Malware increases by 46% in only one year

There is a steady growth of threats to mobile platforms, according to a new McAfee report.

The number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009. The report also uncovered 20 million new pieces of malware in 2010, equating to nearly 55,000 new malware threats every day.

Of the almost 55 million total pieces of malware McAfee Labs has identified, 36 percent was created in 2010. Concurrently, spam accounted for 80 percent of total email traffic in Q4 2010, the lowest point since the first quarter of 2007.

Threats to mobile platforms are not new. However, as more consumers use mobile devices and tablets in their daily lives and at work, cybercriminals have taken note. During the last several years, McAfee Labs has seen a steady growth in the number of threats to mobile devices.

Some of the most interesting mobile threats of Q4 2010 were SymbOS/Zitmo.A and Android/Geinimi. SymbOS/Zitmo.A was a high-profile threat that struck early in the quarter. The creators of the Zeus botnet repurposed an old version of a commercial spyware package.

Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.

With the adoption of so many new mobile platforms, combined with the lack of security awareness and mobile safeguards, McAfee Labs expects cybercriminals to use botnet infections to target mobile devices.

In Q4 2010, Cutwail was dethroned as the global leader in botnet activity, with Rustock the most prevalent in many parts of the world, and Bobax closely trailing behind the two.

The onslaught of malware seems to have no end, and the proliferation of both handled and IP-enabled devices’ affect on this growth remains to be seen. The top malware threats in Q4 2010 were very different in various geographies, due in part to the larger trend that threats now tend to match the types of users, habits and events that are specific to a region.

Favorites for cybercriminals worldwide this quarter consisted of AutoRun malware (Generic!atr), banking Trojans and downloaders (PWS or Generic.dx), as well as web-based exploits (StartPage and Exploit-MS04-028).

Spam hitting its lowest levels in years can be attributed to a “transition period,” with several botnets going dormant during a time of year when spam volumes are usually on an upward path.

In Q4, McAfee Labs learned the Bredolab botnet had been closed along with parts of the Zeus botnet. Around the Christmas holiday, spam from the Rustock, Lethic, and Xarvester botnets all disappeared, while the spam leaders this quarter were the Bobax and Grum botnets.

As more users access the Internet from an ever-expanding pool of devices—computer, tablet, smartphone or Internet TV—web-based threats will continue to grow in size and sophistication. In Q4, some of the most active threats included Zeus-Murofet, Conficker and Koobface, and the number of potentially malicious domains grew at a rapid pace.

Phishing URLs in the form of the IRS, gift cards, rewards accounts, and social networking accounts were also among the most popular. McAfee Labs found that within the top 100 results of the top daily search terms, 51 percent led to malicious sites, and on average each of these poisoned results pages contained more than five malicious links.

McAfee Labs expects attacks using the techniques of search-engine abuse and trend abuse to focus more specifically on new types of devices in 2011.

In 2009, McAfee Labs predicted that vulnerabilities in Adobe product would become the clear choice of malware authors and cybercriminals for distribution malware and compromising systems and networks. This prediction has come true. Throughout 2010 malware developers have heavily exploited weaknesses in both Flash and especially PDF technologies.

McAfee Labs databases reveal that malicious PDFs targeting Adobe Acrobat topped the number of unique samples by a wide margin, making them the favorite target of client-side exploitation. McAfee Labs is certain that the “Adobe” trend will continue this year, as more mobile devices and non-Microsoft operating systems support various Adobe technologies.

Russian hacker steals $10 million

A 27-year old Russian hacker pleaded guilty to stealing $10 million from a former Royal Bank of Scotland division back in 2008, and he's awaiting a verdict and sentencing at the end of this or at the beginning of the next week.

The trial is held in Novosibirsk in Siberia, and the man - one Yevgeny Anikin - has admitted that he was part of the international hacking ring that executed the cyber heist.

According to Reuters, they hacked into the accounts of the bank's customers, raised the limit that regulated the maximum withdrawal of funds that could be executed in one day and organized a simultaneous withdrawal of the funds from ATMs located in Europe, the US and Asia.

