Hacker Linux Uncovered Product Details
* Paperback: 500 pages
* Publisher: A-List Publishing (November 1, 2005)
* Language: English
* ISBN-10: 1931769508
* ISBN-13: 978-1931769501
* Book Description
Concentrating on Linux installation, tuning, and administration, this guide to protecting systems from security attacks demonstrates how to install Linux so that it is tuned for the highest security and best performance, how to scan the network and encrypt the traffic for securing all private traffics in a public network, and how to monitor and log the system to detect potential security problems. Backup and recovery policies that provide a structure for secure operations are also considered, and information related to configuring an Apache server, e-mail service, and the Internet gateway using a proxy server, an FTP server, DSN server for mapping DNS names to IP addresses, and firewall for system protection is provided
Download : http://rapidshare.com/files/45479584/Hacker_Linux_Uncovered.rar
For more such book leave ur email id in comment
Sunday, June 29, 2008
Cracking Windows Password
Normally in windows operating systems the password we enter is hashed(obfuscated) and stored in c:\windows\system32\config\sam
Security Accounts Manager is the abbreviation of SAM...(Don't try to open it when in windows it won't allow you to do so :P )
But people circumvent the operating system (using linux boot disk) and copy this sam..
Also don't forget to copy the file named "system" from that file which contains the "syskey"
syskey is used to encrypt the sam.....
Winodws XP uses two type of hashes LM hashes and NTLM hashes..LM hashes (LM stands for LAN manager) NTLM is more secure than LM hashes. However, even computers that use NTLM (i.e) windows 2000 and above also store their passwords in LM hashes. So the password is stored twice, as NTLM and as LM Hashes. This is because very often we still need to connect with machine that used LM hashes(i.e) windows 98 going back.
LM hashing method:
Let me explain it with an example, take the password as 123456abcde
Initially the password is converted into all upper case letter 123456ABCDE
Then the password is padded with NULL (blank) character, in order to make it 14 character long.
Now the 14 character long password is split into half like 123456A and BCDEF__.
Each string is individually encrypted and the results are concatenated:
123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15
Problems with LM hash:
If the password is greater than 14 character then LM hash is disabled and NTLM hash is used.
Can craked easily.
Password cracking methods:
Dictionary attack
Brute force
cryptanalysis (rainbow table)
Rainbow tables:
With rainbow tables the password combinations are pre-computed and stored in disk.
This rainbow tables are searched for a particular hash, and the password can be cracked with in minutes.
In LM hash generation the password is split into two and encrypted (see LM hashing method)
This design fault leads to creation of Half LM rainbow tables which are used to crack one half
of the password ..Thus it reduces the time taken for cryptanalysis...
Prevention:
Disabling the LM hashes (In windows vista LM hashes are disabled by default)( see links section for more details on LM hash disabling methods)
Using passwords that have more than 14 characters.
Don't use dictionary words
changing the passwords frequently
There is nothing in this world that cannot be breached, all we can do is make it harder to the attacker.
To get password crackers, leave your mail id in comment. I will mail them to you.
Disclaimer: All the content are for the sake of knowledge, I m not responsible if you misuse it or if it cause any harm to you.
Security Accounts Manager is the abbreviation of SAM...(Don't try to open it when in windows it won't allow you to do so :P )
But people circumvent the operating system (using linux boot disk) and copy this sam..
Also don't forget to copy the file named "system" from that file which contains the "syskey"
syskey is used to encrypt the sam.....
Winodws XP uses two type of hashes LM hashes and NTLM hashes..LM hashes (LM stands for LAN manager) NTLM is more secure than LM hashes. However, even computers that use NTLM (i.e) windows 2000 and above also store their passwords in LM hashes. So the password is stored twice, as NTLM and as LM Hashes. This is because very often we still need to connect with machine that used LM hashes(i.e) windows 98 going back.
LM hashing method:
Let me explain it with an example, take the password as 123456abcde
Initially the password is converted into all upper case letter 123456ABCDE
Then the password is padded with NULL (blank) character, in order to make it 14 character long.
Now the 14 character long password is split into half like 123456A and BCDEF__.
Each string is individually encrypted and the results are concatenated:
123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15
Problems with LM hash:
If the password is greater than 14 character then LM hash is disabled and NTLM hash is used.
Can craked easily.
Password cracking methods:
Dictionary attack
Brute force
cryptanalysis (rainbow table)
Rainbow tables:
With rainbow tables the password combinations are pre-computed and stored in disk.
This rainbow tables are searched for a particular hash, and the password can be cracked with in minutes.
In LM hash generation the password is split into two and encrypted (see LM hashing method)
This design fault leads to creation of Half LM rainbow tables which are used to crack one half
of the password ..Thus it reduces the time taken for cryptanalysis...
