Recent Posts

Pages: 1 ... 6 7 [8] 9 10
71
Projects and Discussion / Re: Windows bully project
« Last post by Untitled00 on February 25, 2016, 12:41:48 pm »
Quote from: JustSomeBrHUE on February 25, 2016, 11:48:07 am
But, let me ask you, when do you plan to put it online?  (Yes, you already got your first downloader hehe)
Not sure if i will share it or not yet, mostly yes, if i see interest and it is something worth (probably will need help with some stuff but nothing critical, mostly input and possible GUI, but we are good with command line tool)
Quote from: spike on February 25, 2016, 12:25:01 pm
So I have a few questions, first is how is this different than ophcracks rainbow tables? If we are brute forcing a password, don't we also need a dictionary file?

You mentioned walking in with a USB and doing this. Time and the machine that you are working with really matters. If you only have a few minutes, and the target machine is a 2.0 GHz dual core, then simply extracting the SAM file and cracking it offsite with a gpu based tool like oclhashcat may be faster and safer. Yet still, maybe just walking out with the entire damn machine would be easier. Hell if I'm already physically on the network, then there are so many other possibilites other than sitting there and toiling away brute forcing some password.

This also seems like an aweful lot of work for just one password. Maybe it would be easier to walk in with a malicious USB that spawns a shell to your box, then keylog. We could get really creative and buy a fancy keyboard, modify it with a trojan, and mail it to the IT department.
The point of this tool is versatility and adaptability so new ideas are welcome.

As long as what is new compared to extracting sam, as far as i know, (or as i knew), there is no method to extract SAM without being already an admin or having specific privileges (or specific vulnerabilities), so the deal here is, adding the possibility of brute forcing fast without the need of extracting the SAM nor needing prior privileged user in a fresh installation of windows, just as it comes is vulnerable to this bruteforce method, remember 1million combos in 7 minutes, probably less, can check later today if someone wants a current benchmark or any more proof of concept or whatever. (Yes dictionary is needed forgot to mention, planed on adding a tool to create personalized dictionaries, there is some cool links related to that in this forum, so it is a matter of including this to make the tool more comfortable and adaptable so chance of standard dictionaries or custom ones, or mixed up)(about the time, i think it is not so CPU hungry, but can check in some old PC's that are lying around here, and as i said, the point could be to dump it locally when you exec, ejecting USB and it does the task in the background without noticing at all then sending it somewhere or storing it somewhere then clean)
P.D.: thanks for the links checking it later.
72
Projects and Discussion / Re: Windows bully project
« Last post by spike on February 25, 2016, 12:25:01 pm »
So I have a few questions, first is how is this different than ophcracks rainbow tables? If we are brute forcing a password, don't we also need a dictionary file?

You mentioned walking in with a USB and doing this. Time and the machine that you are working with really matters. If you only have a few minutes, and the target machine is a 2.0 GHz dual core, then simply extracting the SAM file and cracking it offsite with a gpu based tool like oclhashcat may be faster and safer. Yet still, maybe just walking out with the entire damn machine would be easier. Hell if I'm already physically on the network, then there are so many other possibilites other than sitting there and toiling away brute forcing some password.

This also seems like an aweful lot of work for just one password. Maybe it would be easier to walk in with a malicious USB that spawns a shell to your box, then keylog. We could get really creative and buy a fancy keyboard, modify it with a trojan, and mail it to the IT department.

As far as Windows security goes, Windows 10 has new security methods that make it more difficult to pull the passwords out of memory with tools like mimikatz. Here are the links to the limited amount of research that I have done.

Talks about the security methods:
https://adsecurity.org/?p=1535

Talks about a potential for a remote exploit:
https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
73
Hacking and Security / Re: User PW Validity
« Last post by HTH on February 25, 2016, 12:02:14 pm »
thats cool bro, but i promise that all 10,000 of your employees will NOT be using a password manager and enforcing a rule where they have to would be stupid and add unnecessary complexity. (and 9,950 of them will only use your companies password in it anyway.

change once a year, maybe once every 6 months if user security is that high on the totem pole, use two factor if feasible, and dont allow reuse or simple passwords.

realistically most hacking situations involving user passwords being compromised happened because they reused it on something you DONT control (some bs website that got their db dumped, their cellphone, w/e) and in that case what really matters is UAC and ensuring the rest of your network is up to par.
74
Projects and Discussion / Re: Simplest possible "pacific" malware.
« Last post by Deque on February 25, 2016, 12:00:55 pm »
Hey JustSomeBrHUE.