Anikin is not the first member of that hacking ring to be caught and sentenced. Late last year, another one received a prison sentence of six years from a court in St. Petersburg.

73% of organizations hacked in the last 2 years

Website attacks are the biggest concern for companies, yet 88 percent spend more on coffee than securing Web applications, according to a survey by Barracuda Networks, Cenzic and the Ponemon Institute. According to 74 percent of respondents, Web application security is either more critical or equally critical to other security issues faced by their organizations. Despite this, the study shows there are many misconceptions around the methods used to secure Web applications, primarily Web application firewalls and vulnerability assessment. "While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security,” said Dr. Paul Judge, chief research officer and VP for Barracuda Networks. "The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight – eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall," he added. “The fact that a quarter of respondents could not provide a range for how many Web applications they have is a huge red flag right off the bat,” said Mandeep Khera, CMO for Cenzic. “Furthermore, that 20 percent of organizations do not test at all and 40 percent test only 5 percent of their Web applications is shocking. And, most of these companies have been hacked multiple times through insecure Web applications. If you know that burglars come through a broken door repeatedly wouldn’t you want to fix that door?” Other key findings in the study include:

• Data protection (62 percent) and compliance (51 percent) were the top reasons for securing Web apps. Job protection was also a significant reason cited by 15 percent of respondents.
• Despite 51 percent listing compliance as a key driver for Web application security, 43 percent are not familiar with or have no knowledge of OWASP, a key component to compliance standards like PCI.
• With 41 percent reporting they have over 100 Web applications or more, the majority (66 percent) test less than 25 percent of these applications for vulnerabilities.
• More than half (53 percent) expect their Web hosting provider to secure their Web applications.
• Of those respondents who own a Web application firewall, nearly 2 times agreed that a reverse proxy is a better and more secure technology than a transparent bridge technology.

"While IT practitioners recognize the criticality of secure Web applications, their organizations do not provide adequate resources and expertise to manage the risk," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Over half of the respondents we polled believe they do not have resources to detect and remediate insecure Web applications, and 64 percent said they believe that their organization have inadequate governance and usage policies.”

Scan Open Ports/Services of Target: Netcat Scan Open Ports/Services of Target: Netcat

Prerequisites: None Countermeasures: Uninstall/disable fix unnecessary services, Intrusion Detection Systems (IDS) Log and Event Log review Description: The netcat application has many uses; one is the ability to scan a target for open ports and services. Another utility, cryptcat, is almost identical except that it operates with encryption. Procedure: From a DOS prompt, type the following with the syntax of: nc _ The –v option instructs netcat to run in verbose mode, allowing you to see the progress of the scan. _ The –r option instructs netcat to randomize local and remote ports in an attempt to elude any intrusion detection systems. _ The –w2 option instructs netcat to wait 2 seconds between each port scanned to help elude any intrusion detection systems. _ The –z option instructs netcat to operate in a zero-I/O (Input/Output) mode. It is best to use the –z when scanning with netcat. _ The 1-1024 instructs netcat to scan port 1-1024. In this example, the target has the following ports open: _ 80 (Web) _ 7 (Echo) _ 13 (daytime) _ 21 (FTP) _ 17 (Quote of the Day) _ 445 (Windows Share) _ 9 (discard) _ 139 (Windows Share) _ 19 (Character Generator) _ 135 (epmap) _ 443 (HTTPS) _ 25 (Simple Mail Transfer Protocol [SMTP]) Note: From the results of this example the “low hanging fruit” ports are: _ 7, 13, 17, 9, and 19 as these ports can easily be used to create a Denial of Service (DoS). These ports should not be open to the Internet. © www.shubhamsahu.blogspot.com

Dos Attacks | Denial Of Services

DOS Attacks or Denial Of Services is a very favorite hacking technique by hackers. This is relatively easy to do and have been testing grounds for budding hackers. In fact, hackers use this technique to gain wide recognition because of the fame and respect that a successful DOS Attack brings to the hacker in the underground groups.

DOS attack is done by sending too much data packets which cannot be handled by the target network server. There are many avenues of exploits and these are vulnerabilities in the TCP/IP protocols suite, vulnerabilities in the Ipv4 implementation and the use of the resources of the target system and make the services unable to respond.

