Bitcoin
Bitcoin is a latest currency that was created by an anonymous person using the alias Satoshi Nakamoto in 2009. Transactions are made with no central men, it means not using banks. There are no transaction fees and no need to give your actual name. More merchants are beginning to allow them. You can buy webhosting services.
Why use Bitcoins?
Bitcoins can be used to buy goods anonymously. In addition, because of bitcoins are not tied to any country or subject to regulation international payments are easy and cheap. There are no credit card fees so small businesses may like them because. Some people just buy bitcoins as an investment, hoping that they’ll go up in value.
Buying Bitcoins
Buy on an Exchange
Some marketplaces called “bitcoin exchanges” agree to people to buy or sell bitcoins using different currencies. Mt. Gox is the largest bitcoin exchange.
Transfers
People can send bitcoins to each other using mobile apps or their computers. It’s similar to sending cash digitally.
Mining
People try to win to “mine” bitcoins using computers to solve difficult math puzzles. This is how bitcoins are created. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes.
How own Bitcoins
Bitcoins are stored in a “digital wallet,” which exists either in the cloud or on a user’s computer. The wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money. Unlike bank accounts, bitcoin wallets are not insured by the FDIC.
Secrecy
Though each bitcoin transaction is recorded in a public log, names of buyers and sellers are never revealed – only their wallet IDs. While that keeps bitcoin users’ transactions private, it also lets them buy or sell anything without easily tracing it back to them. That’s why it has become the currency of choice for people online buying drugs or other illicit activities.
Future in question
No one knows what will become of bitcoin. It is mostly unregulated, but that could change. Governments are concerned about taxation and their lack of control over the currency.
Tuesday, October 24, 2017
Monday, October 23, 2017
AES $ DES
Different between DES and AES
DES (Data Encryption Standard) and AES (Advanced Encryption Standard) both are the symmetric block cipher. AES was introduced to overcome the drawback of DES. DES has a smaller key size which makes it less secure to overcome this triple DES was introduced but it turns out to be slower. Hence, later AES was introduced by the National Institute of Standard and Technology. The basic difference between DES and AES is that in DES plaintext block is divided into two halves before the main algorithm starts whereas, in AES the entire block is processed to obtain the ciphertext.
DES (Data Encryption Standard) - This is a symmetric key block cipher that was adopted by National Institute of Standard and Technology in the year 1977. DES is based on the Feistel structure where the plaintext is divided into two halves. DES takes input as 64-bit plain text and 56-bit key to produce 64-bit Ciphertext.
AES (Advanced Encryption Standard) - This is also a symmetric key block cipher. AES was published in 2001 by the National Institute of Standards and Technology. AES was introduced to replace DES as DES uses very small cipher key and the algorithm was quite slower.
DES (Data Encryption Standard) and AES (Advanced Encryption Standard) both are the symmetric block cipher. AES was introduced to overcome the drawback of DES. DES has a smaller key size which makes it less secure to overcome this triple DES was introduced but it turns out to be slower. Hence, later AES was introduced by the National Institute of Standard and Technology. The basic difference between DES and AES is that in DES plaintext block is divided into two halves before the main algorithm starts whereas, in AES the entire block is processed to obtain the ciphertext.
DES (Data Encryption Standard) - This is a symmetric key block cipher that was adopted by National Institute of Standard and Technology in the year 1977. DES is based on the Feistel structure where the plaintext is divided into two halves. DES takes input as 64-bit plain text and 56-bit key to produce 64-bit Ciphertext.
AES (Advanced Encryption Standard) - This is also a symmetric key block cipher. AES was published in 2001 by the National Institute of Standards and Technology. AES was introduced to replace DES as DES uses very small cipher key and the algorithm was quite slower.
- In DES Plaintext is of 64 bits and in AES Plaintext can be of 128,192, or 256 bits.
- DES in comparison to AES has smaller key size. AES has larger key size as compared to DES.
- In DES the data block is divided into two halves. In AES the entire data block is processed as a single matrix.
- DES work on Feistel Cipher structure.AES works on Substitution and Permutation Principle.
- DES has a smaller key which is less secure. AES has large secret key comparatively hence, more secure.
- DES is comparatively slower. AES is faster.
Crack a Password protected ZIP file using KALI LINUX
First take the ZIP file which was protected by a password to the KALI environment.
Then, type following commands..,
in above photo "zipcracker" is the folder which includes the ZIP file which I want to crack and a text file which includes huge number of different words. Actually we are going to do a Dictionary Attack to find the Password.
"crack.zip" is the file which I want to crack. And dictionary.text is the word list..