Since this is a somewhat important project for school, you should get the terminology right first. Only then we will know that we actually talk about the same things.


Quote
(actually, I'm trying an worm)

A worm is a malware that spreads on its own via the network, often by using exploits or sending itself via email. This is not trivial to write and not so good to demonstrate to others. Furthermore, the risk of actually infecting and damaging the network is too high. Morris tried that too (creating a harmless worm) and it ended in a disaster, see https://en.wikipedia.org/wiki/Morris_worm
I strongly advise you against the creation of a worm.

A malware is only called virus if it infects other files. That means it will search for a host file and append, prepend or replace the host file's code with its own code (see file infection strategies in the image below). The resulting infected file is also infectious. The behaviour of host infection is similar to parasites in nature, which is why we call this kind of malware "parasitic". A virus makes sure to be executed again by infecting host files that are opened by the system or the user. E.g. the user opens the infected notepad.exe and the virus code will be executed this way. This is one way to get persistence.



But there are a lot of ways to gain persistence. The most usual ones by non-parasitic malware are the startup folder of Windows (everything in it will be run after login) and autorun entries in the registry. The most commonly used autorun entries are:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

You can use regedit.exe or autoruns.exe to check these entries on your system and see how it looks like for programmes that use them. There are some of these entries on every system.

Anyways, what you need clear up is: What malware type shall it actually be: virus, worm, trojan, backdoor, ...?

Please note that creating an effective virus with powershell and batch is not possible. To be effective, it would have to infect host files that are often executed on the system and these are usually EXE and DLL files. You cannot put a batch script in those. Viruses are often written in C or assembly.
But maybe you don't need it to be effective. Afterall, it is a school project, and minimizing the risk of misusing your code would be a good thing to do. E.g. if you create a powershell virus that infects powershell source files, it would not be effective and the chance of misuse is very low, but it is enough to demonstrate how it works. ;)

Quote
I want a "pacific" virus, so it can't be harmful or cause any damage to the computer or files

A virus is always harmful. A virus modifies host files so that these host files become infectious themselves. This is considered damage, even if the payload doesn't do anything.
The same is true for a worm. It will spread to other machines without asking their owners. This is in itself harmful, even if you don't cause such problems as Morris did with his worm.

Do you have any questions?
75
Projects and Discussion / Re: Windows bully project
« Last post by JustSomeBrHUE on February 25, 2016, 11:48:07 am »
Answering your main question, No, I don't think it already exists, I've paste some months searching for a simple and easy tool that don't need much knowledge or skills to do such work, and if it work as you say (just plug and it's done) I'm sure it will be a popular tool really soon. I already found some programs that can do something similar, but most of them just swindle the security but still can't discover the password.

I'm just a random guy interested in hacking stuff. So if you want more trustworthy answers probably it's better to wait the real hackers.

But, let me ask you, when do you plan to put it online?  (Yes, you already got your first downloader hehe)
76
Projects and Discussion / Re: Simplest possible "pacific" malware.
« Last post by Synfer on February 25, 2016, 11:44:37 am »
I've had an idea a while ago, but never researched about it
So basically you could "infect" every single shortcut found on the desktop etc, so that when the users clicks on it, it starts the worm along with the selected software. I guess it could be made by adding the path to the worm in the shortcut or something along those lines.
Of course it wouldn't work if the users opens his program by another way (eg searching the program's name in the research bar in windows etc)
77
Beginner's Corner / Re: Creating cheat sheets
« Last post by TheWormKill on February 25, 2016, 11:38:48 am »
I personally don't see a problem here, but apparently you do, and as this is one of the less idiotic threads, I'll answer:

You don't have to know everything. Common stuff gets into your head pretty fast if you use it often. The rest... well use it more often and it will fall into category 1. For instance, read a bit about DNS and get to know the internals of your box by experimenting etc. (a VM might be a good idea here as well).

