Cracking Windows Passwords : An Ethical Approach

Hello readers, and how are you doing? Hope, Well. Today I will explain the most awaited topic by many of you - "How to crack windows password". I know many of you are exited to know about it from a long time, well the time has come my friend. But I want to remind you that you are learning all these for educational purposes and should not cause any sort of damage to anyone's computer in any way by using the knowledge gained here. With that said let me now first of all explain you the three basic and common password cracking attacks :-
1. Dictionary Attack : In this attack the attacker tries to use all the passwords prewritten in a separate file called the dictionary, which contains common passwords used by people and English dictionary keywords.
    -> Advantage - It is a fast way of cracking password.
    -> Disadvantage - Is that the success rate is very poor.
2. Brute Force Attack : Here an attacker tries to use all the permutations and combinations possible by a set of character sets like 0-9, A-z, a-z and symbols.
    -> Advantage - Can have 100% success rate
    -> Disadvantage - In case of long password, it will become so slow that it will be almost unfeasible.
3. Hybrid Attack : An attacker uses the combination of the previous two method or any other.
    -> Advantage - Hybrid attacks also involve precomputed table of hashes which increases the speed and tables are generated by using all the character sets, which also increases the success rate.
    -> Disadvantage - Is that it could be time consuming and in case of complex passwords it could also become unfeasible.
 Well that's a bit of theory about the type of password attacks that could be deployed by the attacker. Now let's quickly come to the main point - "Cracking windows passwords". There are a lot of ways through which one could crack the windows password but we are not at all going to discuss each and every attack(of course) instead I will tell you the most simple, easy and effective way to crack windows password. And that is by using a tool of the Hiren's Boot CD. Don't worry if you don't have it, I will tell you from where to get it and of course how to use it to crack windows passwords.
 Just follow the following steps :-
Step 1) First of all download the zip file containing the image file of the tool from the link given below :-

 Download Here : Click here to download the zip file

You might be thinking that since your computer is password protected(in case you forgot your own windows password) then how could you download the above file. Well for that I don't think I even need to tell you that go to a cyber cafe and download it or if the guest account is activated then there is nothing to worry about.

Step 2) After the download is complete extract the zip file and then in the extracted folder you will find an image file(.iso). Burn that iso image file to a CD and then boot that CD. The CD will boot with most BIOSes, see your manual on how to set it to boot from CD. Some will auto-boot when a CD is in the drive, some others will show a boot-menu when you press ESC or F8/F10/F12 when it probes the disks, some may need to have the boot order adjusted in setup.
Step 3) Then the following screen will appear

what you have to do is that simply press the ENTER key. Then wait for a moment and the Linux files required for our task will load automatically.
Step 4) After the files are loaded you will be asked to choose the partition containing your windows installation.

Many computers have a single operating system installed on a single partition on a single hard drive, making this a very easy choice.If that’s the case for you, just press ENTER to accept the default partition. Otherwise, type the number corresponding to the correct partition from the Candidate Windows partitions found list and then press ENTER.

Step 5) After selecting the partition that contains the windows installation, you will be asked to confirm the windows registry path.

 Just Press ENTER to accept the default Windows Registry path without writing anything else.

Step 6) With that done, the tool then asks you which part of the registry it should load. 

Press ENTER to accept the default choice of password reset.

Step 7) Now that the registry is loaded and available to the program, it needs to know exactly what you want to do.

Press ENTER to accept the default choice of Edit user data and passwords.This will load the necessary options for the actual password reset.

Step 8) The tool now needs to know which user’s password you’d like to delete (erase, clear, blank, remove, call it what you like).

A default user is listed between the brackets at the prompt. In the above example, you can see that it’s the Administrator user.If the default user is the user you’d like to remove the password from, simply press ENTER. Otherwise, enter the username and then press ENTER.

Step 9) At the bottom of the screen you’ll see the User Edit Menu with several options to choose from.

Type 1 for Clear (blank) user password and then press ENTER.

Step 10) Assuming there weren't any problems, you should see a Password cleared! message after entering 1 in the previous step.

