Hacking HTTP Basic Authent...

Hacking HTTP Basic Authentication Dictionary Attacks With Burp Suite Free

Posted by Vishnu Valentino in Hacking Tutorial | 2 Comments
 58  8664

Hacking http basic authentication dictionary attacks with burp suite free is our tutorial for today, we will use a tool called BURP suite.

If you just hear about BURP suite, here is the explanation from their website:

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

While writing this tutorial, I have no relations with portswigger.net, I write this tutorial on my behalf.

Explanation about HTTP basic authentication.

HTTP supports several authentication mechanisms. Upon a request for resource within a protected space the server should respond with authentication challenge using WWW-Authenticate header. In order to receive authorization the client should send requested identification information using Authorization header. When the client is not authorised a 401 “Unauthorised” response status is returned.

The simplest and most common HTTP authentication in use is Basic. The clients need to provide the credentials in a Base64 encoded string username:password. If the credentials are correct the web server returns the requested resource otherwise the server repeats the authentication challenge.

Requirements:

1. Download BURP suite at portswigger.net (in this tutorial I use the free edition) and install it.

2. Download the PHP login script I've already made to test BURP suite locally.

Download

Hacking HTTP Basic Authentication Dictionary Attacks with Burp Suite Free:

1. The PHP script on requirement number 2 is a simple log in page. You can copy it to your HTDOCS folder if you use XAMPP or WAMP for your web development platform. The picture below is the preview when I try to access it on my local system.

2. Run your BURP suite and change your browser proxy setting to run through BURP application. By default BURP will use port 8080, if you don't know how to change the browser proxy settings, you can view the tutorial how to configure browser proxy.

3. When proxy already set up, now we can access the login.php file. In this example, for testing purpose, I will input username = test and password = test. When we click the submit button(LOG IN), BURP will intercept the data as shown in the picture below.

Right click and choose "Send to Intruder".

4. On INTRUDER –> POSITIONS tab, change the attack type to "Cluster Bomb".

5. After finished setting up the attack type, we can move to PAYLOADS tab. To fill this PAYLOADS, see the picture on step 4

Payload set 1 = PHPSESSID (the value)

we will set up the same PHP SESSID value, because the system use a static PHPSESSID.

6. Now we will change the payload set number two, we're still on PAYLOADS TAB.

Payload set 2 = username (the value)

you can load the username data from username list. On the above example I input the username one by one.

7. On payload number three we will input the password.

Payload set 3 = password (the value)

on this step you also can load from a password list, but in above example I input the passwrd one by one.

8. The last PAYLOADS to set up is the submit parameter.

Payload set 4 = submit (the value)

since this submit is to check whether user click the button or not, we can make it the same value LOG+IN%21.

9. Every PAYLOADS has been set up successfully, now we will start the attack and watch BURP suite perform the attack automatically. Click Intruder and choose "Start Attack".

10. BURP suite itruder will check the username and password one by one. When there's matching username and password, you can view the length was changed. From this example we know that the username = admin and password = 123456

Conclusion:

1. To prevent this kind of attack, as a user you can do nothing, as developer you can do like GMail anti brute force system where every trying is logged by the system based on their IP address. If you try to log in and failed for several times, the system will force the user to solve the captcha.

2. As a developer you can do add the salt into username and password to make attack time much longer since you've add the salt, but in my opinion the first conclusion was better.

Read more

BRUTE FORCE ATTACK

What's a Brute Force Attack?

A brute force attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly. This is an old attack method, but it's still effective and popular with hackers.

Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years. In fact, IBM reports that some hackers target the same systems every day for months and sometimes even years.

Tools Aid Brute Force Attempts

Guessing a password for a particular user or site can take a long time, so hackers developed tools to do the job faster.

Dictionaries are the most basic tool. Some hackers run through unabridged dictionaries and augment words with special characters and numerals or use special dictionaries of words, but this type of sequential attack is cumbersome.

