.bootstrap - Crack and Hacking – Safe with most medications

THC-Hydra – the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

Download THC-Hydra, extract and compile

wget http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz
tar zxvf hydra-5.4-src.tar.gz
cd hydra-5.4-src
./configure --disable-xhydra --prefix=~/bin
make
make install

Hydra v5.4 [http://www.thc.org] (c) 2009 by van Hauser / THC 

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
 [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
 server service [OPT]

Options:
  -R        restore a previous aborted/crashed session
  -S        connect via SSL
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE try password PASS, or load several passwords from FILE
  -e ns     additional checks, "n" for null password, "s" try login as pass
  -C FILE   colon seperated "login:pass" format, instead of -L/-P options
  -M FILE   server list for parallel attacks, -T TASKS sets max tasks per host
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f        exit after the first found login/password pair (per host if -M)
  -t TASKS  run TASKS number of connects in parallel (default: 16)
  -w TIME   defines the max wait time in seconds for responses (default: 30)
  -v / -V   verbose mode / show login+pass combination for each attempt
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: [telnet ftp pop3 imap smb
 smbnt http https http-proxy cisco cisco-enable ldap mssql mysql nntp vnc rexec
socks5 snmp cvs icq pcnfs sapr3 ssh2 smtp-auth]
  OPT       some service modules need special input (see README!)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only for

legal purposes! If used commercially, name and web address must be mentioned in
the report. You can always find the newest version at http://www.thc.org

Related posts:

1. Crack or Recover Password Protected Excel Spreadsheet
2. HackerGuide: Crack Password Encrypted Zip-files
3. Howto: How to Reset the MySQL Root Password
4. Openssl to create an unencrypted key from an encrypted one (Remove password)
5. Crack zip password with fcrackzip
6. Crack or Recover Read-only Password Protected Word Document
7. Howto Wiretap – Sniff Network Traffic
8. How to hack Windows password with Ophcrack
9. Crack mdb Password
10. Recover (Crack) a password from a Microsoft Access Database (mdb)

OpenSSL is quite a complex application, however it is quite easy to get it to show you details or a given x509 SSL certificate using this command:


$ openssl x509 -in filename.crt -noout -text


Where filename corresponds to the X.509 certificate file, which typically would end in .crt, .cert or .pem.

Related posts:

1. SSL: Verifying that a Certificate matches a Private Key
2. View The Contents Of A Certificate Signing Request (CSR)
3. Howto Create Generate a Certificate Signing Request
4. Openssl to create an unencrypted key from an encrypted one (Remove password)
5. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
6. OpenSSL CSR Wizard
7. SSL Certificates Review: What to Buy
8. dos2unix on Ubuntu and Debian
9. Run Single Commands on a SSH-based Server
10. Bash shortcuts tips and tricks

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers.

Normally it requires some manual number matching to match a given private key with a given certificate, however with this command you are able to do a comparison automatic:


$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq


(If more than one hash is displayed, they don’t match)

Related posts:

1. View x509 certificate details
2. Howto Create Generate a Certificate Signing Request
3. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
4. View The Contents Of A Certificate Signing Request (CSR)
5. Openssl to create an unencrypted key from an encrypted one (Remove password)
6. SSH Key for Login Without Password
7. SSL Certificates Review: What to Buy
8. OpenSSL CSR Wizard
9. Credit Card Number Generator
10. Howto Secure Apache

This howto demonstrates how to convert an OpenSSL key to a public/private OpenSSH key-pair.

The motivation for converting this is simple — dual use. That is to say, any user or application that has been issued a certificate can now use their SSL-based credentials for both SSL- and SSH-based authentication.

Requirements
You’ll need a valid certificate and private key — actually only the key is required. This recipe assumes that your certificate and key will have the names user-crt.pem and user-key.pem, respectively. If your key is encrypted (which it should be), you’ll also need to have it’s passphrase handy.

You’ll need a shell account on a system that supports OpenSSH logins using public/private key authentication.

Solution
The solution is to extract the public key from the private key using ssh-keygen, copy the new key-pair into place, and test them out.

1. Copy the private SSL key to ~/.ssh/id_ssl.
$ cp user-key.pem ~/.ssh/id_ssl
$ chmod 600 ~/.ssh/id_ssl

2. Extract the public SSH key using ssh-keygen.
$ ssh-keygen -y -f ~/.ssh/id_ssl > ~/.ssh/id_ssl.pub
$ chmod 600 ~/.ssh/id_ssl.pub

3. Add the public key to your authorized_keys
$ cat ~/.ssh/id_ssl.pub >> ~/.ssh/authorized_keys

4. Test the new key by attempting to SSH to localhost.
$ ssh -i ~/.ssh/id_ssl localhost

At this point, you’ll need to enter your passphrase (assuming you had one), and if all goes well, you’ll be sitting at a new shell prompt.

5. Remove the test key from your authorized_keys file.

In theory, a single certificate and key issued to an employee would be sufficient to access all participating SSL- and SSH-based resources in a given environment (or perhaps the entire company).

This post is based on an original recipe by Klayton Monroe.