Now you have the password... :)
Then, type following commands..,
in above photo "zipcracker" is the folder which includes the ZIP file which I want to crack and a text file which includes huge number of different words. Actually we are going to do a Dictionary Attack to find the Password.
"crack.zip" is the file which I want to crack. And dictionary.text is the word list..
Now you have the password... :)
How to mount a Pen Drive to a Virtual Box using commands
- First run the ISO image which you want to install the pen drive, using Virtual Box.
- Then plug the Pen Drive to you Personal Computer.
- In that Window, go to the "Devices" tab then go to the "USB" tab and then select your Pen Drive from the list.
Then, in the Terminal type following commands as it is..
In here, "sdd1" is my pen drives name. It is changing every time you are trying to mount your pen.
then make a directory inside "media" directory call "usbstick"
then type following command..,
*Make sure that your pen format is "FAT32"
Now you pen driver has been mounted.. :)
Monday, October 2, 2017
How To Recover Lost Ubuntu Password
Lets see step by step how to hack Ubuntu password.
Step 1:
Switch the computer on. Go to Grub menu. Generally it
appears automatically, if not then hold down the shift key until the boot menu
appears. In the grub menu, choose for the “recovery mode” option.
It will bring you a black screen with several lines of
output being displayed in a flash. Wait for few seconds here.
Step 2:
Now you will be present with different options of recovery
mode. Here you need to choose “Root Drop into root shell prompt“. Like in the
picture below:
Step 3:
Here, you will be presented with root access (why? Is this
not a security fault?) without prompting any password. Use the following
command to list all the users available:
ls /home
From the previous command choose the “username” for which
you want to reset or (say) hack the password. Now, use the following command to
reset the password for the selected “username“:
passwd username
It prompts for new password. Enter the new password twice:
Enter new UNIX
password:
Retype new UNIX
password:
VoilĂ ! There you go. You have just cracked it and now you
can easily enter into the system.
Possible Troubleshoot:
While entering the new password you might be prompt with
Authentication manipulation error like this:
passwd username
Enter new UNIX
password:
Retype new UNIX
password:
passwd:
Authentication token manipulation error
passwd: password
unchanged
The reason for this error is that file system is mounted
with read access only. Change the access and remount the file system in the
following manner:
mount -rw -o remount
/
Now try to reset the password again. It should work now.
Sunday, October 1, 2017
Hack a web cam using KALI LINUX
this guide will continue to display the abilities of
Metasploit's powerful Meterpreter by hacking into the victim's webcam. This
will allow us to control the webcam remotely, capturing snapshots from it.
Why exactly would you want to hack into somebody's webcam?
Maybe you suspect your significant other of having a fling. Or, maybe you're
into blackmailing. Or, maybe you're just a creep. But the real purpose is to
show just how easy it is, so you're aware that it can be done—and so you can
protect yourself against it.
Unlike just installing a command shell on the victim
computer, the Meterpreter has the power to do numerous and nearly unlimited
things on the target's computer. The key is to get the Meterpreter installed on
their system first.
I've shown how to do this in some of my previous articles,
where you could get the victim to click on a link to our malicious website,
send a malicious Microsoft Office document or Adobe Acrobat file, and more.
So, now let's fire up Metasploit and install Meterpreter on
the victim's system. Once we have done that, we can then begin to view and
capture images from their webcam.
Step 1 -> List the Victim's Webcams
Metasploit's Meterpreter has a built-in module for
controlling the remote system's webcam. The first thing we need to do is to
check if there is a web cam, and if there is, get its name. We can do that by
typing:
meterpreter >
webcam_list
If he/she has a webcam, the system will come back with a
list of all the webcams.
Step 2 -> Snap
Pictures from the Victim's Webcam
Now that we know he/she has a webcam, we can take a snapshot
from the webcam by typing:
meterpreter > webcam_snap
The system will now save a snapshot from her webcam onto our
system in the directory /opt/framework3/msf3, which we can open and see what's
going on.
Image by Daquella manera/Flickr
The quality of the image saved all depends on your victim's
webcam and surroundings.
Step 3 -> Watch
Streaming Video from the Victim's Webcam
Now that we know how to capture a single snapshot from the
victim's webcam, we will now want to run the webcam so that we can watch a
continuous video stream. We can do this by typing;
meterpreter > run webcam -p /var/www
This command starts his/her webcam and sends its streaming
output to /var/www/webcam.htm.
How to Protect
Yourself from Webcam Intrusion
So, what can you do to make sure no one is peeking in on
your habits in front of the computer? The easiest solution—cover your webcam
up. Some laptops with built-in webcams actually have a slide cover you can use.
If that's not the case, a piece of non-translucent tape
should to the trick, unless you want to buy one of these or these things. And
if you still have one of those old-school USB webcams, simply unplug it.