There are many vulnerabilities in TCP/IP itself and some of them are enumerated here as they are called Ping of Death, Teardrop, SYN attacks and Land Attacks.

Ping of Death

This was one of the earliest tool of denial of service during the time when systems where less complex than they are today. There are now fully upgraded systems that are invulnerable to Ping of Death attacks. Ping of Death works by causing the system to hang or reboot and thereby unusable by legitimate users.

In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP. When the target computer is pinged, the system has no recourse but to hang, reboot or crash.

Teardrop

The Teardrop is an attack that exploits the vulnerability in the reassembling of data packets.

When data is sent over the Internet, it is first broken down into smaller fragments at the source system and then put together at the destination system. With a teardrop attack, the hacker will confuse the target making it unable to put together the correct sequence of data packets.

When these packets are divided up they have an OFFSET field in their TCP header part which will determine which date packet that each fragment is carrying.
By disrupting the series of data packets by overlapping their Offset field values, the target system becomes unable to piece them together and forced to crash, hang or reboot.

SYN Attack

The SYN attack is a disruption in the TCP/IP's three-way connection by using bad IP address to so that the SYN ACK will never come and the target server waits and waits. When a connection is negotiated by a computer to the Internet, there is a three way connection that must be established.

When too many of these disruptions are sent, the target will no longer have the resources to entertain legitimate connection request.

In a SYN attack, the attacker send SYN packets server with a SYN packets from a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address.


Land Attacks

This is no longer famous since this can be easily addressed. A Land attack is like the SYN attack but this time the attacker uses the target’s own IP address to create an infinite loop where the target waits for itself to send acknowledgement which will never come because it is the target system itself waiting to communicate with itself.


Smurf Attacks

A Smurf attack is a DOS Attack done by making huge number of Ping Requests with spoofed IP Addresses from within the target network creating a traffic that is too much for target system to handle. The result then is that the target network is unable to respond to legitimate users.


Distributed DOS Attacks

This is a new and improved DOS attack which is far greater threat that even threatens the virus as the most feared DOS Attack in the Internet.
This Distributed DOS attack will allow attackers to escape because it will be difficult to trace them because they are a group that acts in concert with each other. This kind of attack is somehow a little difficult since each will have to find lesser weakness on the target network and work their way up together.

Social Engineering: The Art of Human Hacking

Social Engineering: The Art of Human Hacking Summary:

Publisher: W i l e y 2010 | 408 Pages | ISBN: 0470639539 | EPUB | 6 MB

The first book to reveal and dissect the technical aspect of many social engineering maneuvers
From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.
Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

* Examines social engineering, the science of influencing a target to perform a desired task or divulge information
* Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
* Reveals vital steps for preventing social engineering threats

Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

http://hotfile.com/dl/101569006/5bde095/Social_Engineering_-_Christopher_Hadnagy.rar.html


Guide to Internet

The Internet is a computer network made up of thousands of networks worldwide. No one knows exactly how many computers are connected to the Internet. It is certain, however, that these number in the millions.

No one is in charge of the Internet. There are organizations which develop technical aspects of this network and set standards for creating applications on it, but no governing body is in control. The Internet backbone, through which Internet traffic flows, is owned by private companies.

All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.

An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news, and much more.

The Internet consists primarily of a variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol.

---

COMPONENTS OF THE INTERNET

WORLD WIDE WEB
The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface. Almost every protocol type available on the Internet is accessible on the Web. This includes e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP. These protocols will be explained later in this document.

The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together these protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the Web is the fastest-growing component of the Internet.

The operation of the Web relies primarily on hypertext as its means of information retrieval. HyperText is a document containing words that connect to other documents. These words are called links and are selectable by the user. A single hypertext document can contain links to many documents. In the context of the Web, words or graphics may serve as links to other documents, images, video, and sound. Links may or may not follow a logical path, as each connection is programmed by the creator of the source document. Overall, the Web contains a complex virtual web of connections among a vast number of documents, graphics, videos, and sounds.