Note : You must confirm these changes in a later step before they are actually complete. If you quit the tool now then the password reset will not take place!

-> Type ! to quit editing user and then press ENTER.

-> After that type q and press ENTER to quit the tool's registry editing tool.

-> Then type y and press ENTER to confirm Password Reset Changes.

-> Then Press ENTER to confirm the default option of not rerunning the password reset.

-> At last, remove the CD containing the tool and restart the computer and you are done

Task Complete) WOW! that's what you are going to say next, since after rebooting you will see that your password(or someone whose password you are cracking) would have been removed.

With this good bye everyone, meet you on the next post. Till then keep practicing!!! 

Google Hacking : What it actually means and How it is done?

Hello readers, And how is your practice going on? Are you practicing well? If yes then continue doing so and if not then start early to gain early and master early. New Year brings with it new opportunities for everyone, including you and me too. Online Security Breaches are increasing at a very fast pace and experts are needed to check and cure them. IT Security professionals are in great demand. So don't miss such opportunities and keep practicing as no one knows when suddenly a wave of opportunity may change one's entire life. With basics covered we continue our amazing journey of Mastering Ethical Hacking further. After reading the title of this post that is "Google Hacking" even you like 
others who don't know what actually Google Hacking is, might be wondering that the post would be about hacking Google servers, Google mail, websites associated with Google, and etc etc. But my friend that is not what Google Hacking means. Basically Google Hacking refers to using Google-the most advanced search engine on the planet to gather information about the target that is to formulate complex search queries, in order to filter through large amount of result pages and to display only highly targeted information. Yes, apart from simply typing in the search box there are also other ways with the help of which one can gain much more precise, and useful information about the target from Google which otherwise is restricted to unauthorized personnel.
 Before moving on to how we can use Google to gain almost 80% of the information about the target, let me tell you How Google search works when you enter a query. The diagram below illustrates it.

Search Engines work by gathering contents of a vast number of webpages from the Internet. But everyone knows that there are lots and lots of websites and domains out there on the Internet, so how does search engines accomplish this mammoth task. This mammoth task is accomplished with the help of programs called Indexers or Spiders. They are a sort of automated web browsers that follow all the links they see on the pages they visit, except, excluding the links which are mentioned in a Robots.txt file of a domain/website. Once the contents have been fetched, an intelligent system decides how the pages are indexed. Search Engines such as Google store the complete content of a webpage which is known as cache, whereas, many other search engines only store keywords. Now lets come to the point of our discussion - 'How to perform Google Hacking?' Google hacking can be performed by formulating complex search queries against 
the target. To do so we use google operators. Before moving on to the advanced 
ones let me first explain you about the basic ones first :-
1. Phrase Search("") : Used for finding an exact match. For example a search for ["Web hacking"](with quotes) will miss the pages that refer to website hacking.
2. Excluding terms(-) : Using the Minus sign we can mention keywords which we want to exclude from our search. For example, the search [web hosting -free] will get a result of all pages which mentioned web hosting on there page but no mention of the word 'free'.
3. Wildcard(*) : Used as a placeholder for any unknown term(s) and then find the best matches. If used properly this little feature can be very powerful. For example, the search ["Index of *"] can get results for indexes of various things such as index of passwords, index of backups, etc. Notice how combining the phrase search operator and wildcard we obtained a lot of important information.
4. The OR operator : Used to find pages that contain either of the keyword out of the two between which the OR operator is placed. For example, the search [Hacking OR Ethical Hacking] will get a result of pages which have mentioned either Hacking or Ethical Hacking on their website.
 Having explained about the basic ones lets quickly move to the advanced ones.
1. Cache : Used to fetch the Google's cache of the webpage. Using cache operator one can easily view the contents of the target site without actually opening it. And, since no request for data is sent to Google, one's IP is also not logged in the server as well.
2. Links : Finds all the webpages which link to the webpage in question.
3. Related : Displays webpages which are related to the webpage in question.
4. Info : Displays all the information Google has about he website.
5. Site : Used to conduct site specific queries.
6. Intitle : Searches for the keyword in titles of all webpages.
7. Filetype : Used to fetch a file of particular type such as pdf,doc,txt,etc.
 These are a few of the important operators out of many. We call all these Google operators - Google Dorks. For a complete list of these Google dorks click here.When these advanced operators are used in combination with each other and with basic operators in an efficient way then a lot of information is spitted out. Proper countermeasures such as proper configuration of web servers to provide least information, not uploading sensitive information on the web, installing honeypots etc should be taken to safeguard as much information as possible, the primary job of an IT Security professional.
 So what we learnt is that Google itself does not provide any information about the target to the attackers, but its advanced search capabilities are exploited to their best for such tasks.
With this thank-you for reading this post, and keep practicing as 'Practice makes a man Perfect'.

