passwords are stored in. These files can be found in the \Windows directory by the name of the User, whose password it contains. For Example, if your Windows login Username is dushyant, then the corresponding password would be stored in c:\windows\dushyant.pwl Get it? These .pwl files are readable in any text editor like Notepad, but they are definitely not understandable. A typical example, of the contents of a .pwl file is as follows:

ã‚...-
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR

p u.ÐX+|rÐq"±/2³ Êå¡hCJ‚D × `ÍY¥!íx}(qW¤ãÆ±<!?àÜ6šá˜ôæ4+\3/4õ+%E°ËÔýmÇÔ ÞI»‚ B à×œøÐ...'@

This is definitely not something; a normal person can comprehend or make sense of.

Now, besides the Windows registry, Microsoft’s policy of security by obscurity can also be seen in the case of what .pwl files. Although the original usage of .pwl files was a standard to be used, by all applications, Microsoft simply does not officially provide any type of information on the standards of .pwl files.

To get a list of .pwl files in your system or in other words to find out which all passwords using the .pwl technology (What a good friend of mine likes to call them) are being stored on a particular system, then simply open c:\windows\system.ini in a plaintext editor like Notepad and look under the [Password Lists] section. A typical line from this section would be in the following format: USERNAME=Path_of_pwl_file

For Example,

c:\windows\dushyant.pwl

delete the above file and restart ur computer and now u r the admin of the system ,,,,,,,,,,hello admin ............

For any query mail me at >> [email protected]

reference : Ankit Fadia (Ethical Hacker)

Hosted by www.Geocities.ws