Producing hypertext for the Web is accomplished by creating documents with a language called HyperText Markup Language, or HTML. With HTML, tags are placed within the text to accomplish document formatting, visual features such as font size, italics and bold, and the creation of hypertext links. Graphics and multimedia may also be incorporated into an HTML document. HTML is an evolving language, with new tags being added as each upgrade of the language is developed and released. The World Wide Web Consortium (W3C), led by Web founder Tim Berners-Lee, coordinates the efforts of standardizing HTML. The W3C now calls the language XHTML and considers it to be an application of the XML language standard.

The World Wide Web consists of files, called pages or home pages, containing links to documents and resources throughout the Internet.

The Web provides a vast array of experiences including multimedia presentations, real-time collaboration, interactive pages, radio and television broadcasts, and the automatic "push" of information to a client computer. Programming languages such as Java, JavaScript, Visual Basic, Cold Fusion and XML are extending the capabilities of the Web. A growing amount of information on the Web is served dynamically from content stored in databases. The Web is therefore not a fixed entity, but one that is in a constant state of development and flux.

For more complete information about the World Wide Web, see Understanding The World Wide Web.

E-MAIL
Electronic mail, or e-mail, allows computer users locally and worldwide to exchange messages. Each user of e-mail has a mailbox address to which messages are sent. Messages sent through e-mail can arrive within a matter of seconds.

A powerful aspect of e-mail is the option to send electronic files to a person's e-mail address. Non-ASCII files, known as binary files, may be attached to e-mail messages. These files are referred to as MIME attachments.MIME stands for Multimedia Internet Mail Extension, and was developed to help e-mail software handle a variety of file types. For example, a document created in Microsoft Word can be attached to an e-mail message and retrieved by the recipient with the appropriate e-mail program. Many e-mail programs, including Eudora, Netscape Messenger, and Microsoft Outlook, offer the ability to read files written in HTML, which is itself a MIME type.

TELNET
Telnet is a program that allows you to log into computers on the Internet and use online databases, library catalogs, chat services, and more. There are no graphics in Telnet sessions, just text. To Telnet to a computer, you must know its address. This can consist of words (locis.loc.gov) or numbers (140.147.254.3). Some services require you to connect to a specific port on the remote computer. In this case, type the port number after the Internet address. Example: telnet nri.reston.va.us 185.

Telnet is available on the World Wide Web. Probably the most common Web-based resources available through Telnet have been library catalogs, though most catalogs have since migrated to the Web. A link to a Telnet resource may look like any other link, but it will launch a Telnet session to make the connection. A Telnet program must be installed on your local computer and configured to your Web browser in order to work.

With the increasing popularity of the Web, Telnet has become less frequently used as a means of access to information on the Internet.

FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer files between computers. Anonymous FTP is an option that allows users to transfer files from thousands of host computers on the Internet to their personal computer account. FTP sites contain books, articles, software, games, images, sounds, multimedia, course work, data sets, and more.

If your computer is directly connected to the Internet via an Ethernet cable, you can use one of several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.

FTP transfers can be performed on the World Wide Web without the need for special software. In this case, the Web browser will suffice. Whenever you download software from a Web site to your local machine, you are using FTP. You can also retrieve FTP files via search engines such as FtpFind, located at /http://www.ftpfind.com/. This option is easiest because you do not need to know FTP program commands.

E-MAIL DISCUSSION GROUPS
One of the benefits of the Internet is the opportunity it offers to people worldwide to communicate via e-mail. The Internet is home to a large community of individuals who carry out active discussions organized around topic-oriented forums distributed by e-mail. These are administered by software programs. Probably the most common program is the listserv.

A great variety of topics are covered by listservs, many of them academic in nature. When you subscribe to a listserv, messages from other subscribers are automatically sent to your electronic mailbox. You subscribe to a listserv by sending an e-mail message to a computer program called a listserver. Listservers are located on computer networks throughout the world. This program handles subscription information and distributes messages to and from subscribers. You must have a e-mail account to participate in a listserv discussion group. Visit Tile.net at /http://tile.net/ to see an example of a site that offers a searchablecollection of e-mail discussion groups.