Prevention:
Disabling the LM hashes (In windows vista LM hashes are disabled by default)( see links section for more details on LM hash disabling methods)
Using passwords that have more than 14 characters.
Don't use dictionary words
changing the passwords frequently
There is nothing in this world that cannot be breached, all we can do is make it harder to the attacker.
To get password crackers, leave your mail id in comment. I will mail them to you.
Disclaimer: All the content are for the sake of knowledge, I m not responsible if you misuse it or if it cause any harm to you.
Hack test
Hacking is a complex webmaster security game. This webmaster hacker test has 20 complete levels. This will test your javascript coding skills, php scripting, graphic ability, html knowledge, and thinking logically like a hacker. This is a game and no system or laws are violated by playing. We hope you have a lot of fun with this test and tell your friends. Finishing will not be easy and if you do get stuck you can purchase the solution. Consider this game a puzzle maze for geeks.
www.hack-test.com
Hack This Site
Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
http://www.hackthissite.org/
If u cannot proceed in any level, ask me...
http://www.hackthissite.org/
If u cannot proceed in any level, ask me...
Saturday, June 28, 2008
Hacking basics
Guys link given below contain the basics of hacking
http://www.giac.org/certs/include.php?id=608&cert=gsec&c=4a0ff7ab81650962bbe427dec04628ea
Want more book just tell me....
http://www.giac.org/certs/include.php?id=608&cert=gsec&c=4a0ff7ab81650962bbe427dec04628ea
Want more book just tell me....
To keep computer safe
In one word use Linux....
Virii & Spyware & Worms ... oh my!
"Internet Safety" seems like an oxymoron.
It seems like not a day goes by where we don't hear about some new kind of threat aimed at wreaking havoc across machines connected to the internet. While products other than Microsoft's are certainly vulnerable, anti-Microsoft sentiment coupled with the massive installed base make Microsoft products and irresistible target for hackers and "script kiddies".
Here are some things you can, and should, do to stay safe.
Virii & Spyware & Worms ... oh my!
"Internet Safety" seems like an oxymoron.
It seems like not a day goes by where we don't hear about some new kind of threat aimed at wreaking havoc across machines connected to the internet. While products other than Microsoft's are certainly vulnerable, anti-Microsoft sentiment coupled with the massive installed base make Microsoft products and irresistible target for hackers and "script kiddies".
Here are some things you can, and should, do to stay safe.
- Use a Firewall - A firewall is a piece of software or hardware that sits between your computer and the internet and only allows certain types of things to cross the wall.
- Virus Scan - Sometimes, typically via email, virii are able to cross the wall and end up on your computer anyway. A virus scanner will locate and remove them from your hard disk. A real time virus scanner will notice them as they arrive, even before they hit the disk, but at the cost of slowing down your machine a little. Important: because new virii are arriving every day, it's important to keep your virus definitions up-to-date. Be sure to enable the scanning software's automatic-update feature and have it do so every day.
- Kill Spyware - Spyware is similar to virii in that they arrive unexpected and unannounced and proceed to do something undesired. Normally spyware is relatively benign from a safety perspective, but it can violate your privacy by tracking the web sites you visit, or add "features" to your system that you didn't ask for. The worst offenders are spyware that hijack normal functions for themselves.
- Stay Up-To-Date - I'd wager that over 90% of virus infections don't have to happen. Software vulnerabilities that the viruses exploit usually already have patches available by the time the virus reaches a computer. The problem? The user simply failed to install the latest patches and updates that would have prevented the infection in the first place.
- Get Educated - To be blunt, all the protection in the world won't save you from yourself. Don't open attachments that you aren't positive are ok. Don't fall for phishing scams. Don't click on links in email that you aren't positive are safe. Don't install "free" software without checking it out first - many "free" packages are free because they come loaded with spyware, adware and worse. When visiting a web site, did you get a pop-up asking if it's ok to install some software you're not sure of because you've never heard of it? Don't say "OK". Not sure about some security warning you've been given? Don't ignore it. Choose strong passwords, and don't share them with others.
Secure Your Mobile Connection- - if you're traveling and using internet hot spots, free Wifi or internet cafes, you must take extra precautions. Make sure that your web email access is via secure (https) connections, or that your regular mail is over an encrypted connection as well. Don't let people "shoulder surf" and steal your password by watching you type it in a public place. Make sure your home Wifi has WEP security enabled if anyone can walk within range.
- Don't forget the physical - an old computer adage is that "if it's not physically secure, it's not secure." All of the precautions I've listed above are pointless if other people can get at your computer. They may not follow the safety rules I've laid out. A thief can easily get at all the unencrypted data on your computer if they can physically get to it. The common scenario is a laptop being stolen during travel, but I've gotten reports of people who've been burned because a family member or roommate accessed their computer without their knowledge.
Subscribe to:
Posts (Atom)