CEH Practical: Information-Gathering Methodology

 

Information gathering can be broken into seven logical steps. Footprinting is performed during the first two steps of unearthing initial information and locating the network range.

Footprinting

Footprinting is defined as the process of establishing a scenario or creating a map of an organization's network and systems. Information gathering is also known as footprinting an organization. Footprinting is an important part of reconnaissance process which is typically used for collecting possible information about a targeted computer system or network. Active and Passive both could be Footprinting. The example of passive footprinting is assessment of a company's website, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering. Basically footprinting is the beginning step of hacker to get hacked someone because having information about targeted computer system is the main aspect of hacking. If you have an information about individual you wanna hack so you can easily hacked that individual. The basic purpose of information gathering is at least decide what type of attacks will be more suitable for the target. Here are some of the pieces of information to be gathered about a target
during footprinting:

• Domain name
• Network blocks
• Network services and applications
• System architecture
• Intrusion detection system
• Authentication mechanisms
• Specific IP addresses
• Access control mechanisms
• Phone numbers
• Contact addresses

Once this information is assemble, it can give a hacker better perception into the organization, where important information is stored, and how it can be accessed.

Footprinting Tools 

Footprinting can be done using hacking tools, either applications or websites, which allow the hacker to locate information passively. By using these footprinting tools, a hacker can gain some basic information on, or "footprint," the target. By first footprinting the target, a hacker can eliminate tools that will not work against the target systems or network. For example, if a graphics design firm uses all Macintosh computers, then all hacking software that targets Windows systems can be eliminated. Footprinting not only speeds up the hacking process by eliminating certain tool sets but also minimizes the chance of detection as fewer hacking attempts can be made by using the right tool for the job. Some of the common tools used for footprinting and information gathering are as follows:

• Domain name lookup
• Whois
• NSlookup
• Sam Spade

Before we discuss these tools, keep in mind that open source information can also yield a wealth of information about a target, such as phone numbers and addresses. Performing Whois requests, searching domain name system (DNS) tables, and using other lookup web tools are forms of open source footprinting. Most of this information is fairly easy to get and legal to obtain.

Footprinting a Target 

Footprinting is part of the preparatory pre-attack phase and involves accumulating data regarding a target's environment and architecture, usually for the purpose of finding ways to intrude into that environment. Footprinting can reveal system vulnerabilities and identify the ease with which they can be exploited. This is the easiest way for hackers to gather information about computer systems and the companies they belong to. The purpose of this preparatory phase is to learn as much as you can about a system, its remote access capabilities, its ports and services, and any specific aspects of its security.

DNS Enumeration

DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

NSlookup and DNSstuff

One powerful tool you should be familiar with is NSlookup (see Figure 2.2). This tool queries DNS servers for record information. It's included in Unix, Linux, and Windows operating systems. Hacking tools such as Sam Spade also include NSlookup tools. Building on the information gathered from Whois, you can use NSlookup to find additional IP addresses for servers and other hosts. Using the authoritative name server information from Whois ( AUTH1.NS.NYI.NET ), you can discover the IP address of the mail server.

Syntax

nslookup www.sitename.com

nslookup www.usociety4.com

Performing DNS Lookup

This search reveals all the alias records for www.google.com and the IP address of the web server. You can even discover all the name servers and associated IP addresses.

Understanding Whois and ARIN Lookups

Whois evolved from the Unix operating system, but it can now be found in many operating systems as well as in hacking toolkits and on the Internet. This tool identifies who has registered domain names used for email or websites. A uniform resource locator (URL), such as www.Microsoft.com , contains the domain name ( Microsoft.com ) and a hostname or alias ( www ).
The Internet Corporation for Assigned Names and Numbers (ICANN) requires registration of domain names to ensure that only a single company uses a specific domain name. The Whois tool queries the registration database to retrieve contact information about the individual or organization that holds a domain registration.

Using Whois

• Go to the DNSStuff.com website and scroll down to the free tools at the bottom of the page.
• Enter your target company URL in the WHOIS Lookup field and click the WHOIS button.
• Examine the results and determine the following:
  
  • Registered address
  • Technical and DNS contacts
  • Contact email
  • Contact phone number
  • Expiration date

• Visit the company website and see if the contact information from WHOIS matches up to any contact names, addresses, and email addresses listed on the website.

• If so, use Google to search on the employee names or email addresses. You can learn the email naming convention used by the organization, and whether there is any information that should not be publicly available.

