Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.
Additional notes:
Kon-Boot was designed to work on X86-32 architectures only.
This utility was not designed to work with USB sticks, however you can try some unofficial methods to boot Kon-Boot from USB, check the USB tutorial on IronGeek or Raymond blog post.
Kon-Boot was presented on numerous places, it was featured in: Hak5 Episode-518, PaulDotCom Security Weekly Episode-158, WindowsITPro and others. Till the 13-07-2009 it was downloaded about 170.000 times.
untuk download klik sini
Thursday, January 26, 2012
Reaver-wps WPA/WPA2 Cracking Tutorial
Reaver performs a brute force attack against an access point's WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP's wireless settings can be reconfigured. While Reaver does not support reconfiguring the AP, this can be accomplished with wpa_supplicant once the WPS pin is known.
Reaver performs a brute force attack against the AP, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually. That means that there are 10^4 (10,000) possible values for the first half of the pin and 10^3 (1,000) possible values for the second half of the pin, with the last digit of the pin being a checksum.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts. The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.
Reaver WPA Cracking Tutorial
Download:
Reaver is only supported on the Linux platform, requires the libpcap and libsqlite3 libraries, and can be built and installed by running:
$ ./configure
$ make
# make install
To remove everything installed/created by Reaver:
# make distclean
USAGE
Usually, the only required arguments to Reaver are the interface name and the BSSID of the target AP:
# reaver -i mon0 -b 00:01:02:03:04:05
The channel and SSID (provided that the SSID is not cloaked) of the target AP will be automatically identified by Reaver, unless explicitly specified on the command line:
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
By default, if the AP switches channels, Reaver will also change its channel accordingly. However, this feature may be disabled by fixing the interface's channel:
# reaver -i mon0 -b 00:01:02:03:04:05 --fixed
The default receive timeout period is 5 seconds. This timeout period can be set manually if necessary (minimum timeout period is 1 second):
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
The default delay period between pin attempts is 1 second. This value can be increased or decreased to any non-negative integer value. A value of zero means no delay:
# reaver -i mon0 -b 00:01:02:03:04:05 -d 0
Some APs will temporarily lock their WPS state, typically for five minutes or less, when "suspicious" activity is detected. By default when a locked state is detected, Reaver will check the state every 315 seconds (5 minutes and 15 seconds) and not continue brute forcing pins until the WPS state is unlocked. This check can be increased or decreased to any non-negative integer value:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
For additional output, the verbose option may be provided. Providing the verbose option twice will increase verbosity and display each pin number as it is attempted:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv
The default timeout period for receiving the M5 and M7 WPS response messages is .1 seconds. This timeout period can be set manually if necessary (max timeout period is 1 second):
# reaver -i mon0 -b 00:01:02:03:04:05 -T .5
Some poor WPS implementations will drop a connection on the floor when an invalid pin is supplied instead of responding with a NACK message as the specs dictate. To account for this, if an M5/M7 timeout is reached, it is treated the same as a NACK by default. However, if it is known that the target AP sends NACKS (most do), this feature can be disabled to ensure better reliability. This option is largely useless as Reaver will auto-detect if an AP properly responds with NACKs or not:
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
While most APs don't care, sending an EAP FAIL message to close out a WPS session is sometimes necessary. By default this feature is disabled, but can be enabled for those APs that need it:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
When 10 consecutive unexpected WPS errors are encountered, a warning message will be displayed. Since this may be a sign that the AP is rate limiting pin attempts or simply being overloaded, a sleep can be put in place that will occur whenever these warning messages appear:
# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360
Reaver performs a brute force attack against the AP, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually. That means that there are 10^4 (10,000) possible values for the first half of the pin and 10^3 (1,000) possible values for the second half of the pin, with the last digit of the pin being a checksum.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts. The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.
