Tuesday, 27 August 2013

Brute force attack to hack passwords of servers using Brutus


I believe all are familiar with Brute force attacks and we have already discussed some brute force attacks to hack gmail passwords.You can also read this how to hack gmail by brute force.But here, we are doing something different.Actually the technique we are using is Brute force only.But this is all about hacking passwords of servers and the tool we are using is called Brutus.

DOWNLOAD LINK


Extract all the files from the downloaded archive and open Brutus.you can see a window like this


What does Brutus do? 

In simple terms, Brutus is an online or remote password cracker. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. It is used primarily in two contexts : 

· To obtain the valid access tokens for a particular user on a particular target. 
· To obtain any valid access tokens on a particular target where only target penetration is required. 

What is a target? 

Well that depends on you. As far as Brutus is concerned a target is a remote system and possibly a remote user on a remote system, there is more. To engage any given target we require an attack method, generally we only perform one type of remote attack - that is we attempt to positivley authenticate with the target by using a number of access token combinations. A target may provide no available attack methods, it may provide one or it may provide several. 

What is an attack method? 

In the context of Brutus, it is a service provided by the target that allows a remote client to authenticate against the target using client supplied credentials. For instance a UNIX server sat on a network somewhere may be offering Telnet and FTP services to remote users. Both telnet and FTP require the remote user to authenticate themselves before access is granted. For both these services the required credentials are usually a username and a password, therefore we have two available attack methods : FTP or Telnet. Some target systems will provide no opportunity for attack (at least not a remote authentication attack), perhaps they offer no remote services, perhaps they only offer anonymnous remote services (that require no authentication) or perhaps they offer authenticated remote services but use mechanisms to prevent authentication attacks such as account lockout or one time passwords of some sort. 

Which attack method is best? 

Again, that depends on some factors which may include : 
  •  Is the target service available to any remote system? (Yes is good)
  •  Does the target service require a single token (e.g. just a password) or multiple tokens (e.g. Username & password & domain?) (Single tends to be easier)
  •  Does the target service feature account lockouts or large delays before returning the result of the authentication attempt? (Yes is bad)
  •  Does the target service allow us to maintain a persistant connection? (Yes is good)
  •  Is the service supported by Brutus, if not can it be defined? (Yes is essential)
  •  Will a positive authentication against the service actually be useful for the overall objective? (Yes helps)

Basically, the fastest most reliable attack method is always the one to choose if you have a choice. Generally trouble free methods include HTTP (Basic Auth) which is pretty fast, does not include lockouts or authentication delays - however the results may not be much use as often HTTP (Basic Auth) account information is separate from system account databases. The fastest remote service I have found to date is NetBus! Not only is it incredibly quick to authenticate against but a successful password aquisition will yield extreme target penetration

I still don't get it, what does it do? 

Find some service where you need to enter your username and password to gain access, type in a username and password and see what happens, then do it again, and again, and again, and again until you gain access and are positivley authenticated or until you get bored. Pretty straightforward really. 

FEATURES

  • Support for up to 60 simultaneous sessions
  • Fully multi-threaded
  • Highly customisable authentication sequences
  • Single user mode, User List mode, User/Pass combo mode, Password only mode
  • Brute force password mode
  • Word list creation/generation/processing
  • Import/Export custom services
  • Load/Save position
  • SOCKS support (with optional authentication)
  • Capable of 2500+ authentications/second over high speed connections

SOME TIPS TO GET THE BEST RESULT

DONT use lots of simultaneous connections unless it's beneficial to do so - Usually slow responding targets (like many POP3 servers which have 10 second + failure notification times) are the best candidates. 

There are many variables to take into account, connection speed, authentication notification speed, server capacity, even your machine's capacity in some scenarios. Very often you will find less connections will give you more speed...this is important. 

DON'T use the keepalive/stayconnected options if you are having problems - it is usually better to troubleshoot these things in one authentication per connection mode. 

DO use keepalive/stay connected options if you can -they can greatly increase speed

DO use positive authentication responses in your custom sequences - they are usually more reliable. 

DO take note of the error indicators in the bottom right of the brutus main window -if they are flashing too often then consider changing some settings. 

DO use a network sniffer if you can - to understand and troubleshoot authentication sequences to various services. Also consider using netcat or telnet to 'manually' authenticate against a service to see exactly what the server is responding with and what you need to tell it. 

DO create custom word lists for your specific targets – If the target user(s) is/are known then create user specific wordlists using the built in password generator. Using target specific lists in conjunction with perhaps a list of common passwords probably offers you the best chance of positive authentication in a reasonable amount of time.


Posted by at No comments:

Monday, 26 August 2013

Hack Windows XP Login Password


 
Hack Admin Password From User Mode
Disclaimer: Use this article for educational purpose ONLY.
Follow these steps:
1. Open command prompt (Start->Run->cmd),
2. Enter the following command, then press ENTER
3. Enter the followin command, then press ENTER:
compmgmt.msc
This should open the computer management console.
4. Go to local users & groups->users. Right click on any user and select "set password".
If you get a "access denied" do the following:

start>run>cmd
then use following commands
1) net user test /add (this command will make test named user)
2) net localgroup administrators test /add (this command will make test user as administrators rights)

and use net user command to reset your admin. password
 
Alternative

What if u don't know the password of your admin and still want to hack and change .. yea u can do it ..in a very easy manner.. check this. just follow the steps.. this doesn't require u to know the admin password but still u can change it..
Start >> Run >> [type]cmd // this will open your command prompt
[type] net(space)user(press enter)
[type] net(space)user(space)[windowsloginid](sp ace)*(press enter)

// for e.g. : net user HOME *(press enter)

[type] new password (press enter) and retype it (press enter).. it will show u confirmation... // caution it wont show u the password u type.. but it still types.. the blinking pointer will b there at the same place.. but it still works..
// for e.g. : password changed successfully.