Syntax

whois sitename.com
whois usociety4.com

Continue reading

• Penetration Testing A Hands-On Introduction To Hacking
• Hacking In Spanish
• El Mejor Hacker Del Mundo
• Hacking Netflix Account
• Como Empezar En El Hacking
• Hacking 101
• Hacking Ético
• Diferencia Entre Hacker Y Cracker
• El Mejor Hacker Del Mundo
• Hacking Bluetooth Speaker
• Brain Hacking
• Hacking Simulator

CEH: Identifying Services & Scanning Ports | Gathering Network And Host Information | NMAP

CEH scanning methodology is the important step i.e. scanning for open ports over a network. Port is the technique used to scan for open ports. This methodology performed for the observation of the open and close ports running on the targeted machine. Port scanning gathered a valuable information about  the host and the weakness of the system more than ping sweep.

Network Mapping (NMAP)

Basically NMAP stands for Network Mapping. A free open source tool used for scanning ports, service detection, operating system detection and IP address detection of the targeted machine. Moreover, it performs a quick and efficient scanning a large number of machines in a single session to gathered information about ports and system connected to the network. It can be used over UNIX, LINUX and Windows.

There are some terminologies which we should understand directly whenever we heard like Open ports, Filtered ports and Unfiltered ports.

Open Ports means the target machine accepts incoming request on that port cause these ports are used to accept packets due to the configuration of TCP and UDP.

Filtered ports means the ports are usually opened but due to firewall or network filtering the nmap doesn't detect the open ports.

Unfiltered means the nmap is unable to determine whether the port is open or filtered  while the port is accessible.

Types Of NMAP Scan

Scan Type	Description
Null Scan	This scan is performed by both an ethical hackers and black hat hackers. This scan is used to identify the TCP port whether it is open or closed. Moreover, it only works over UNIX  based systems.
TCP connect	The attacker makes a full TCP connection to the target system. There's an opportunity to connect the specifically port which you want to connect with. SYN/ACK signal observed for open ports while RST/ACK signal observed for closed ports.
ACK scan	Discovering the state of firewall with the help ACK scan whether it is stateful or stateless. This scan is typically used for the detection of filtered ports if ports are filtered. Moreover, it only works over the UNIX based systems.
Windows scan	This type of scan is similar to the ACK scan but there is ability to detect an open ports as well filtered ports.
SYN stealth scan	This malicious attack is mostly performed by attacker to detect the communication ports without making full connection to the network. This is also known as half-open scanning.

 

All NMAP Commands 

Commands	Scan Performed
-sT	TCP connect scan
-sS	SYN scan
-sF	FIN scan
-sX	XMAS tree scan
-sN	Null scan
-sP	Ping scan
-sU	UDP scan
-sO	Protocol scan
-sA	ACK scan
-sW	Window scan
-sR	RPC scan
-sL	List/DNS scan
-sI	Idle scan
-Po	Don't ping
-PT	TCP ping
-PS	SYN ping
-PI	ICMP ping
-PB	ICMP and TCP ping
-PB	ICMP timestamp
-PM	ICMP netmask
-oN	Normal output
-oX	XML output
-oG	Greppable output
-oA	All output
-T Paranoid	Serial scan; 300 sec between scans
-T Sneaky	Serial scan; 15 sec between scans
-T Polite	Serial scan; .4 sec between scans
-T Normal	Parallel scan
-T Aggressive	Parallel scan, 300 sec timeout, and 1.25 sec/probe
-T Insane	Parallel scan, 75 sec timeout, and .3 sec/probe

 

How to Scan

You can perform nmap scanning over the windows command prompt followed by the syntax below. For example, If you wanna scan the host with the IP address 192.168.2.1 using a TCP connect scan type, enter this command:

nmap 192.168.2.1 –sT

nmap -sT 192.168.2.1

More info

• Amiibo Hacking
• Computer Hacking
• Como Hacer Hacker
• Como Aprender A Ser Hacker
• Certificacion Hacking Etico
• Aprender Hacking Desde Cero
• Hacking Tor Funciona
• Libro Hacker
• Tipos De Hacker
• Cracker Definicion
• Life Hacking
• Un Hacker

Hacking PayPal's Express Checkout

Do you know what is happening in the background when you buy something in an online shop using PayPal?