Majordomo and Listproc are two other programs that administer e-mail discussion groups. The commands for subscribing to and managing your list memberships are similar to those of listserv.

USENET NEWS
Usenet News is a global electronic bulletin board system in which millions of computer users exchange information on a vast range of topics. The major difference between Usenet News and e-mail discussion groups is the fact that Usenet messages are stored on central computers, and users must connect to these computers to read or download the messages posted to these groups. This is distinct from e-mail distribution, in which messages arrive in the electronic mailboxes of each list member.

Usenet itself is a set of machines that exchanges messages, or articles, from Usenet discussion forums, called newsgroups. Usenet administrators control their own sites, and decide which (if any) newsgroups to sponsor and which remote newsgroups to allow into the system.

There are thousands of Usenet newsgroups in existence. While many are academic in nature, numerous newsgroups are organized around recreational topics. Much serious computer-related work takes place in Usenet discussions. A small number of e-mail discussion groups also exist as Usenet newsgroups.

The Usenet newsfeed can be read by a variety of newsreader software programs. For example, the Netscape suite comes with a newsreader program called Messenger. Newsreaders are also available as standalone products.

FAQ, RFC, FYI
FAQ stands for Frequently Asked Questions. These are periodic postings to Usenet newsgroups that contain a wealth of information related to the topic of the newsgroup. Many FAQs are quite extensive. FAQs are available by subscribing to individual Usenet newsgroups. A Web-based collection of FAQ resources has been collected by The Internet FAQ Consortium and is available at /http://www.faqs.org/.

RFC stands for Request for Comments. These are documents created by and distributed to the Internet community to help define the nuts and bolts of the Internet. They contain both technical specifications and general information.

FYI stands for For Your Information. These notes are a subset of RFCs and contain information of interest to new Internet users.

Links to indexes of all three of these information resources are available on the University Libraries Web site at /http://library.albany.edu/reference/faqs.html.

CHAT & INSTANT MESSENGING
Chat programs allow users on the Internet to communicate with each other by typing in real time. They are sometimes included as a feature of a Web site, where users can log into the "chat room" to exchange comments and information about the topics addressed on the site. Chat may take other, more wide-ranging forms. For example, America Online is well known for sponsoring a number of topical chat rooms.

Internet Relay Chat (IRC) is a service through which participants can communicate to each other on hundreds of channels. These channels are usually based on specific topics. While many topics are frivolous, substantive conversations are also taking place. To access IRC, you must use an IRC software program.

A variation of chat is the phenomenon of instant messenging. With instant messenging, a user on the Web can contact another user currently logged in and type a conversation. Most famous is America Online's Instant Messenger. ICQ, MSN and Yahoo are other commonly-used chat programs.

Other types of real-time communication are addressed in the tutorial Understanding the World Wide Web.

MUD/MUSH/MOO/MUCK/DUM/MUSE
MUD stands for Multi User Dimension. MUDs, and their variations listed above, are multi-user virtual reality games based on simulated worlds. Traditionally text based, graphical MUDs now exist. There are MUDs of all kinds on the Internet, and many can be joined free of charge.

© www.shubhamsahu.blogspot.com

All About Keyloggers - The Complete FAQ

A keylogger sometimes called a spying software is a small program which is used to monitor a local or a Remote PC, Keyloggers now a days are so easy to use that a person with even a basic knowledge of computers can use keylogger.Once a keylogger is installed in your computer it can monitor each and every keystroke typed on your computer, thus you can see how dangerous a keylogger can be.
Types of Keylogger

There are two types of Keyloggers:

1.Hardware keylogger
2.Software keylogger

Hardware keyloggers are rarely used now a days since you can monitor a Remote computer, Software keyloggers are the most widely used keyloggers as some of them support remote installaiton which means that you can monitor any computer anywhere in the World.


Can the victim detect it's presence once keylogger is installed in his/her computer?

Well it's really difficult for the victim to detect keylogger's presence as it runs in complete stealth mode, It hides it self from task manager, startup etc

Can I the victim trace you back?

Once the keylogger is installed, I think it's almost impossible for the victim to trace you back

How can I protect my self from keylogger?