Scanning - The Hacker's Second Step

Hello readers, and HAPPY NEW YEAR to all of you. Today we will be talking about Scanning. Everything from checking open ports and services to finding the OS and the system architecture of the target is referred to as Scanning. Scanning is an active(using the web) way of gathering information as compared to footprinting which can be active as well as passive(offline). It is sometimes also referred to as post-reconnaissance or at times pre-attack stage. During scanning we detect the IP addresses which are active from a given range on the target's machine along with open ports and services, the system architecture and the type of Operating System(such as Windows, Linux or Mac). Now the question arises that how one could do the stuff mentioned above. Well that I am going to explain you under the respective category under which every task falls.
 Broadly there are three types of scanning :-
1. Port Scanning : As the name explains itself,It is a type of scanning which is used to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the aim of compromising it. There are many softwares out there which can be used for this purpose but the one that I recommended and is also used by many professionals is Nmap. Once a hacker knows all the services running on one's server, he could search for possible vulnerabilities they may have and exploit them to take control of his/her website
2. Network Scanning : It is a technique used to identify the active hosts on a network with a specific purpose such as Auditing or Attacking. During Network Scanning, we scan the whole network for different subnets and for the active on those subnets and given network range. For this softwares like Angry IP Scanner can be used. Network scaning involves Ping sweep scan to scan the whole network. Ping sweep is a process or a scan which is used to enlist live hosts in the network. For this we can use the ping utility. One can simply go to just-ping.com to use this utility. In windows even the CMD utility can be used for this purpose. Simply open it(Press Win+R and in the run window type cmd) and in it type - ping www.website-name.com where website-name.com could be any site such as facebook.com, nmap.org, cbse.in etc.

3. Vulnerability Scanning : It is a scanning meant for identifying the vulnerabilities with in a system or network of systems. Once the hacker has the name of the software/service being used and its version number by doing port scanning, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn't any, he would move onto another open port and try again on a different service but this doesn’t mean every hacker will. If a skillful hacker is determined, he may try to locate a vulnerability in the current software/service version and develop an exploit for it.In the hacker community, this new vulnerability would be called a 0-day Vulnerability. Apart from port scanning, there are also softwares out in the market which could be used for vulnerability scanning such as Acunetix Web Vulnerability Scanner, Shadow Security Scanner, Retina, JSky, to name few.
 Now you know how to detect open ports and services of a target's machine(port scanning), look for vulnerabilities(discussed under vulnerability scanning), find IP addresses which are active from a given range on the target's machine(using Angry IP Scanner) and to check whether a server or website is online or not(ping sweep scan). But still you don't know how to do OS-fingerprinting i.e., to detect the type of OS of the target.
 OS-fingerprinting can be done in many ways. Just like footprinting it can also be active or passive. In active fingerprinting we will send malformed packets to the target machine and predict the OS after analysing the responses  to those packets whereas in passive fingerprinting we sniff the data packets being transferred to and from the target machine and then analyse them by using softwares such as wireshark. Apart from these complicated methods one can also simply use the Nmap tool discussed under port scanning to detect the operating system of the target.
 OK time to say good bye for today, Keep Practising.

