Password Cracking Attacks

GhostWins

International Expert Moderator
29 Şub 2020
448
342
London



Subject content.
uR0jPF.png

What is Salt?
What is hash?
Creating a personalized wordlist?
Brute Force Attack
Dictionary Attack
Phishing
Social Engineering

Guess Attacks

unknown.png


What is salt? What is hash?

Hash is the term meaning of the algorithm used to convert an input data into a fixed-length output. The purpose of this process is to hide a data as much as possible. For example, the passwords of a person who is a member of a site are automatically hashed and even if an outside person can access the database, they can never see the passwords.

Salt is hashing a password before hashing it, adding a random text called salt to the beginning or middle of the password to hash it. So, imagine you are salting some kind of data. By adding extra characters to the text, you make it as difficult to read as possible.

unknown.png


Creating A Personalized Wordlist.

When we are going to extract a ciphertext for an individual, the software we will use should undoubtedly be CUPP. I think you've probably heard his name many times in many places. But I assume that those reading this article have never heard of a software called CUPP. So let's have some information about this software. The software called CUPP uses a user's information to generate passwords accordingly. The developers of this software, which has a very strong infrastructure, are constantly developing the software.

Now let's learn how to use CUPP.

Let's start with installing this software first. For this, we need to copy the project here via Git.
Bash:
git clone https://github.com/Mebus/cupp.git
unknown.png

Yes, we have now copied the project named Cupp to our computer. Now we are going into the project at first.
Bash:
cd cupp
unknown.png

Yes, we can see the contents of the file when we type ls. The first thing we see is that we need to install Python on our computer to run this program. Now let's install python. Since I use Arch Linux, I can show this on Arch Linux. Enter the code below into the terminal.
Bash:
sudo pacman -S python
unknown.png

Now that we have Python installed, let's run Cupp. For this
Bash:
python cupp.py
We enter this command in terminal form.

unknown.png

The best parameter here is you. We will use the parameter -i, that is, the interactive parameter, which we will use here. To use this parameter, we enter this command in the terminal.

Bash:
python cupp.py -i

unknown.png

After that, it depends on your own goal. When you write the target person's information here, a .txt file will be extracted with his name. Creating a wordlist with Cupp is all I can say.

unknown.png


Brute-Force Attack


Brute-Force Attack is a technique for obtaining password information by repeatedly trying to find the correct password. Although it is a very negative method, there are many hackers who use or try to use this method. Although many users and platforms have taken great precautions to prevent this attack, it still works on some platforms. Instead of using ready-made wordlists, this situation can be more effective if you use a unique wordlist as I have shown above. One of the most important measures taken was 2-step verification. After the GitHub brute force attack in 2013, people were encouraged to use 2-step verification and were informed about these issues.

unknown.png


Now let's examine a brutforce tool and look at its use.

Since we showed you how to create a wordlist from a user above, let's see how you can use that wordlist. I'm trying to hack an Instagram account with a brute force attack.


unknown.png
I opened a new Instagram account for myself as an example. I set an easy password. Now I will try to gain access to this account with a bruteforce attack. I am creating a wordlist as I have shown above.

unknown.png

It created a total of 37 words, now let's try these passwords one by one using our bruteforce tool. Of course, before that, we need to install our tool called Instax.

First, let's copy the project from the Github repos to our computer.


Bash:
git clone https://github.com/dhasirar/instax.git


Then we enter the folder. The first thing we see is a file called install.sh. Before executing this file, we need to authorize it, so you enter this code in the terminal.


Bash:
chmod +x install.sh
You can check whether you have given the necessary permission by saying ls. If the color of the text is green, you have authorized.
unknown.png

As you can see, I have done the necessary authorization. Now I will put the wordlist file I created into this folder.
Bash:
move /home/user/cupp/wordlistismi.txt /home/user/instax
You can do this by editing the code above. In addition, before installing this tool, you need to install the tor network from your computer. This process on Arch Linux.

Bash:
sudo pacman -S tor
You can do it in the form.

Now let's install the tool. for this

Bash:
sudo bash install.sh
Enter the above code into the terminal.

unknown.png

As you can see, now that we have installed all the necessary things, we can move on to the testing phase of the too.