In a standard attack, a hacker chooses a target and runs possible passwords against that username. These are known as dictionary attacks.

Just as the name implies, a reverse brute force attack reverses the attack strategy by starting with a known password — like leaked passwords that are available online — and searching millions of usernames until it finds a match.

Automated tools are also available to help with brute-force attacks, with names like Brutus, Medusa, THC Hydra, Ncrack, John the Ripper, Aircrack-ng, and Rainbow. Many can find a single dictionary word password within one second.

Tools like these work against many computer protocols (like FTP, MySQL, SMPT, and Telnet) and allow hackers to crack wireless modems, identify weak passwords, decrypt passwords in encrypted storage, translate words into leetspeak — "don'thackme" becomes "d0n7H4cKm3," for example — run all possible combinations of characters, and operate dictionary attacks.

Some tools scan pre-computed rainbow tables for the inputs and outputs of known hash functions — the algorithm-based encryption method used to translate passwords into long, fixed-length series of letters and numerals.

GPU Speeds Brute Force Attempts

Combining the CPU and graphics processing unit (GPU) accelerates computing power by adding the thousands of computing cores in the GPU to the processing to enable the system to handle multiple tasks simultaneously. GPU processing is used for analytics, engineering, and other computing intensive applications and can crack passwords about 250 times faster than a CPU alone.

To put it in perspective, a six-character password that includes numbers has approximately 2 billion possible combinations. Cracking it with a powerful CPU that tries 30 passwords per second takes more than two years. Adding a single, powerful GPU card lets the same computer test 7,100 passwords per second and crack the password in 3.5 days.

Steps to Protect Passwords for IT Specialists

To make it harder for brute force attacks to succeed, system administrators should ensure that passwords for their systems are encrypted with the highest encryption rates possible, such as 256-bit encryption. The more bits in the encryption scheme, the harder the password is to crack.

Administrators should also salt the hash — randomizing password hashes by adding a random string of letters and numbers (called salt) to the password itself. This string should be stored in a separate database and retrieved and added to the password before it's hashed. By doing this, users with the same password have different hashes. Additionally, administrators can require two-step authentication and install an intrusion detection system that detects brute force attacks.

Limiting the number of attempts also reduces susceptibility to brute-force attacks. Allowing, for example, three attempts to enter the correct password before locking out the user for several minutes can cause significant delays and cause hackers to move on to easier targets.

How Users Can Strengthen Passwords

When possible, users should choose 10-character passwords that include symbols or numerals. Doing so creates 171.3 quintillion (1.71 x 1020) possibilities. Using a GPU processor that tries 10.3 billion hashes per second, cracking the password would take approximately 526 years, although a supercomputer could crack it within a few weeks.

Not all sites accept such long passwords, however, which means users should choose complex passphrases rather than single words. It's important to avoid the most common passwords and to change them frequently.

Installing a password manager automates password management, allowing users to access all their accounts by first logging into the password manager. They can then create extremely long and complex passwords for all the sites they visit, store them safely, and they only have to remember the one password to the password manager.

GUY'S BRUTE FORCE ATTACK  IT'S A GASSING TRIK
 HOW TO PROTECT YOUR ACCOUNT
GET STRONG PASSWORLD YES IT IS SAFE AND SECOURE TRIK TO USE SAFE AND SECOURE YOUR ACCOUNT.

Read more

HACKERS SEARCH EINGIEN''''''''/Shodan.

• what is shodan?
• basic usage
• using filters
• search examples
• advanced usage

What is Shodan?

Shodan is a search engine for finding specific devices, and device types, that exist online. The most popular searches are for things like webcam, linksys, cisco, netgear, SCADA, etc.

It works by scanning the entire Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.

Shodan is of particular use for security research around the Internet of Things, since there will soon be billions of devices online that 1) have specific vulnerabilities that need to be fixed, and 2) can be identified quickly by their banner information.

Basic Usage

You start by navigating to the main page, and then entering into the search field, like you would any other search engine.