In this post we will tackle the following problems:

• How can PayPal's API be tested?
• How does PayPal's Express Checkout work? You can find the detailed report here.
• How can we debit more money than authorized?

How PayPal's API can be tested?

PayPal's Sandbox API

PayPal offers a feature called PayPal Sandbox Accounts, which mimics the production API. The basic idea is that a normal user/shop can test the API and make transactions without actually transferring money. This is the perfect tool for developers to test their API integration.

Access to all messages

The next question is how to get access to all messages. All browser-related messages can be inspected, intercepted, and modified via BurpSuite. The main problem here is how to get access to the server-to-server exchanged messages: the messages exchanged between PayPal and a shop. In order to solve this problem, we deployed our own shop. For this purpose we used Magento, which already has a PayPal integration.
Once we have our own controlled shop, we can enforce Magento to send all request through a proxy.
In the following picture you can see our setup.

Test suite for analyzing PayPal's API [1]

In order to capture the traffic between our Magento hhop and PayPal we proceeded as follows:

• We configured Magento to use a proxy running on localhost:8081.
• We connected the proxy port on the virtual machine with our local machine via SSH remote port forwarding by issuing the following command

    ssh -N -R 8081: localhost :8081 <IP of Magento shop>

• We configured BurpSuite running on our local machine to listen on Port 8081 for incoming requests.

Now, we were able to see the entire traffic.
Please note that we uses our own, custom Magento shop in order to be able to test Paypal's API.

PayPal's Express Checkout

An overview of the checkout procedure is depicted in the following:

PayPal's Express Checkout [2]

Step 1: Magento tells the PayPal API where to redirect the user after authorizing the transaction via the parameter RETURNURL and requests a token for this transaction.
Step 2: The PayPal API provides Magento with the token.
Step 3: Magento redirects the user to PayPal's website. The redirect contains the token from the previous step.
Step 4:  The user authorizes the transaction. As a result, he will be redirected back to Magento (RETURNURL) with the token.
Step 5: Magento issues a request to the PayPal API to get the transaction details.

Step 6: Magento signals the PayPal API to execute the transaction.

Step 7: Magento serves the success page.

A more detailed view of the protocol and all parameters is shown on page 16 in the full version. We will concentrate only on step 6 and the parameters relevant for the attack.

The Attack

The goal of the attack is to let a shop (in our case Magento) debit more money than authorized by the PayPal user. The core of the attack is Step 6 -- DoExpressCheckoutPayment. Let's get a deeper look at this message:

Magento can raise the authorized amount and debit more money from the user's account

• The shop sends the token, which was issued in the first step of the protocol and identifies uniquely the transaction through all steps. 
• The PayerID referring to the user that authorized the payment.
• The AMT defining the amount, which will be transferred.
• The API Credentials authenticating Magento on PayPal.
• The Version pointing to the release number of the API.

As one can imagine, the core problem we found was the change of the AMT parameter. This value can be freely chosen by the shop, despite the fact that the user has authorized a different amount.

We tested only the SandBox API, but refused to test the production API in order to avoid problems. We promptly contacted PayPal's security team and described the problem hoping that PayPal can and will test the production API against the attack.

The response of PayPal can be summarized as follows:

• We don't get any BugBounty since we only tested the Sanbox API. (Fair enough)
• In the Production API PayPal this flexibility is a wanted feature. Thus, PayPal allows a merchant to charge for shipping and/or other expenses different amounts. Any malicious behavior can be detected by PayPal. In case of fraudulent charges the consumer are protected by the Buyer Protection policy.

... but the Sandbox API was nevertheless fixed.

Authors of this Post

Daniel Hirschberger
Vladislav Mladenov
Christian Mainka (@CheariX)



[1] BurpSuite Logo
[2] PayPal Express Checkout

Related links

• El Hacker
• Hacking Netflix Account
• Herramientas Hacking
• Hacking Significado
• Cracker Informatico
• Chema Alonso Wikipedia
• Hacking Roblox
• Linux Hacking Distro
• Seguridad Y Hacking
• Wifi Hacking
• Hacking Ético
• Paginas De Hacking
• Ethical Hacking Course

Ukrainian Police Arrest Hacker Who Tried Selling Billions Of Stolen Records

The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums. In an official statement released on Tuesday, the Security Service of Ukraine (SBU) said it identified the hacker behind the pseudonym "Sanix

via The Hacker News

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

More information

1. Hacking Y Seguridad
2. Aprender Hacking
3. Mundo Hacker
4. Tecnicas De Hacking
5. Hacking Con Buscadores Pdf
6. Rom Hacking Pokemon
7. Bluetooth Hacking
8. Google Hacking Database
9. Escuela De Hacking
10. Aprender Seguridad Informatica
11. Portatil Para Hacking
12. What Is Growth Hacking

OWASP-ZSC: A Shellcode/Obfuscate Customized Code Generating Tool

About OWASP-ZSC
   OWASP ZSC is open source software written in python which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with Python 2 or 3.