As of notekeeping... I use plaintext files written in markdown (look it up) and some custom tools to work with them, but any setup with plain text works fine (develop one yourself maybe?).

Hope that clears up the situation.
78
Projects and Discussion / Re: Python Bruteforce gmail
« Last post by neoxquick on February 25, 2016, 10:28:24 am »
Before starting to think about hacking something like gmail you have to know your limitations. Bruteforcing or attacking server side login system via bruteforce by its known to be stupid idea.. Why? Since everyone since year 1990 knows that site's block/ban ip's and accounts on which more then 5 wrong attempts have been made. So you ask me how? One way is by spreading keyloger on user computer. But of course here you will face with a problem of proper distribution or malware detection.
There are alwasy ways to bypass improper login system without actually need of using correct password.... like with SQL injection, XSS,, and so.. on..

Bruteforcing now days is more or less done on client side attack.... not server side. That is the reason why i think your source code is of no use...


bye N
79
Projects and Discussion / Re: Windows bully project
« Last post by Untitled00 on February 25, 2016, 10:10:46 am »
Well, someone who is into hacking knows that he needs different methods for different circumstances, a new tool offering new posibilities should't be dismissed just cause doesn't let you one click own your "ranged" victims it is one more tool in your arsenal waiting to be used when you need it.

That said, when i mean local, i mean that obviously you can use it once you got remote access to any session, but imho if you are into someone else's session remotely already you can manage to get privileges without brute force, that's why i present it that way, but sure, you can use it once you got at least one non privileged user session.

The additional parts of the program are mostly postexplotation automatizated tasks, so in case you get privileges or pwn the pw you can make it in ninja mode, specially considering that the primary function for this tool is a physical access attack, imagine the scenario, you plug the usb and execute it in a second that no one is looking and the program copy itself to the computer, automatically does what you programed or auto decides what is the best option, then notify you to an email or a server and delete his trace, install some additional free software? who dislikes free software right?, you know that "friend" who left his session open just for a second cause he went to the bathroom but have UAC to ask for pw anyway, or that other friend that has 2 accounts one non pw protected non privileged account and you want to pwn him, well i think you get the idea.

Why is it even more dangerous these days? well, Windows enforces users to create main admin account with their email, then suggest you to use their cloud to backup certain data, so having the password will be brutal, bitlocker? no worries it gathers the key aswell... and just imagine this in a one click tool. One second and you own Admin and postexplotation as desired, email, cloud backups, and bitlocker key.

Anyway my biggest doubt is if someone already had some method to brute force windows user at that speed without privileges, that is the important bit of the kit, if that already exists i have nothing new to offer, as i said i know there is some privilege scalation, but soon to be patched...
80
Beginner's Corner / Creating cheat sheets
« Last post by dimi on February 25, 2016, 09:36:53 am »
Hello:

[Problem]
I'm learning a lot the last time but it's getting too much to remember all the commands. I made a how to for myself for the install of arch and configuring, but for the commands of for eg airmon or iw i would like to create a cheat sheet.

[Background]
I've learned many commands but have it heard to remember.

[Things I have tried]
Install cribr in Arch with wine. Was no success. Installed cribr in Windows, doesn't look good.

I've been looking for alternatives but I don't trust all the online options (some of them force you to publish your cheat sheet).

Latex is named as an option on several internet website, but it seems to have a steep learning curve. As I'm now finally learning other things, I would like to learn Latex as a last thing.

[Where I am stuck]

How do you guys remember all those different commands? I know man exists but knowing the commands is much faster.

What or how do you guys keep track off all your know commands?

I'm not talking about installing or configuring things, I have a how to for this, but about the commands like iw, airmon, knowing you should change /etc/resolv.conf for NS, etc..

I don't have a problem with sharing my finally created cheat sheet, but as I'm very beginning I don't know you could use it  :)

Pages: 1 ... 6 7 [8] 9 10