Reaver WPA Cracking Tutorial
Download:
Reaver is only supported on the Linux platform, requires the libpcap and libsqlite3 libraries, and can be built and installed by running:
$ ./configure
$ make
# make install
To remove everything installed/created by Reaver:
# make distclean
USAGE
Usually, the only required arguments to Reaver are the interface name and the BSSID of the target AP:
# reaver -i mon0 -b 00:01:02:03:04:05
The channel and SSID (provided that the SSID is not cloaked) of the target AP will be automatically identified by Reaver, unless explicitly specified on the command line:
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
By default, if the AP switches channels, Reaver will also change its channel accordingly. However, this feature may be disabled by fixing the interface's channel:
# reaver -i mon0 -b 00:01:02:03:04:05 --fixed
The default receive timeout period is 5 seconds. This timeout period can be set manually if necessary (minimum timeout period is 1 second):
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
The default delay period between pin attempts is 1 second. This value can be increased or decreased to any non-negative integer value. A value of zero means no delay:
# reaver -i mon0 -b 00:01:02:03:04:05 -d 0
Some APs will temporarily lock their WPS state, typically for five minutes or less, when "suspicious" activity is detected. By default when a locked state is detected, Reaver will check the state every 315 seconds (5 minutes and 15 seconds) and not continue brute forcing pins until the WPS state is unlocked. This check can be increased or decreased to any non-negative integer value:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
For additional output, the verbose option may be provided. Providing the verbose option twice will increase verbosity and display each pin number as it is attempted:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv
The default timeout period for receiving the M5 and M7 WPS response messages is .1 seconds. This timeout period can be set manually if necessary (max timeout period is 1 second):
# reaver -i mon0 -b 00:01:02:03:04:05 -T .5
Some poor WPS implementations will drop a connection on the floor when an invalid pin is supplied instead of responding with a NACK message as the specs dictate. To account for this, if an M5/M7 timeout is reached, it is treated the same as a NACK by default. However, if it is known that the target AP sends NACKS (most do), this feature can be disabled to ensure better reliability. This option is largely useless as Reaver will auto-detect if an AP properly responds with NACKs or not:
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
While most APs don't care, sending an EAP FAIL message to close out a WPS session is sometimes necessary. By default this feature is disabled, but can be enabled for those APs that need it:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
When 10 consecutive unexpected WPS errors are encountered, a warning message will be displayed. Since this may be a sign that the AP is rate limiting pin attempts or simply being overloaded, a sleep can be put in place that will occur whenever these warning messages appear:
# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360
Why Use Internet Monitoring Software?
When asked for their view on Internet monitoring software, organizations typically give one of two answers. Some will say that Internet monitoring software is needed because otherwise employees will abuse their Internet privileges and waste a lot of time online instead of working. Others will tell you that privacy is sacred and Internet monitoring software may be seen as abusive and as an infringement on employee privacy.
In reality, both answers are incorrect, especially in the context of an organization’s security. Internet monitoring is not about spying or controlling employees per se; it’s about the safety of your network.
Although employee privacy needs to be respected, there are important business considerations as well. Being too strict and ‘prying’ into users’ online activity can lead to low morale and lower productivity. In some cases, it can lead to abuse or discrimination. However, a good Internet
monitoring solution can anonymize the data when reports are generated. This means that the administrator can get a detailed view of the organization’s Internet activity without knowing who is generating that traffic. Only in particular cases, such as in a legal investigation and the gathering of forensic evidence, would it be possible to identify an individual’s use of the Internet.
The real problem is how to protect the organization from web-based threats. Irresponsible Internet usage can put a company at risk inseveral ways;from downloading malware-infected software to
visiting websites that carry drive-by downloads or other exploits, as well as phishing sites. With a good Internet monitoring solution it is possible to allow users to access only authorized sites that are
relevant to one’s work – this greatly reduces the risk that your network is exposed to malicious sites and malware. Internet monitoring software will also scan any downloads for malware,sometimes using multiple anti-virus engines to ensure the biggest possible virus detection rate.