   What is shellcode?: Shellcode is a small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes...

   You can read more about OWASP-ZSC in these link:

• OWASP ZSC Tool Project - OWASP
• Document: OWASP ZSC · GitBook (Legacy)
• Home page: OWASP ZSC | OWASP ZCR Shellcoder
• Features: OWASP ZSC | OWASP ZCR Shellocder Available Features
• Archive: ZCR-Shellcoder-Archive
• Mailing List: Google Groups
• API: api.z3r0d4y.com

Why use OWASP-ZSC?
   Another good reason for obfuscating files or generating shellcode with OWASP-ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators. Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.

   Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.

   According to other shellcode generators same as Metasploit tools and etc, OWASP-ZSC  using new encodes and methods which antiviruses won't detect. OWASP-ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP-ZSC one of the best! During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX.

OWASP-ZSC Installation:
   You must install Metasploit and Python 2 or 3 first:

• For Debian-based distro users: sudo apt install python2 python3 metasploit-framework
• For Arch Linux based distro users: sudo pacman -S python2 python3 metasploit
• For Windows users: Download Python and Metasploit here.

   And then, enter these command (If you're Windows user, don't enter sudo):
DISCLAIMER: THIS SOFTWARE WAS CREATED TO CHALLENGE ANTIVIRUS TECHNOLOGY, RESEARCH NEW ENCRYPTION METHODS, AND PROTECT SENSITIVE OPEN SOURCE FILES WHICH INCLUDE IMPORTANT DATA. CONTRIBUTORS AND OWASP FOUNDATION WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

An example of OWASP-ZSC

Download OWASP-ZSC

Related word

• Hacking Web
• Crack Definicion
• Ingeniería Social. El Arte Del Hacking Personal Pdf
• 101 Hacking
• Paginas De Hacking
• Hacking Y Seguridad
• Hacking Smart Tv
• Como Aprender A Ser Hacker
• Hacking With Swift

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources

About Lockdoor-Framework
    Author: SofianeHamlaoui

• Github: SofianeHamlaoui
• Twitter: S0fianeHamlaoui
• Facebook: S0fianeHamlaoui

   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:

• dirsearch: A Web path scanner
• brut3k1t: security-oriented bruteforce framework
• gobuster: DNS and VHost busting tool written in Go
• Enyx: an SNMP IPv6 Enumeration Tool
• Goohak: Launchs Google Hacking Queries Against A Target Domain
• Nasnum: The NAS Enumerator
• Sublist3r: Fast subdomains enumeration tool for penetration testers
• wafw00f: identify and fingerprint Web Application Firewall
• Photon: ncredibly fast crawler designed for OSINT.
• Raccoon: offensive security tool for reconnaissance and vulnerability scanning
• DnsRecon: DNS Enumeration Script
• Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
• sherlock: Find usernames across social networks
• snmpwn: An SNMPv3 User Enumerator and Attack tool
• Striker: an offensive information and vulnerability scanner.
• theHarvester: E-mails, subdomains and names Harvester
• URLextractor: Information gathering & website reconnaissance
• denumerator.py: Enumerates list of subdomains
• other: other Information gathering,recon and Enumeration scripts I collected somewhere.
• ReconDog: Reconnaissance Swiss Army Knife
• RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
• Dracnmap: Info Gathering Framework

 * Web Hacking 🌐:

• Spaghetti: Spaghetti - Web Application Security Scanner
• CMSmap: CMS scanner
• BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
• J-dorker: Website List grabber from Bing
• droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
• Optiva: Web Application Scanner
• V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
• AtScan: Advanced dork Search & Mass Exploit Scanner
• WPSeku: Wordpress Security Scanner
• WPScan: A simple Wordpress scanner written in python
• XSStrike: Most advanced XSS scanner.
• SQLMap: automatic SQL injection and database takeover tool
• WhatWeb: the Next generation web scanner
• joomscan: Joomla Vulnerability Scanner Project
• Dzjecter: Server checking Tool