Bash:
bash instax.sh
Enter the above code into the terminal.
unknown.png


We enter the requested information according to the target account, then there is a password trial period of 5-10 seconds. Then, if the correct password is in the wordlist, it will show you the password. If it is the account that I have tested, I can say that it works. The password was nonantiy123 and it accessed correctly.

So how can we be protected from this bruteforce? If you were to say what are the methods for this.

Using longer and hard-to-guess passwords.
Establishing combinations of upper and lower case letters.
Using special characters when creating passwords.
Enabling two-factor authentication.

If you follow all of these methods, the possibility of stealing your account with bruteforce becomes almost impossible.

unknown.png



Dictionary Attack

A dictionary attack is a technique used to penetrate a password-protected machine. In the dictionary attack, it tries all the words in a file that you specify as a dictionary one by one and tries to find the correct one. I chose to put the 2 titles in the bottom sub because it is similar to Brute Force. Maybe you remember, we used to find sites with dorks and we tried to infiltrate those sites with the user name and password we determined with the help of a tool. Originally, the method we used at that time was Dictionary Attack. Unfortunately, I cannot show its use in the field because it is very difficult to test this attack right now.

Since it is a very, very old method, many precautions have been taken against this attack over time. The most widely used of these is the delayed response method. The delayed response method prevents a hacker from entering a second password until the specified time has elapsed. So the hacker cannot try more than one password. The other and generally used method on social media platforms is to lock the account. For example, after you enter 3 wrong passwords, your account is locked automatically.


unknown.png


Phishing Attack
Phishing is one of the most effective attacks in the virtual world, it is as old as it is effective. It sends a malicious link to the target person's e-mail or phone number by typing anything that satisfies them. If the person clicks on the link in the bin, he becomes an open target. Probably an e-mail was sent to you, but you did not see it because it was spam before you could be reached.


Now let's look at a sample phishing mail.
unknown.png

When you first look at this photo I found on the internet, you think it was sent to you by the Netflix Team. But when we look at the part of the e-mail at the top, you can understand that it is actually a phishing attack. How to set up Mail is up to you, I am giving an example above. So how do we make this link, it's his turn. We will establish a phishing link using the help of a tool called SocialPhish.


unknown.png


Social Engineering

Social engineering is one of the most dangerous techniques and one of the most threatening to your security in the cyber world. Software is to abuse people's vulnerabilities instead of advanced infrastructures. It is a type of psychological attack that allows you to behave the way the attacker wants. People in general do not think that they will be scammed and deceived. An attacker who is aware of this thought gains his target's trust without being noticed. So there is no technical part of the event. It totally depends on the person's role playing. So I'm not going to show you how to use this technique here because it doesn't have a specific technique.


uR0jPF.png


We can divide social engineering into 4 stages. The first of these is the information gathering phase, where you are inactive. This stage is usually the stage where the most boring times pass and you just follow the target person and have information about it. After the information gathering stage, another stage can be tried to communicate with the target person. After communicating, it is usually done after gaining enough trust of the target person. Getting the person's information with social engineering. For example, it's like saying bro, what's your number? After this stage, it is called closing after obtaining the necessary information. It is called to cut off communication slowly without the target person noticing. As I said, this method is one of the most effective methods of the virtual world.

unknown.png


Guess

This type of attack is aimed at guessing the other party's password. It often fails. But if you can gather enough information with good social engineering, this attack can become dangerous. As an example, I would like to tell you about an incident that I went through.


While playing games with an old friend, I wanted to log into his account and he gave me his password. His password is a classic old-fashioned password, for example mehmet124567890, of course his name was not mehmet. After I got my request, I signed out of the account. But due to the fact that we played in 1-2 days, there was an argument between us and we cut off our communication with each other. Then, when I tried to log in to his account again, I saw that he had changed his password. Then, for some reason, the name of his brother, whom he loved very much, came to mind. His name was Mirac, I wrote the password as mirac124567890 instead of mehmet124567890. And
I saw that I was able to log into the account.

Like the incident I explained above, if you have enough knowledge about the other party, this attack becomes very dangerous. So I suggest you combine this method with social engineering.




turk_hack_team_.gif

have a nice day


unknown.png
unknown.png


Thanks for this nice thread @Nonantiy
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.