Posted by at No comments:

How to hack Rapid share and Mega upload


mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.

Hi all, This is for those who have to wait for about an hour after downloading certain amount of stuff from rapid share. To overcome this time constraint follow these steps:
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
RAPID SHARE
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
Method 1
1.open your rapid share link
2.then click on free.
3.As soon as timer start type this in address bar and click enter
javascript:alert(c=0)
4.a pop up message will come click ok your counter is zero just download the stu
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
Method 2
1.Delete the cookies in your browser internet explorer or Firefox or opera or whatever u use).
2.Press start->run,type cmd.
3.In the command prompt,type ipconfig/flushdns press enter.Then type ipconfig/release,then ipconfig/renew .Now type exit.
4.Now try downloading, for many people this may work if their ISP provides a dynamic ip.
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
Method 3
1.Just switch off your router or modem) and switch it back on.
2.This may work for some users Mtnl and Bsnl) and maybe some others too.

Actually these methods generally work for those people whose ISP gives them dynamic ip.
If these don't work then one more thing that can be done is to use proxies.
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
Method 4
1.Download the software Hide ip platinum from here http://rapidshare.de/files/34451917/hideipv32.rar

2.Run it, then it will automatically chose a proxy (ip of a different country) for you. So you can easily download without any restrictions. You just have to change the proxy each time you download.
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
MEGA UPLOAD
mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload.
Mega upload is very easy to hack to solve the download slots problem). Just go to http://leech.megaleecher.net/
Here you will find a place to put your original link. Put it there press enter and then you will get a direct link within some seconds. You are done!!!!!


Posted by at No comments:

Saturday, 24 August 2013

Most Alive Proxy Servers

  1.  87.248.191.118:80 
  2.  92.52.129.113:8080 
  3.  193.195.121.74:8080 
  4.  114.141.162.53:8080 
  5.  87.103.197.93:3128 
  6.  82.138.8.154:3128 
  7.  190.238.125.70:80 
  8.  180.242.88.5:8080 
  9.  85.130.179.8:54321 
  10.  190.85.133.162:8080 
  11.  201.64.254.228:3128 
  12.  202.119.236.236:9800 
  13.  115.84.242.84:8080 
  14.  186.95.54.143:8080 
  15.  176.117.96.25:8080 
  16.  200.215.4.193:3128 
  17.  133.242.131.152:443 
  18.  186.233.26.202:8080 
  19.  120.128.6.19:9000 
  20.  60.10.58.38:8090 
  21.  125.39.66.150:80 
  22.  190.85.9.66:6588 
  23.  202.70.136.158:3128 
  24.  202.201.5.244:3128 
  25.  190.153.33.79:8080 
  26.  50.78.87.197:8080 
  27.  111.161.30.236:80 
  28.  190.85.37.90:3128 
  29.  111.94.147.191:8080 
  30.  201.187.107.27:3128 
  31.  49.0.96.1:8000 
  32.  1.234.45.130:80 
  33.  103.247.16.241:8080 
  34.  177.180.14.231:8080 
  35.  101.255.63.50:3128 
  36.  82.114.92.33:8080 
  37.  201.56.208.233:8080 
  38.  49.0.124.146:8000 
  39.  89.135.63.36:81 
  40.  180.183.240.133:8080 
  41.  119.36.87.26:81 
  42.  189.114.65.66:80 
  43.  202.38.95.75:80 
  44.  111.161.30.227:80 
  45.  61.191.27.118:8181 
  46.  190.9.128.96:80 
  47.  213.197.182.78:3128 
  48.  103.28.122.66:8080 
  49.  112.5.254.20:80 
  50.  200.194.110.249:80 
  51.  186.101.41.39:80 
  52.  62.201.212.28:8080 
  53.  190.74.185.37:8080 
  54.  212.248.33.174:8080 
  55.  118.244.143.74:80 
  56.  201.25.100.210:8080 
  57.  218.91.206.146:8001 
  58.  199.193.114.15:8080 
  59.  59.172.208.190:8080 
  60.  117.21.190.50:8090 
  61.  188.165.245.97:3128 
  62.  202.146.237.79:808 
  63.  41.75.201.146:8080 
  64.  80.66.156.114:3128 
  65.  201.56.75.114:8080 
  66.  2.133.92.158:80 
  67.  72.64.146.136:43 
  68.  218.197.148.4:21 
  69.  119.252.172.131:80 
  70.  118.244.190.6:80 
  71.  190.94.211.123:8080 
  72.  188.255.134.114:8080 
  73.  118.97.164.92:8080 
  74.  219.67.55.31:808 
  75.  125.216.144.199:8080 
  76.  101.255.36.30:808 
  77.  175.176.247.67:8080 
  78.  49.0.124.74:8000 
  79.  103.10.22.227:8080 
  80.  180.95.129.231:80 
  81.  190.38.210.87:8080 
  82.  211.142.236.136:80 
  83.  177.8.170.35:8080 
  84.  110.74.222.117:8080 
  85.  61.152.108.187:82 
  86.  46.175.187.4:8080 
  87.  95.67.106.110:3128 
  88.  82.207.68.142:8080 
  89.  178.150.156.219:54321 
  90.  109.87.42.192:8080 
Posted by at No comments:
Subscribe to: Posts (Atom)