 * Privilege Escalation ⚠️:

• Linux 🐧:linux_checksec.sh
     linux_enum.sh
     linux_gather_files.sh
     linux_kernel_exploiter.pl
     linux_privesc.py
     linux_privesc.sh
     linux_security_test
     Linux_exploits folder
• Windows :   windows-privesc-check.py
     windows-privesc-check.exe
• MySql:raptor_udf.c
     raptor_udf2.c

 * Reverse Engineering ⚡:

• Radare2: unix-like reverse engineering framework
• VirtusTotal: VirusTotal tools
• Miasm: Reverse engineering framework
• Mirror: reverses the bytes of a file
• DnSpy: .NET debugger and assembly
• AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
• DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
• Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
• yara: a tool aimed at helping malware researchers toidentify and classify malware samples
• Spike: a protocol fuzzer creation kit + audits
• other: other scripts collected somewhere

 * Exploitation ❗:

• Findsploit: Find exploits in local and online databases instantly
• Pompem: Exploit and Vulnerability Finder
• rfix: Python tool that helps RFI exploitation.
• InUrlBr: Advanced search in search engines
• Burpsuite: Burp Suite for security testing & scanning.
• linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
• other: other scripts I collected somewhere.

 * Shells 🐚:

• WebShells: BlackArch's Webshells Collection
• ShellSum: A defense tool - detect web shells in local directories
• Weevely: Weaponized web shell
• python-pty-shells: Python PTY backdoors

 * Password Attacks ✳️:

• crunch : a wordlist generator
• CeWL : a Custom Word List Generator
• patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

 * Encryption - Decryption 🛡️:

• Codetective: a tool to determine the crypto/encoding algorithm used
• findmyhash: Python script to crack hashes using online services

 * Social Engineering 🎭:

• scythe: an accounts enumerator

Contributing:

1. Fork Lockdoor-Framework:
   git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Create a new Pull Request

Features 📙:

• Pentesting Tools Selection 📙:

   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]

• Resources and cheatsheets 📙 (Added value):

   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:

• Lockdoor Wiki page Home
• Lockdoor Demos
• Lockdoor Screenshots

Lockdoor-Framework's screenshots:

First Step

Lockdoor update

ROOT Menu

Information Gathering

Web Hacking

Exploitation

Reverse Engineering

Enc/Dec

Password Attacks

Shells

PrivEsc

Social Engineering

PSAFRT

Walkthroughs

About

Support the author:

   On Paypal: Sofiane Hamlaoui

   BTC Address: 

Download Lockdoor-Framework

Continue reading

• Brain Hacking
• Google Hacking Search
• Kali Linux Hacking
• Hacking Marketing
• Herramientas Hacking
• Hacking Tor Funciona
• Hacking Cracking
• Curso Hacking Gratis
• Ingeniería Social. El Arte Del Hacking Personal Pdf
• Tecnicas De Ingenieria Social
• Hacking Tor Funciona
• Que Es Un Hacker
• Hacking Traduccion

Ophcrack

" Ophcrack is an open source (GPL license) program that cracks Windows LM hashes using rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. There is also a Live CD version which automates the retrieval, decryption, and cracking of passwords from a Windows system. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. These tables can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes. Larger rainbow tables (for LM hashes of passwords with all printable characters, including symbols and space) are available for purchase from Objectif Securité. Starting with version 2.3, Ophcrack also cracks NT hashes. This is necessary if generation of the LM hash is disabled (this is default on Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored)." read more...

Website: http://ophcrack.sourceforge.net

Continue reading

• Libros De Hacking Pdf
• Grey Hat Hacking
• Capture The Flag Hacking
• Hacking Tor Funciona
• Hacking Attacks

Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate

Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates.

