HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

Posted in 7:19 AM
Everything over the internet is secured by the passwords. You need a login to do any stuff on any social or banking website. Passwords are the first security measure for these type of websites. So, I brought a tutorial on how to hack such sort of login passwords. This tutorial is based on credential harvester attack method. In which you will know about hacking passwords using credential harvester attack method.

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

REQUIREMENTS

It's very simple and easy to follow. Before you start, you need the following things to work with.
  1. Kali Linux OS
  2. Target Website

STEPS TO FOLLOW

  • Run the Kali Linux machine. If you have not Kali Linux installed, you can grab a free copy and install it as a virtual machine. You can learn more about Kali Linux VirtualBox installation.
  • Sign in to Kali Linux by entering username root and password toor.
  • As you'll sign in, navigate to the Applications > Social Engineering Tools > Social Engineering as shown in the following screenshot.
  • Now you will see the different options. You have to choose Social Engineering Attacks by simply entering its number in the terminal. Once you do it, it will show a few options further. Simply choose Website Vector Attack by putting its number.
  • Website vector attack will show up it's a different type of attacks. We are going to use Credential Harvester Attack.
  • Choose the Site Clone option. As you do it, it will ask for your public IP address. Just open up a new terminal and type ifconfig. It'll show the public IP. Just copy it and paste in the previous terminal as shown in the following screenshots.
  • After we do it. Enter the target website of which passwords you want to hack. Make sure to use a website that has username and password on the same page.
  • All done now. As someone opens up the browser on the public IP we specified, it'll show up the website that we entered in the previous step. Now as someone enters their username or password, it will be captured in the terminal.

That's all. If you're not clear yet. You can watch the following complete video tutorial on how to do it.
Related articles
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

Cracking Windows 8/8.1 Passwords With Mimikatz

Posted in 10:51 PM


You Might have read my previous posts about how to remove windows passwords using chntpw and might be thinking why am I writing another tutorial to do the same thing! Well today we are not going to remove the windows user password rather we are going to be more stealth in that we are not going to remove it rather we are going to know what is the users password and access his/her account with his/her own password. Sounds nice...


Requirements:


  1. A live bootable linux OS (I'm using Kali Linux)(Download Kali Linux)
  2. Mimikatz (Download | Blog)
  3. Physical Access to victim's machine
  4. A Working Brain in that Big Head (Download Here)



Steps:

1. First of all download mimikatz and put it in a pendrive.

2. Boat the victim's PC with your live bootable Pendrive (Kali Linux on pendrive in my case). And open a terminal window

3. Mount the Volume/Drive on which windows 8/8.1 is installed by typing these commands
in the terminal window:

mkdir /media/win
ntfs-3g /dev/sda1 /media/win

[NOTE] ntfs-3g is used to mount an NTFS drive in Read/Write mode otherwise you might not be able to write on the drive. Also /dev/sda1 is the name of the drive on which Windows OS is installed, to list your drives you can use lsblk -l or fdisk -l. The third flag is the location where the drive will be mounted.

4. Now navigate to the System32 folder using the following command

cd /media/win/Windows/System32

5. After navigating to the System32 rename the sethc.exe file to sethc.exe.bak by typing the following command:

mv sethc.exe sethc.exe.bak

sethc.exe is a windows program which runs automatically after shift-key is pressed more than 5 times continuously.

6. Now copy the cmd.exe program to sethc.exe replacing the original sethc.exe program using this command:

cp cmd.exe sethc.exe

[Note] We made a backup of sethc.exe program so that we can restore the original sethc.exe functionality

7. With this, we are done with the hard part of the hack now lets reboot the system and boot our Victim's Windows 8/8.1 OS.

8. After reaching the Windows Login Screen plugin the usb device with mimikatz on it and hit shift-key continuously five or more times. It will bring up a command prompt like this





9. Now navigate to your usb drive in my case its drive G:




10. Now navigate to the proper version of mimikatz binary folder (Win32 for32bit windows and x64 for 64 bit windows)


11. Run mimikatz and type the following commands one after the other in sequence:

privilege::debug
token::elevate
vault::list

the first command enables debug mode
the second one elevates the privilages
the last one lists the passwords which include picture password and pin (if set by the user)









That's it you got the password and everything else needed to log into the system. No more breaking and mess making its simple its easy and best of all its not Noisy lol...