Internet monitoring software will also give valuable information that can help an administrator to detect problems and take corrective action in a timely manner. For example, if bandwidth usage is
excessive, the computer and application responsible for using excessive bandwidth can be identified and fixed. If there is no indication that the connection is being abused but bandwidth utilization remains high, it may be the case that the organization’s Internet backbone needs to be upgraded.
In security terms,information on bandwidth usage and the time of day when this usage occurs can help to identify malicious activity. If large bandwidth spikes are recorded on weekends when few or no one is working, then the network may have been infected with a botnet and the organization’s machines are being used to send spam or run DDoS attacks.
RobustInternet monitoring software will allow the administrator to strike a balance between productivity and personal freedom. Allowing users time to check their personal email or browse for a short time can have a positive impact on productivity. To prevent abuse, you can use Internet monitoring software to set quotas limiting the time a user can spend browsing certain site categories.
Internetmonitoring software can give you control over your Internet connection and employee browsing yet enable you to maintain a high level of security without impacting on productivity and morale. There is no need to take draconian measures. Simply use Internet monitoring software.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs.
In reality, both answers are incorrect, especially in the context of an organization’s security. Internet monitoring is not about spying or controlling employees per se; it’s about the safety of your network.
Although employee privacy needs to be respected, there are important business considerations as well. Being too strict and ‘prying’ into users’ online activity can lead to low morale and lower productivity. In some cases, it can lead to abuse or discrimination. However, a good Internet
monitoring solution can anonymize the data when reports are generated. This means that the administrator can get a detailed view of the organization’s Internet activity without knowing who is generating that traffic. Only in particular cases, such as in a legal investigation and the gathering of forensic evidence, would it be possible to identify an individual’s use of the Internet.
The real problem is how to protect the organization from web-based threats. Irresponsible Internet usage can put a company at risk inseveral ways;from downloading malware-infected software to
visiting websites that carry drive-by downloads or other exploits, as well as phishing sites. With a good Internet monitoring solution it is possible to allow users to access only authorized sites that are
relevant to one’s work – this greatly reduces the risk that your network is exposed to malicious sites and malware. Internet monitoring software will also scan any downloads for malware,sometimes using multiple anti-virus engines to ensure the biggest possible virus detection rate.
Internet monitoring software will also give valuable information that can help an administrator to detect problems and take corrective action in a timely manner. For example, if bandwidth usage is
excessive, the computer and application responsible for using excessive bandwidth can be identified and fixed. If there is no indication that the connection is being abused but bandwidth utilization remains high, it may be the case that the organization’s Internet backbone needs to be upgraded.
In security terms,information on bandwidth usage and the time of day when this usage occurs can help to identify malicious activity. If large bandwidth spikes are recorded on weekends when few or no one is working, then the network may have been infected with a botnet and the organization’s machines are being used to send spam or run DDoS attacks.
RobustInternet monitoring software will allow the administrator to strike a balance between productivity and personal freedom. Allowing users time to check their personal email or browse for a short time can have a positive impact on productivity. To prevent abuse, you can use Internet monitoring software to set quotas limiting the time a user can spend browsing certain site categories.
Internetmonitoring software can give you control over your Internet connection and employee browsing yet enable you to maintain a high level of security without impacting on productivity and morale. There is no need to take draconian measures. Simply use Internet monitoring software.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs.
Sunday, January 15, 2012
How I Hacked A Remote Computer By Just IP Address
Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.
t was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.
Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.
Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.
Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.
t was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.
Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.
Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.
Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.
main--main command
sesape nak cube command ni
ipconfig /all > "%UserProfile%\Desktop\IP.txt
secara automatik satu file notepad ada di desktop.selamat mencuba
ipconfig /all > "%UserProfile%\Desktop\IP.txt
secara automatik satu file notepad ada di desktop.selamat mencuba
Subscribe to:
Posts (Atom)