! Welcome !: 2007年9月

Darren 的个人资料! Welcome !照片日志列表更多

工具

帮助

<< 第一页 < 上一页下一页 > 最后一页 >>

9月28日

Password Cracking

Remote Access Password Sharing!

Windows has something called remote file sharing, which allows two different systems which are seperated to share files and printers. This is secured by a password which has to be entered each time a system requests a file.

There are two types of passwords in remote file sharing:

The Main Access Password: This password gives the client full access to all files and folders.
Specific File Or Folder Password: Speaks for its self.

Both of these passwords are encrypted by passing them through the same algorithm. I will show you how a hacker would usually try to crack this password.

Go to your control panel and look for network, make sure you have the file and printer sharing enabled, then reboot for the changes to take effect.

After restarting you must go to the control again and look for security. If everything is ok there should be a page called remote access. Make sure the password is erikaand then close it.

Then open your registry editor (start/run/type (regedit)/ok) and look for admin$, which will be found in:

HKEY_LOCAL_MACHINE\Microsoft\windows\current version\Network\LanMan\ADMIN$.

(if you want to crack the password of a specific folder search for the key whos name is the same as the name of the folder and change the ADMIN$ to that name)

In the right pane of the registry editor, there is a key called parm1enc, this contains the encrypted password. You just changed the password to erika, so the parm1enc will be 70 C8 04 ED 12 hex. This is the encrypted password, so in ASCII that is pÈ.í.

So after decryption the 70h represents e, but how will we do this ? 1st of all windows converts your password to uppercase , so the e will become E, which is

45h.

So, 70h :=45h

01110000 = 70h

???????? XOR key

--------

01000101 = 45h

OK let us do this :

01110000 = 70h

00110101 XOR key = 35h (=53 decimal)

--------

01000101 = 45h

Now lets test this: Change your password to 123, now the encrypted password will be 04 8A 7E, Ok, but we only need the 04h:

00000100 = 04h

00110101 FOUND XOR key

--------

00110001 = 31h

Now,get your ASCII table and look at 31h (49 Dec) got it ? thats the ASCII charactor 1. So now you can find the 1st charactor of the

password by useing 35h as the XOR key, but every charactor of the password uses another key,which means there are 8 different keys.

Im not going to show you how to get them, try to work it out yourself by following the same procedure as above: i will give you the keys ?

1st char; 35h
2nd char; 9Ah
3rd char; 4dh
4th char;   A6h
5th char;   53h
6th char;   A9h
7th char;   D4h
8th char;   6Ah

20:18 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet

9月21日

HTTP Basic Authentication

HTTP Basic Authentication

The most common methods of authentication used by web sites is either CGI-based or JavaScript-based. Another type of Authentication that is popular is HTTP Basic authentication. Basically password protected web sites, which pop-up a dialog box with the following text:

Username and Password Required
Enter Username and Password for xxxx here
Username :
Password :

Cracking The HTTP Basic Authentication Passwords :

This changes from server to server slightly, also it depends on how the administrator has set up the service :

First of all find out if the server is actually running HTTP Basic authentication service, to do this just enter a wrong password; if you get a 401 Error message you can be sure its running HTTP Basic authentication. To hack the HTTP Passwords, you need to get the sniffer logs, which would contain what a request would look like if you were able to request the page. It would be something like the following:

GET /pagehere HTTP/1.1

Authorization: Basic rTyna2yrqw2ADGHsghis==

The text after the Basic is the password altho it looks encrypted its not, its just Base 64 encoding. You can easily decode it in perl useing the MIME::Base 64 module. The code would be as follows:

use MIME: :Base64;

print decode_base64("rTyna2yrqw2ADGHsghis==");

You can get the MIME::Base64 module from HERE . After it has been decoded you will something like name.name:passwordhere. The first two are the username and the last is the passwordin plain text.

19:46 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet

9月20日

Choosing a strong password

Choosing a strong password is always a tricky decision,

Some basic things to avoid :

Do not use words from a dictionary, this will prevent you from dictionary attacks.
Do not leave it blank or use your username or part of it.
Do not use you name followed by your birthdate, or anything someone can find on a profile page.
Do not repeat your password.
Do not use the same password at multiple places.