Hope you enjoyed the tutorial have fun :)
More info

  1. Hacking Tools For Windows Free Download
  2. World No 1 Hacker Software
  3. Pentest Tools Port Scanner
  4. How To Install Pentest Tools In Ubuntu
  5. Hacking Tools Online
  6. Best Hacking Tools 2020
  7. Pentest Tools Github
  8. Hacking Tools Windows 10
  9. Hack Website Online Tool
  10. Pentest Tools Tcp Port Scanner
  11. Bluetooth Hacking Tools Kali
  12. Hack Tools Mac
  13. Pentest Box Tools Download
  14. Pentest Tools Review
  15. Hacking Tools 2019
  16. Hacker Tools Free
  17. Bluetooth Hacking Tools Kali
  18. Computer Hacker
  19. Hacking Tools For Windows Free Download
  20. Hack Tools For Pc
  21. Hacker Tools Apk Download
  22. Hack Website Online Tool
  23. Pentest Tools For Mac
  24. Hacking Tools For Windows 7
  25. Pentest Tools Tcp Port Scanner
  26. Hacking Tools For Kali Linux
  27. Hack Rom Tools
  28. How To Install Pentest Tools In Ubuntu
  29. Hacking Tools
  30. Growth Hacker Tools
  31. Hacker Tools Windows
  32. Hacker Tools Free Download
  33. Top Pentest Tools
  34. Hacker Tools Apk Download
  35. Hacking Tools Online
  36. Hacking Tools And Software
  37. Pentest Box Tools Download
  38. Hack Tools Download
  39. Pentest Tools Nmap
  40. Hack Tools For Windows
  41. Hacker Tools For Mac
  42. Game Hacking
  43. Hacking Tools Mac
  44. Pentest Tools Open Source
  45. Hacking Tools Download
  46. Github Hacking Tools
  47. Hacking Tools Hardware
  48. Github Hacking Tools
  49. Hacker Tools For Pc
  50. Hacker Tools Apk Download
  51. Hacker Tools
  52. Hacking Tools For Mac
  53. Hak5 Tools
  54. Pentest Tools Linux
  55. Android Hack Tools Github
  56. What Are Hacking Tools
  57. Hacking Tools Software
  58. Hacking Tools Pc
  59. How To Hack
  60. Blackhat Hacker Tools
  61. Hack Tools Mac
  62. Best Pentesting Tools 2018
  63. Game Hacking
  64. Pentest Tools For Windows
  65. Pentest Tools Framework
  66. New Hack Tools
  67. Tools 4 Hack
  68. Best Hacking Tools 2019
  69. Hacking Tools For Pc
  70. Pentest Tools Website
  71. Free Pentest Tools For Windows
  72. Hacking Tools For Games
  73. Pentest Reporting Tools
  74. Hacker Tools Free
  75. New Hacker Tools
  76. World No 1 Hacker Software
  77. Hacker Search Tools
  78. Hacker Tools Github
  79. Hack Tools Download
  80. Hacker Tools For Pc
  81. Pentest Reporting Tools
  82. Hacker Techniques Tools And Incident Handling
  83. Hacking Tools For Mac
  84. Hack And Tools
  85. Hacking Tools Github
  86. Hack Tools Online
  87. Hacker Tools For Mac
  88. Pentest Tools Website
  89. Pentest Tools Github
  90. Pentest Tools Alternative
  91. Nsa Hacker Tools
  92. Ethical Hacker Tools
  93. Hack Tools For Pc
  94. Hacking Tools Name
  95. Pentest Tools Find Subdomains
  96. Hacks And Tools
  97. Install Pentest Tools Ubuntu
  98. World No 1 Hacker Software
  99. Hack Tools 2019
  100. Nsa Hacker Tools
  101. Hacking Tools Software
  102. Hacking Tools For Windows Free Download
  103. Hacker Tools For Pc
  104. Hacker Tool Kit
  105. What Is Hacking Tools
  106. Pentest Tools Kali Linux
  107. Hacker Security Tools
  108. Hack And Tools
  109. Tools Used For Hacking
  110. Top Pentest Tools
  111. Hack And Tools
  112. Black Hat Hacker Tools
  113. Hack Website Online Tool
  114. Free Pentest Tools For Windows
  115. Hacker Tools 2019
  116. Pentest Tools Android
  117. Hacker Tools Windows
  118. Pentest Tools Website Vulnerability
  119. Hacking App
  120. Hacker Tools Software
  121. Blackhat Hacker Tools
  122. Pentest Tools Alternative
  123. Free Pentest Tools For Windows
  124. Hack Tools Pc
  125. Beginner Hacker Tools
  126. Hacking Tools 2019
  127. Hack Rom Tools
  128. Hacker Tools For Ios
  129. Hacker Tools Apk Download
  130. Hacking Tools Windows
  131. Pentest Tools Website
  132. Hacker Tools Online
  133. Hack Tools 2019
  134. Hack Tools Pc
  135. Pentest Tools Bluekeep
  136. World No 1 Hacker Software
  137. Hacker Tools For Ios
  138. Hacking Tools For Games
  139. Hacker Tools Free Download
  140. Hacker Tools Free
  141. Tools For Hacker
  142. Pentest Tools Website Vulnerability
  143. New Hacker Tools
  144. Pentest Automation Tools
  145. Wifi Hacker Tools For Windows
  146. Hacking Tools Github
  147. Pentest Tools Website Vulnerability
  148. Top Pentest Tools
  149. Tools 4 Hack
  150. Hack Tools Pc
  151. Hack Tools For Ubuntu
  152. Pentest Tools Subdomain
  153. Hacking Tools
  154. Hacker Tools List
  155. Pentest Reporting Tools
  156. Hacking Tools 2020
  157. Hacker Tools Mac
  158. Hacker Tools Online
  159. Hack Rom Tools
  160. Pentest Tools Github
  161. Pentest Tools Kali Linux
  162. Hacking Tools And Software
  163. Pentest Tools Download
  164. Physical Pentest Tools
  165. Hack Tool Apk No Root
  166. Hack Tools Mac
  167. Hacker Tools Apk Download
  168. Hack Tool Apk No Root
  169. Hackrf Tools
  170. Pentest Tools Nmap
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