How To Use
It's simple:

# Clone this repository
git clone https://github.com/trimstray/sslmerge

# Go into the repository
cd sslmerge

# Install
./setup.sh install

# Run the app
sslmerge -i /data/certs -o /data/certs/chain.crt

• symlink to bin/sslmerge is placed in /usr/local/bin
• man page is placed in /usr/local/man/man8

Parameters
Provides the following options:

  Usage:
    sslmerge <option|long-option>

  Examples:
    sslmerge --in Root.crt --in Intermediate1.crt --in Server.crt --out bundle_chain_certs.crt
    sslmerge --in /tmp/certs --out bundle_chain_certs.crt --with-root
    sslmerge -i Server.crt -o bundle_chain_certs.crt

  Options:
        --help        show this message
        --debug       displays information on the screen (debug mode)
    -i, --in          add certificates to merge (certificate file, multiple files or directory with ssl certificates)
    -o, --out         saves the result (chain) to file
        --with-root   add root certificate to the certificate chain

How it works
Let's start with ssllabs certificate chain. They are delivered together with the sslmerge and can be found in the example/ssllabs.com directory which additionally contains the all directory (containing all the certificates needed to assemble the chain) and the server_certificate directory (containing only the server certificate).
The correct chain for the ssllabs.com domain (the result of the openssl command):

Certificate chain
 0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
 1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
 2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority

The above code presents a full chain consisting of:

• Identity Certificate (Server Certificate)
  issued for ssllabs.com by Entrust Certification Authority - L1K
  
• Intermediate Certificate
  issued for Entrust Certification Authority - L1K by Entrust Root Certification Authority - G2
  
• Intermediate Certificate
  issued for Entrust Root Certification Authority - G2 by Entrust Root Certification Authority
  
• Root Certificate (Self-Signed Certificate)
  issued for Entrust Root Certification Authority by Entrust Root Certification Authority
  

Scenario 1
In this scenario, we will chain all delivered certificates. Example of running the tool:

Scenario 2
In this scenario, we only use the server certificate and use it to retrieve the remaining required certificates. Then, as above, we will combine all the provided certificates. Example of running the tool:

Certificate chain
In order to create a valid chain, you must provide the tool with all the necessary certificates. It will be:

• Server Certificate
• Intermediate CAs and Root CAs

This is very important because without it you will not be able to determine the beginning and end of the chain.
However, if you look inside the generated chain after generating with sslmerge, you will not find the root certificate there. Why?
Because self-signed root certificates need not/should not be included in web server configuration. They serve no purpose (clients will always ignore them) and they incur a slight performance (latency) penalty because they increase the size of the SSL handshake.
If you want to add a root certificate to the certificate chain, call the utility with the --with-root parameter.

Certification Paths
Sslmerge allows use of two certification paths:

Output comments
When generating the chain of certificates, sslmerge displays comments with information about certificates, including any errors.
Here is a list of all possibilities:

not found identity (end-user, server) certificate
The message is displayed in the absence of a server certificate that is the beginning of the chain. This is a unique case because in this situation the sslmerge ends its operation displaying only this information. The server certificate is the only certificate required to correctly create a chain. Without this certificate, the correct chain will not be created.

found correct identity (end-user, server) certificate
The reverse situation here - message displayed when a valid server certificate is found.

not found first intermediate certificate
This message appears when the first of the two intermediate certificates is not found. This information does not explicitly specify the absence of a second intermediate certificate and on the other hand it allows to determine whether the intermediate certificate to which the server certificate was signed exists. Additionally, it can be displayed if the second intermediate certificate has been delivered.

not found second intermediate certificate
Similar to the above, however, it concerns the second intermediate certificate. However, it is possible to create the chain correctly using the second certification path, e.g. using the first intermediate certificate and replacing the second with the main certificate.

one or more intermediate certificate not found
This message means that one or all of the required intermediate certificates are missing and displayed in the absence of the root certificate.

found 'n' correct intermediate certificate(s)
This message indicates the number of valid intermediate certificates.

not found correct root certificate
The lack of the root certificate is treated as a warning. Of course, when configuring certificates on the server side, it is not recommended to attach a root certificate, but if you create it with the sslmerge, it treats the chain as incomplete displaying information about the incorrect creation of the chain.

an empty CN field was found in one of the certificates
This message does not inform about the error and about the lack of the CN field what can happen with some certificates (look at example/google.com). Common Name field identifies the host name associated with the certificate. There is no requirement in RFC3280 for an Issuer DN to have a CN. Most CAs do include a CN in the Issuer DN, but some don't, such as this Equifax CA.

Requirements
Sslmerge uses external utilities to be installed before running:

• openssl

Other

Contributing
See this.

Project architecture
See this.

Download Sslmerge

Read more

• Hacking With Swift
• Tutorial Hacking
• Hacking Windows: Ataques A Sistemas Y Redes Microsoft
• Penetration Testing A Hands-On Introduction To Hacking
• Hacking Desde Cero
• Arduino Hacking