Footprinting - The First Step of Every Hacker

Hello readers, well you are learning hacking so suppose you wish to hack something for example a website, server or anything else. What would be your first step? If you have read my post Basic Terminologies then you must be knowing that first of all you have to gather information about the target. So how does one do that, is what we are going to know about today. We call this act of gathering information about the target as Footprinting. It can be active as well as passive i.e., it could be done using the resources available online or it can be done even offline. Apart from the technical information gathered during this step such as e-mails, passwords, type of OS etc that can be used during the attack phase, a lot of non-technical information is also gathered which can be used for other purposes such as to social engineer someone. 
 There are many ways with the help of which you can gather information about the target. Some of them are explained below:-
1. Crawling : Visiting the target website(if any) for information like emails, phone no's etc is what we call crawling. The best way of crawling is by downloading the target's entire website using softwares such as Black Widow or IDM and then analysing it.
2. Whois : We can even query the whois database against the company's domain name(the website) to get the details about the technical staff who are managing the website, email addresses, other information about the domain name along with the details about the registration by doing the whois lookup at whois.com. We can even locate the name servers with the help of this utility.
3.Search Engines : If used properly a lot of information can also be unearthed using the search engines such as Google and Bing. For example, a hacker could search a website through Google by searching “site:www.the-target-site.com” this will display every page that Google has of the website. You could narrow down the number of results by adding a specific word after. For example the hacker could search “site:www.the-target-site.com email”. This search could list several emails that are published on the website. Another search you could do in Google is “inurl:robots.txt" this would look for a page called robots.txt. If a site has the file “robots.txt”, it displays all the directories and pages on the website that they wish to keep anonymous from the search engine spiders. Occasionally one might come across some valuable information that was meant to be kept private in this file.
4. Trace route : Another way of footprinting is to use the tracert command in command prompt(CMD) to see where our request is being forwaded and through which devices. In Linux systems traceroute and tracepath commands can be used.

5. Social Networking Websites : Websites such as Facebook, Twitter, LinkedIn and other social networking websites can also be used to gather information about the target which can be deployed in later stages. for example if you are targeting a company then you can compile a list of the employees working in the company by the above discussed methods and then look for their details on such social networking sites which can be helpful for social engineering attacks.
Well I think that's enough for today but don't forget to practice.

Networking Basics Part II - Ports and Protocols

Hello readers, I know many of you might be thinking that I am focusing too much on the theory part without even telling you about a single hack until now and you should because that's natural. But don't worry my dear friends I will soon be coming to that part too. I know many of you are already aware about the basics but there are also people who don't know even a bit of it. I have to think about them too.
 Many of you might have heard that if someone does illegal activities on the internet then the cops can easily catch hold of him by tracking him down. But how do they do so. They simply track the Internet Protocol(IP) Address of him, which gives them his exact location and they go to the acquired address and then Boom! So what's this Internet Protocol. That is what we are going to explore today along with some other important protocols and ports(associated with the type of protocol used for communication).
 First of all - What is a Port and a Protocol? Well to understand this consider the situation when you call someone using your cell phone. As soon as the other person, whom you are calling picks up your call you can communicate with him. In this situation the cell phones that is the end points allowed you to communicate with each other. Similarly in computer networking a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. During the course of communication a system of digital rules is followed, which is called a protocol.
 Every service has its own unique port number and associated protocol. For instance the file transfer service used to copy a file from one host to another over a TCP/IP based network uses the File Transfer Protocol(FTP) and runs on port number 21.

 Some Common Services along with their Port and Protocol are given in the figure below :

Before saying bye bye let me explain you the two most important protocols that constitute the Internet Protocol Suite. The first one being Transmission Control Protocol(TCP) and the other one Internet Protocol(IP). Therefore the Internet Protocol Suite is also referred to as TCP/IP.

1.TCP or Transmission Control Protocol : It provides the service of exchanging data reliably directly between two network hosts. In particular, TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. It is the protocol on which the major Internet applications rely on, such as the World Wide Web(WWW), email, and file transfer.

2.IP or Internet Protocol : It handles addressing and routing messages across one or more networks i.e., it has the task of delivering data from the source host to the destination host solely based on their addresses. It is the primary protocol that establishes the Internet.

 With that we come to the end for this post, Be Rocking!!