A simple keylogger can be detected by even a lame antivirus, but sometimes the attacker can use methods like Crypting,Binding,Hexing etc, that make it harder for the Antivirus to detect the keylogger. So to counter that you should use a piece of software called sandboxie,Sandboxie runs the choosen computer program in an Isolated space so if the file you receive is a keylogger, You need no to worry because it won't affect your other programs, Firefox users can use the free version of keyscrambler which encrypts each and every keystrokes you type, so even if a keylogger is installed in your computer, You need not to worry as the attacker will receive the encrypted keystroke


Which Keylogger is the best?

With my experience of more than 4 years in the field of Ethical Hacking and security I suggest only two keyloggers which I think are best and have a comparatively low antivirus detection rate:

1.Sniperspy
2.Winspy


How do I find if a file is binded with a keylogger?

Keylogger can be binded with almost any file so how do you know if the file is binded?, You can use Bintext or Hex editor to find out, But Bintext and Hex editing method do not work effectively if the server is crypted so alternatively there is a great piece of software named asas "Resource hacker" that can tell you if the file is binded or not
© www.shubhamsahu.blogspot.com

How to hack windows cain passwords

Introduction:-
In Your Windows XP, 7, VISTA, NT or 2000 system there is a file which store your system password. this file is sam(system account manager) which store all your account information (i.e., user name, password and user setting) and because password can’t be saved as it is in a file because it can be hacked easily therefore Windows encrypt this password using a key(this key is stored in System file).
Both System and SAM file is stored at the same location i.e.,

C:\WINDOWS\system32\config

so to recover password we need both these file but because these file are locked so we can not use these file from window so we need other operating system to copy both these files let’s say linux(because we can see windows drive in linux so you can go to above location and copy both sam and system file). if you don’t have linux it’s fine windows store these file in other location also i.e.,

C:\WINDOWS\repair

which Windows does not use so we can copy both files from this directory(but these file are created at the time of disk repair so there are chances that you may not get new password, if you changed your password recently)

How to use “Cain & Abel” To Recover Windows XP Password?
Steps:-

1. Copy Both System & SAM file from any of the above location.
2. Download Cain & Abel from here and install it on your System.(antivirus might alert you, but don’t worry)
3. Now open Cain & Abel and go to “Cracker” tab
4. Now click “+” sign
   

   Now a dialog will appear as shown in the figure above browse to sam file in first field and copy past the hex key by browsing to system file

5. Now You will see a list of user of the system

6. Suppose among the user in the above list i wanted to recover password of “mac” user name then right click on mac> Brute Force Attack > LM Hashes. now you will see window
   

7. Now set your preference in the last window and click start the attack. after it successfully finished performing password recovery it will show you password.
   

Cracking Linux Password when Grub cannot be changed

However, if the Grub is password protected, then this method will not work. So in such cases, we can use the Linux Live CD to crack the Linux Password. Follow the below given steps to change the Linux Password, using the Linux Live CD.

1. Boot your computer from your Linux Live CD, choosing “Try Linux without any change to your computer” from the boot menu.
2. Once the system boots open up a new Terminal window and then type in the following command:
   sudo fdisk –l
3. This command is used to tell what device name the hard drive is using, which in most cases should be /dev/sda1, but could be different on your system.
4. Now you’ll need to create a directory to mount the hard drive on. Since we’re actually booting off the live cd, the directory doesn’t really get created anywhere.
   sudo mkdir /media/sda1
5. The next command will mount the hard drive in the /media/sda1 folder.
   sudo mount /dev/sda1 /media/sda1
6. Now it’s time for the command that actually does the magic:
   chroot.

   This command is used to open up a shell with a different root directory than the current shell is using, and we’ll pass in the folder where we mounted the hard drive.
   sudo chroot /media/sda1

7. Now you should be able to use the passwd command to change your user account’s password, and it will be applied to the hard drive since we are using chroot.
   passwd
8. Now you should be able to reboot your system and log yourself in with your new password.

Hope you find this post useful, as many students have asked about cracking Linux Password.
More posts would be coming in the future about Linux.

© www.shubhamsahu.blogspot.com