Recover your files using "Autopsy"
Extracting files, and or recovery of critical forensic
information is key within the process of computer forensics. Out in the wild
there are a plethora of tools that a forensic examiner may choose to utilize in
order to do so. Although this does not directly relate to recovery of files
from a forensic stand point, it can also be utilized for users who have lost
data and want to try their hand at recovery of information. The focus of this
document will be around Autopsy and how to use the free tool in order to
recover said files.
Before we start, we need to download a few files. Of course
these files are free and they do enable you to obtain some of the basic bits of
information that you will need in order to obtain files from a forensic image.
Please be aware that we are also mounting the images with other software to
provide to you that the files that were deleted are still on the disk we are
performing our analysis on.
Should you wish to follow the process from start to finish
as we are providing, you may want to download the tools located herein:
PassMark OSFMount, this is utilized to mount the img files we've obtained
within this document: Obtain Disk Image With Linux. And, of course a copy of
either Autopsy and lastly lets not forget ProDiscover. Although for this
example I am using Autopsy, I will also do a write up of the documentation with
the usage of ProDiscover which you can Find Here.
with that said Once you've downloaded your tools, and
Obtaining Disk Image With Linux has been completed, the next stop is to mount
the drives and analyze them. The first thing you should do is load it within
your choice of forensic software. For this example we will be utilizing
Autopsy, other documents will focus on recovering files with ProDiscover.
Loading up Autopsy
The first thing we will do is create a new case. For this
demonstration we will select the following options that are seen below:
Once you select this option fill out some basic information
regarding your "Case" (as it is expected). The following set of
images will guide you through this process.
(Autopsy Start Segment)
Once the introduction segments have been filled out, the
next step we have is to select what information we will be loading. There are a
few things that you should be aware of when you are performing a forensics.
First is if you are doing this from an image (which we are) or other type of
disk. In our case we have selected the "Image File" and then we will
be opening the said image file. Ideally because we are EDT, we will be
selecting that to reflect the timezone of the drive image. Also, because of
time issues with GMT and windows, we will cover this in another paper in time
to come. Below will demonstrate the settings that we've used to load and mount
the disk.
(Selecting a disk image to analyze)
From this point we will then need to select the sources and
information that we will be looking for. Once we've obtained this we can then
start selecting other options and looking into the status of the case, or to
recover files.
(Selecting options and settings to utilize for the forensics)
After this point is reached, you can click on the
"finish button" and let the software load the information that you've
selected. You will notice a progress bar on the bottom right of the screen. Let
this load and when it is finished you can begin to analyze the hard disk.
(The loading bar for the images selected)
Mounting & Viewing Drives
At this point once the information has been loaded, we can
then progress to viewing the application itself and what it has to offer. For
the simplicity of the documents we are also viewing the files outside of the
forensic application first. This has been implemented to give you an ideology
into which files will be there forensically and what appears to only the eye.
Just in case you did not review the information in the beginning of this
document you will need the following program: PassMark OSFMount if you want to
play along with us. Note that this program will also mount the drive as
read-only. You cannot interact with the files outside of opening, and reviewing
their information. Saving, and deleting or even modifying the files is not
possible in this view.
To mount the files, install and start the software. Please
note to run this application you will also need administrative privileges in
order to mount the disk. The following screen shot is an example of how to
mount the image file.
(Default load screen for OSFmount)
From these options, and within this view you will select
"Mount New." Once the mount new has been selected Follow the example
in the image blow.
(Steps to mount an image file)
Once you've selected your image and clicked on
"OK" The drive will show up in your explorer on the left side. You
can see this in the following image below:
(Forensic Image as a Disk)
As we can see from the image above, the disk image has been
mounted as a read-only drive and we can interact with it.
(Combining both views from explorer and Autopsy)
From the above image we see that the images on the left side
of the view are from within Autopsy, while the standard view is from windows
explorer. We can clearly see that there are files missing. What is up with
that? Well, the files that are marked with red x's are actually files that have
been deleted. The deleted files are marked as free-space and are waiting to be
over-written. Within the standard view from windows explorer we see that there
are no files listed with the names to the far left. Why? Again, they've been
deleted. So, things aren't what they appear to be.
Autopsy View
The Autopsy application is split and is not that difficult
in order to follow. The view below demonstrates what the software looks like,
and where you may find the drive that you've attached. Once you've selected the
+ on the drive to expand on the files / folders within it's root, the center window
will display the files, folders and other information that was, or currently is
still on the drive. You must select your drive (top left) that is circled in
red. Once this is selected you can begin to scrutinize the disk and it's
contents.