And some basic things to do :

Make your password a combination of numbers, letters & special characters, try to use both lowercase & uppercase.
You should change your password regularly.
Try to random your password, but not so much you forget it.

Theres a few programs out there which are good for storeing passwords Click Here for a good one.

21:45 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet

9月15日

Bypassing Security Features

A look into SQL injection !

Bypassing login prompts with the help of SQL injection attacks is extremely easy to perform. An attacker with some basic knowledge about how SQL works can use this with input validation attacks, there are a number of web sites on the Internet which require a user to enter a username & password to gain access to the site.If the correct pair is not entered the user will get an access denied, as with the correct input access is granted.

Mostly when a user fills the form on a web site the following SQL query is executed:

SELECT PEOPLE from database

WHERE Username='<the input username>'

AND Password='<the input password>'

IF <Above SELECT command evaluates to true> {Authorize User}

ELSE {User not authorized}

The SQL query searches the entire database looking for a record whose username & password match the input on the form.If the data input matches the data in the database then access is granted,if not then access is denied.

However an attacker can easily manipulate the input (username & password) entered in the online login form to execute a SQL injection attack & then bypass the security features. An attacker can enter the following data as input on the online login form:

Username: abcd' OR 1=1 --

Password : <blank>

For the above set of values the following SQL query gets executed for access :

SELECT PEOPLE from database

WHERE Username='abcd' OR 1=1- -

AND Password=' '

IF <Above SELECT command evaluates to true> {Authorize User}

ELSE {User not authorized}

The part of the query that contains the - - comment denotation that represents the beginning of comments. As a result everything after the - - is treated as commented code & ignored. This means this part of the SQL query can be written as follows :

SELECT PEOPLE from database

WHERE Username='abcd' OR 1=1

The above SQL query is always evaluated as true since the condition 1=1 can never be false. This means that if an attacker enters 'abcd' OR 1=1 - - as the username and <blank> as the password he/she will automatically be logged in as the first user in the database & have access to restricted files.

How To Prevent This

You can prevent SQL injection attacks by filtering out all the special characters like 'quotation marks, semicolons, slashes, backslashes, etc from user input, cookie files & URL parameters. This will make it more difficult for attackers to use SQL attacks against input validation.

0:38 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet

9月14日

Yahoo Messenger Trick !

Incase thats too fast or too blured here's how its done !

Click start menu click run & type "regedit" then ok (Always be careful when editing the registry this is your computers brain)
In the registry editor open HKEY_CURRENT_USER\Software\Yahoo\pager\Test.
On the right hand side of the editor hover your mouse over the clear area & right click.
Select new / string value & type the word plural.
Right click the word plural & select modify.
Set the value data to 0.
Thats it now you can open as many instances of YM as you like !

22:02 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet

Boot Up Times !

Sometimes waiting for your pc to boot up can be a tedius operation,

If you treat your pc like you would a car then it will run alot faster and smoother,ie: you service your car so it keep on going, well a computer works the same!

There are many things you can do to keep your computer from running slow,From booting to opening applications or switching through windows.

Lets take a look at one feature in the boot-up process first:

On most PCs they use a multiboot option as default where you get an option screen of which operating system you would like to use,if for example your useing windows NT and windows XP,or in a single operating system you may get the "start windows normally","safe mode",etc, options which by default lasts 30 seconds.

You can change the values in which this time hangs on your screen by makeing changes to the registry,(if requested i will explain this in another post) but for now we will use the easy route :)

Click the start menu / run / type "msconfig" then click enter,

You will get the system Configuration utility appear consisting of 6 tabs,Click the tab that says BOOT.INI which will open the tab, withing there on the right hand side it says "Timeout" you can change that value to any value above 1.

The value is in seconds hence like mine is set to 3 meaning the boot up screen mentioned earlier only appears for 3 seconds still giving me enough time to chose my operating system or boot up options.

Have fun !

21:31 | 添加评论 | 固定链接 | 写入日志 | Computers and Internet