CEH: Fundamentals Of Social Engineering

Posted in 2:23 PM

Social engineering is a nontechnical method of breaking into a system or network. It's the process of deceiving users of a system and convincing them to perform acts useful to the hacker, such as giving out information that can be used to defeat or bypass security mechanisms. Social engineering is important to understand because hackers can use it to attack the human element of a system and circumvent technical security measures. This method can be used to gather information before or during an attack.

A social engineer commonly uses the telephone or Internet to trick people into revealing sensitive information or to get them to do something that is against the security policies of the organization. By this method, social engineers exploit the natural tendency of a person to trust their word, rather than exploiting computer security holes. It's generally agreed that users are the weak link in security; this principle is what makes social engineering possible.

The most dangerous part of social engineering is that companies with authentication processes, firewalls, virtual private networks, and network monitoring software are still wide open to attacks, because social engineering doesn't assault the security measures directly. Instead, a social-engineering attack bypasses the security measures and goes after the human element in an organization.

Types of Social Engineering-Attacks

There are two types of Social Engineering attacks

Human-Based 

Human-based social engineering refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

Computer-Based 

​Computer-based social engineering refers to having computer software that attempts to retrieve the desired information. An example is sending a user an email and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

Human-Based Social Engineering

Human-Based further categorized as follow:

Impersonating an Employee or Valid User

In this type of social-engineering attack, the hacker pretends to be an employee or valid user on the system. A hacker can gain physical access by pretending to be a janitor, employee, or contractor. Once inside the facility, the hacker gathers information from trashcans, desktops, or computer systems.

Posing as an Important User

In this type of attack, the hacker pretends to be an important user such as an executive or high-level manager who needs immediate assistance to gain access to a computer system or files. The hacker uses intimidation so that a lower-level employee such as a help desk worker will assist them in gaining access to the system. Most low-level employees won't question someone who appears to be in a position of authority.

Using a Third Person

Using the third-person approach, a hacker pretends to have permission from an authorized source to use a system. This attack is especially effective if the supposed authorized source is on vacation or can't be contacted for verification.

Calling Technical Support

Calling tech support for assistance is a classic social-engineering technique. Help desk and technical support personnel are trained to help users, which makes them good prey for social-engineering attacks.

Shoulder Surfing 

Shoulder surfing is a technique of gathering passwords by watching over a person's shoulder while they log in to the system. A hacker can watch a valid user log in and then use that password to gain access to the system.

Dumpster Diving

Dumpster diving involves looking in the trash for information written on pieces of paper or computer printouts. The hacker can often find passwords, filenames, or other pieces of confidential information.

Computer-Based Social Engineering

Computer-based social-engineering attacks can include the following:
  • Email attachments
  • Fake websites
  • Pop-up windows


Insider Attacks

If a hacker can't find any other way to hack an organization, the next best option is to infiltrate the organization by getting hired as an employee or finding a disgruntled employee to assist in the attack. Insider attacks can be powerful because employees have physical access and are able to move freely about the organization. An example might be someone posing as a delivery person by wearing a uniform and gaining access to a delivery room or loading dock. Another possibility is someone posing as a member of the cleaning crew who has access to the inside of the building and is usually able to move about the offices. As a last resort, a hacker might bribe or otherwise coerce an employee to participate in the attack by providing information such as passwords.

Identity Theft

A hacker can pose as an employee or steal the employee's identity to perpetrate an attack. Information gathered in dumpster diving or shoulder surfing in combination with creating fake ID badges can gain the hacker entry into an organization. Creating a persona that can enter the building unchallenged is the goal of identity theft.

Phishing Attacks

Phishing involves sending an email, usually posing as a bank, credit card company, or other financial organization. The email requests that the recipient confirm banking information or reset passwords or PINs. The user clicks the link in the email and is redirected to a fake website. The hacker is then able to capture this information and use it for financial gain or to perpetrate other attacks. Emails that claim the senders have a great amount of money but need your help getting it out of the country are examples of phishing attacks. These attacks prey on the common person and are aimed at getting them to provide bank account access codes or other confidential information to the hacker.

Online Scams

Some websites that make free offers or other special deals can lure a victim to enter a username and password that may be the same as those they use to access their work system.
The hacker can use this valid username and password once the user enters the information in the website form. Mail attachments can be used to send malicious code to a victim's system, which could automatically execute something like a software keylogger to capture passwords. Viruses, Trojans, and worms can be included in cleverly crafted emails to entice a victim to open the attachment. Mail attachments are considered a computer-based social-engineering attack.

More info


  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)
Subscribe to: Posts (Atom)
Copyright 2009 http://www.letstreamyx.net