Related posts:

1. SSL: Verifying that a Certificate matches a Private Key
2. SSH Key for Login Without Password
3. Openssl to create an unencrypted key from an encrypted one (Remove password)
4. Howto Create Generate a Certificate Signing Request
5. Howto Convert Text File From UTF-8 to ISO-8859-1 Encoding
6. GnuPG/GPG: Exporting your Public Key
7. Sending Spam with SWT
8. SSL Certificates Review: What to Buy
9. OpenSSL CSR Wizard
10. OpenSSH: Disabled Reverse DNS Lookup

Ettercap is a great and useful network tool. Ettercap is basically a suite of tools for sophisticated man in the middle attacks on LAN, VLAN, and WIFI-networks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones like SSL, SSH, and TLS) and includes many feature for network and host analysis.

The following guide will show howto use Ettercap to get local browser on the attacking machine silently follow web pages that a given victim visits.

Install ettercap

sudo aptitude install ettercap


Run ettercap

ettercap -T -Q -M arp:remote -i wlan0 /10.10.10.23/ // -P remote_browser


wlan0 denotes the local network device and 10.10.10.23 denotes the IP of the victim on the LAN.

Feel free to comment and share funny experiences – be careful – ettercap is a very powerful tool.

Related posts:

1. Howto Wiretap – Sniff Network Traffic
2. Updated the entry on wireless network cracking
3. Bundle (Spanning) multiple internet connections with Linux
4. HackerGuide: Syn-Flood Attack
5. Hack Wireless WEP Network
6. Hack Wireless WPA Network
7. Linksys Network Storage Link NSLU2
8. HackerGuide: Crack Password Encrypted Zip-files
9. Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)
10. Howto Access via ssh a Virtualbox Guest machine

Today I stumbled over this nice designed wizard for creation of SSL Certificate Signing Requests (CSR) using OpenSSL.

Related posts:

1. Openssl to create an unencrypted key from an encrypted one (Remove password)
2. View x509 certificate details
3. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
4. SSL: Verifying that a Certificate matches a Private Key
5. Howto Create Generate a Certificate Signing Request
6. SSL Certificates Review: What to Buy
7. View The Contents Of A Certificate Signing Request (CSR)
8. sec_error_reused_issuer_and_serial – Firefox
9. Varnish : Simple and Fast HTTP Acceleration
10. Howto setup SPF (Sender Policy Framework) on a domain

This short guide explains how to use gmail as mail server using PHP and PHPMailer.

Download PHPMailer
Download PHPMailer from http://phpmailer.sourceforge.net – direct link.

Extract and upload
Extract the PHPMailer-packages to a folder named phpmailer2 or any other folder name. Afterwards upload the folder to a PHP-enabled webserver.

Implement into code
Implement the PHPMailer function into the existing E-Mail-code as shown in the included examples.

Gmail specific settings
The following settings are needed in order to use Gmail as mail-hub and SMTP server.

$mail->Mailer = "smtp";
$mail->Host = "ssl://smtp.gmail.com";
$mail->Port = 465;
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "username@gmail.com"; // SMTP username
$mail->Password = "password"; // SMTP password

My experience using Gmail as SMTP server
So far I haven’t got any problems. Their service is always online and available, which is quite opposite to what I have experienced with my low budget hosting provider so far.

Related posts:

1. S/MIME for Gmail
2. Google Gmail on your own domain
3. GMAIL from Linux CLI interface
4. Crack Windows Password
5. Jailbreak iPhone 3GS Using redsn0w (Windows)
6. OpenSSH: Disabled Reverse DNS Lookup
7. SMTP Telnet Session
8. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
9. Howto Crack Rar, 7z, and zip files in Linux
10. Howto: How to Reset the MySQL Root Password

From time to time I need a mechanism for wiretapping networks for packet analysis. For that purpose I use a software application called Ettercap NG, which is a suite for man in the middle attacks on LAN (Local Area Networks), ARP Poisoning, and ARP Spoofing. It features sniffing of live connections, content filtering on the fly and many other interesting networks tricks, cracks and hacks. It supports active and passive dissection of many protocols (even ciphered ones, like SSL and SSH) and includes many feature for network and host analysis.

This is the current list of Ettercap NG features.

• Character injection into an established connection: characters can be injected into a server (emulating commands) or to a client (emulating replies) while maintaining a live connection.
• SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.
• HTTPS support: the sniffing of HTTP SSL secured data–even when the connection is made through a proxy.
• Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
• Password collectors for: TELNET, FTP, POP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG – password collectors sniffers makes it easy to acquire password from hosts and users conneted to the network.
• Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.
• Hijacking of DNS(Domain Name System) requests. . Useful feature for replacing given domains with others, e.g. hotmail.com with hotmale.com

Download ettercap NG here

Or read more on Ettercap NG here

ARP Poisoning HowTo using Ettercap NG

Related posts:

1. HackerGuide: Sniff Live Network Connections Using Ettercap
2. Howto Access via ssh a Virtualbox Guest machine
3. Wireless: How To Secure Your Wireless Network
4. Howto Hack a Wireless WEP Network
5. Hack Wireless WPA Network
6. Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)
7. MySQL Optimization and Performance Tips
8. Hack Wireless WEP Network
9. Xen Howto: Install Windows
10. Microsoft is using Linux