(Autopsy software and it's main window)
Extracting Deleted Files
Forensic examiners (as well as people looking to retrieve
their deleted files) will normally attempt to recover deleted files from a
forensic archive in order to determine what is within the files they are
recovering. And, also to determine if they are in fact evidence which may help
/ impact a case. In order to recover files within Autopsy, select a file with a
Red-x and then right-click the file. In this case, we will extract the folder
"admenot" and "mainbanner.png"
Considering some of the files may not yield anything other
than displaying that a file was once on that disk, you may also be able to
extract directories that were deleted with their entire contents. Considering
this is a very limited example, it does serve the purpose of how an examiner
would go about to extract deleted information. One thing to point out though is
that not all files will contain the same names! If this is part of a forensic
investigation looking at all values / files / folders with their given and
sometimes cryptic names may yield some information for you.
Secure you Password..!
How to secure your passwords?
Why the “Password” is a must require in a site? Because we have to protect it from unauthorized access. Simply, we should protect our profile or site from outsiders. Some of you know the reason but most of you guys are keeping your passwords safe because you see other people do it or just because of the meaning of the word "password”. Most people don’t know how to protect their passwords. After reading this blog you guys will sure get some idea about it.
There are too many ways to do this but some of them are not that much accurate.
1. Two factor authentication/ Two way authentication
This is the best way to secure passwords. Two factor authentication means instead of using one means of authentication (static/dynamic) user use two means of authentication (static & static/ dynamic & dynamic / static & dynamic ).
What are these static and dynamic means of authentication?
Static - Something that user knows or user possesses. eg:- ID card, Passcode
Dynamic - Something that user does or user is. eg:- Hand movements, Voice recognition, IRIS scanning
Advantage of having Two factor authentication is that even though an attacker knows the password for a particular account he will not get the access to it. In order to get that he has to find out the other factor also. Facebook, Gmail and other social media and services provide Two factor authentication.
2. Combination of lower case, upper case, alpha numerical characters
Passwords are vulnerable to brute force attacks. Therefore if you only use upper case or lower case letters it will be easy for an attacker to break your password.
3. Having a password which contains at least 8 characters
When the password length increases according to that number of combinations also get increase. If the number of combinations are huge process of breaking the password will take huge amount of time. Sometimes it will be not possible for the attacker because the process requires a lot of processing power.
4. Always avoid using solitary words
Solitary means existing alone. That means do not use words that exists in any language.
5. Do not use names of people, places, things, and characters
6. Do not write down passwords
Since people do not like to memorize passwords they tend to write them down on papers. Sometimes they write down credentials on a sticky note and paste it on the monitor at the work place. If that is the case why they have a password to log in? Anyone can use anyone's device or an account.
7. Always log out from devices or accounts once you are done. Otherwise workstation hijacking can occur.
Why the “Password” is a must require in a site? Because we have to protect it from unauthorized access. Simply, we should protect our profile or site from outsiders. Some of you know the reason but most of you guys are keeping your passwords safe because you see other people do it or just because of the meaning of the word "password”. Most people don’t know how to protect their passwords. After reading this blog you guys will sure get some idea about it.
There are too many ways to do this but some of them are not that much accurate.
1. Two factor authentication/ Two way authentication
This is the best way to secure passwords. Two factor authentication means instead of using one means of authentication (static/dynamic) user use two means of authentication (static & static/ dynamic & dynamic / static & dynamic ).
What are these static and dynamic means of authentication?
Static - Something that user knows or user possesses. eg:- ID card, Passcode
Dynamic - Something that user does or user is. eg:- Hand movements, Voice recognition, IRIS scanning
Advantage of having Two factor authentication is that even though an attacker knows the password for a particular account he will not get the access to it. In order to get that he has to find out the other factor also. Facebook, Gmail and other social media and services provide Two factor authentication.
2. Combination of lower case, upper case, alpha numerical characters
Passwords are vulnerable to brute force attacks. Therefore if you only use upper case or lower case letters it will be easy for an attacker to break your password.
3. Having a password which contains at least 8 characters
When the password length increases according to that number of combinations also get increase. If the number of combinations are huge process of breaking the password will take huge amount of time. Sometimes it will be not possible for the attacker because the process requires a lot of processing power.
4. Always avoid using solitary words
Solitary means existing alone. That means do not use words that exists in any language.
5. Do not use names of people, places, things, and characters
6. Do not write down passwords
Since people do not like to memorize passwords they tend to write them down on papers. Sometimes they write down credentials on a sticky note and paste it on the monitor at the work place. If that is the case why they have a password to log in? Anyone can use anyone's device or an account.
7. Always log out from devices or accounts once you are done. Otherwise workstation hijacking can occur.
Subscribe to:
Posts (Atom)