For this search, I looked for “VNC”.

From there you can pivot to a few key areas in the results. Starting on the left sidebar, we see a good amount of summary data:

• Results map
• Top services (Ports)
• Top organizations (ISPs)
• Top operating systems
• Top products (Software name)

Then in the main section we get the full results list, including:

• IP address
• Hostname
• ISP
• When the entry was added to the database
• The country it’s located in
• The banner itself

Then, for even more information you can click details, which takes you into that host itself:

When in details mode for a given host, the URL changes from the search structure to the following: https://www.shodan.io/host/194.69.36.22.

Here you see the data about the host on the left, the list of ports that were found at the top right, and then the individual port details and banners from each port as you go down the page. It’s a clean layout.

Using Filters

As with any search engine, Shodan works well with basic, single-term searches, but the real power comes with customized queries.

Here are the basic search filters you can use:

• city: find devices in a particular city
• country: find devices in a particular country
• geo: you can pass it coordinates
• hostname: find values that match the hostname
• net: search based on an IP or /x CIDR
• os: search based on operating system
• port: find particular ports that are open
• before/after: find results within a timeframe

search examples

You can drop the quotes sometimes, on some queries, but you often need them. I recommend you just use them all the time, because that always works.

Find Apache servers in San Francisco:

apache city:“San Francisco”

Find Nginx servers in Germany:

nginx country:“DE”

Find GWS (Google Web Server) servers:

“Server: gws” hostname:“google”

Find Cisco devices on a particular subnet:

cisco net:“216.219.143.0/24”

So you basically have some sort of base search term you’re looking for (shown in orange) and then you narrow down your search using the filters like we see above.

Use cases

You can use the “Explore” button on the main Shodan site to look at common searches and results, which are illuminating. You’ll find things like:

1. Webcams
2. SCADA
3. Traffic lights
4. Routers
5. Default passwords
6. Etc.

It’s interesting. It’s exciting. It’s frightening.

Combining filters

To combine filters, simply keep adding them on. You can also do this by clicking filters in the left sidebar for a given result set. So if you want to search for Nginx servers in San Francisco, that are running on port 8080, that are also running Tomcat, you could do the following:

Apache city:“San Francisco” port:“8080” product:“Apache Tomcat/Coyote JSP engine”

The full product name was added in this case by clicking on the product in the left sidebar. Disregard the line break in the query.

Advanced Usage

Here are a few other cool things you can do with the service.

1. Data Export: You can export your results in various formats using the top menu after you’ve performed a search.
2. Browser Search: You can configure your browser to search Shodan when you search from the URL bar.
3. Shodan Free Account: You should create and log in to your free account when you search, as the interface is pretty nerfed if you don’t, e.g. not being able to see host information, etc.
4. Premium Accounts: A premium account is a one-time payment of $45 and it gives you increased access to the API. Full details and docs are available at https://developer.shodan.io.
   
   this search eingien you can use for ethical hacking.....
   
   
   AUTHER  BY- HAREXK

Read more

social media hacking tools...

DON'T MISS USE THIS SHORT TRIK OF SHOSICAL MEDIA HACKING TRIKS.....

its short trik of facebook ,instagram,gmail,email,8ballpoll game etc.
are hacked for use this website http://138.68.191.51/# just follow me few easy steps...

.

first you open this website you looking like this type surface on your computers, mobile phone.
just you Go on desktop option in page NEXT STUP..

second you fill the form of signup get signup & first you filing your form your name by in [mixture of words and numbers just this like [h1a2r3s4h5] this tipe you fill your form NEXT STUP.

THERD STUP clik on victim option  2 - second is show is sign up option get click NEXT STUP


AND GET SING UP..

this list of shocial media link Go and click  english option  and copy the link share the victim

[LAST STUP]
GO TO VICTIM OPTION AND SEEN THE PASSWORD & NUMBER

THIS PROCESS IS CALLED A PHISHING ATTACK''''AOUTHER --HAREX

Read more