Archive for the ‘Hacking’ Category

You’ve probably heard that a strong password is really important to keep your accounts safe. You’ve also probably heard that people are still not creating good passwords. But even if you are—or at least you think you are—hackers are smart and they’ve figured out ingenious ways to crack what you think is a secure password.

Here’s how they do it:

Dashlane, a password manager tool, took a look at 61 million passwords from data breaches. These passwords were available to hackers, of course, but also to the public and even security researchers. To the surprise of precisely nobody, the biggest takeaway was that people’s passwords were far from original, and most of them were actually the same.

The most popular passwords were “Ferrari,” “iloveyou,” “starwars,” and of course “password1234.”

If you’re a hacker, let’s be honest, these aren’t hard to guess. And, in fact, there are tools out there that will help make life even easier.

“John the Ripper”

One of the most common tools is “John the Ripper.” This tool uses what’s known as a “dictionary attack,” where it takes a list of dictionary words and uses them to crack passwords. The tool can try millions of words in a short space of time, and it can do sneaky things like replacing an “a” with an “@” or an “e” with “3.”

In short, if your password contains a real word of any kind, even an inexperienced hacker can use a tool to figure it out in seconds.

Password walking

One other thing Dashlane noticed was that many people thought they were being creative by using a tactic called “password walking.” Basically, this is when you “walk” your fingers across the keyboard, hitting keys that are adjacent. This creates a password that looks unique and random, like “zxcvbn,” “1q2w3e4r,” or ‘poiuytr.”

While you might think a password such as this is secure, hackers know people use these tricks and can plug in any number of variations into their tools and test them out. Once again, in a matter of moments, a hacker will figure out your password.

Password formula

Some may think that a password formula based on the name of the particular website you are using is a smart idea. But, again, it’s hard to trick a hacker. This is especially true if a hacker figures out your “base password” (the part of your password that you use over and over again…another common tactic). They’ll then use that and try different variations, or other common combinations, to piece the puzzle together.

Let’s imagine, for instance, that you use the password “Porsche3$5^” for Twitter and “Porsche4%6&” for Facebook. All you did was change the second half and then went “password walking.” This is child’s play for hackers.

“How to hack passwords,” from a hacker himself

Here’s what goes on in the mind of a hacker, according to a person who has hacked thousands of accounts and documented his tactics on Lifehacker.

Follow his logic in this section taken from his article:

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions  to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache.

From this, you can see how the mind of a hacker works. And also how sophisticated (yet kind of simple) it is for them to figure things out.

And what’s not mentioned in this segment is the part your social media channels play—you know, where you talk about your favourite dog “Chappy” or your kid’s birthdate. Odds are, you probably use these personal details in your passwords. So, a quick search on Facebook and a hacker can find a few good words and numbers to plug into their hacking tool and figure out some viable options.

The moral of the story is this: Stop trying to come up with clever passwords based on names, places, or things in your life. Instead, use a password manager which automatically will create random passwords for all of your accounts. For example, my password manager just generated “ppwjK!C$p8g^2B” which is ridiculously strong and is highly unlikely to be guessed. And the added benefit is a password manager will remember the passwords, so you don’t have to.

Also, make sure your password is long. Here’s an image that shows just how much easier it is for a hacker to crack a short password, and what a difference it makes using a variety of characters rather than just lowercase letters.

From that same Lifehacker article:

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

how to hack passwords

Though you cannot stop your important accounts from getting breached, which is up to the organizations and companies that own them, you can do something on your end to minimize the chance of your password being hacked.


We have all used sites such as but did you know there are some companies that offer bug bounties through their own website.

This list will help bug bounty hunters and security researchers to explore different bug bounty programs and responsible disclosure policies.

Company URL
The Atlantic
Rollbar Docs
Vulnerability Analysis
Ambassador Referral Software
NN Group
Octopus Deploy
Royal IHC
Fox-IT (ENG)
Gallagher Security
Freshworks Inc.
RIPE Network
Salesforce Trust
Duo Security
Oslo Børs
MWR InfoSecurity
Orion Health
Royal Bank of Scotland
Flood IO
 Zero Day Initiative
Cyber Safety
Port of Rotterdam
Georgia Institute of …
BitSight Technologies
Hacking as a Service
N.V. Nederlandse Gasunie
Palo Alto Networks

  1. wifite
    Link Project:
    Wifite is for Linux only.Wifite is an automated wireless attack tool.Wifite was designed for use with pentesting distributions of Linux, such as Kali LinuxPentooBackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.Wifite must be run as root. This is required by the suite of programs it uses. Running downloaded scripts as root is a bad idea. I recommend using the Kali Linux bootable Live CD, a bootable USB stick (for persistent), or a virtual machine. Note that Virtual Machines cannot directly access hardware so a wireless USB dongle would be required.Wifite assumes that you have a wireless card and the appropriate drivers that are patched for injection and promiscuous/monitor mode.
  2. wifiphisher
    Link Project:
    Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. It is a rogue Access Point framework that can be used to mount automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It can work a social engineering attack tool that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.Wifiphisher works on Kali Linux and is licensed under the GPL license.
  3. wifi-pumpkin
    Link Project:
    Very friendly graphic user interface, good handling, my favorite one is the establishment of phishing wifi attack tools, rich functional interface, ease of use is excellent. Compatibility is also very good. Researcher  is actively update them, we can continue to focus on this fun project
  4. fruitywifi
    Link Project:
    FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.
    Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system
  5. mama toolkit
    Link Project:
    A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.
    More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you’ve managed to get a victim to connect.
  6. 3vilTwinAttacker
    Link Project:
    Much like wifi-pumpkin interface. Has a good graphical interface, the overall experience is very good, good ease of use. Good compatibility. Researcher has hardly been updated.
  7. ghost-phisher
    Link Project:
    It has a good graphical interface, but almost no fault tolerance, many options easily confusing, but the overall feeling is still very good use. It can be a key to establish rogue ap, and protect dhcp, dns services interface, easy to launch a variety of middle attack, ease of use is good. Compatible good. Kali has been made official team updated original repo.
  8. fluxion
    Link Project:
    Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.

Happy Hunting

he windows passwords can be accessed in a number of different ways. The most common way would be via accessing the Security Accounts Manager (SAM) file and obtaining the system passwords in their hashed form with a number of different tools. Alternatively passwords can be read from memory which has the added benefit of recovering the passwords in plain text and avoiding the cracking requirement. In order to understand the formats you’ll see when dumping Windows system hashes a brief overview of the different storage formats is required.

Lan Manager (LM) Hashes
Originally windows passwords shorter than 15 characters were stored in the Lan Manager (LM) hash format. Some OSes such as Windows 2000, XP and Server 2003 continue to use these hashes unless disabled. Occasionally an OS like Vista may store the LM hash for backwards compatibility with other systems. Due to numerous reasons this hash is simply terrible. It includes several poor design decisions from Microsoft such as splitting the password into two blocks and allowing each to be cracked independently. Through the use of rainbow tables which will be explained later it’s trivial to crack a password stored in a LM hash regardless of complexity. This hash is then stored with the same password calculated in the NT hash format in the following format: ::::::

An example of a dumped NTLM hash with the LM ant NT component. Administrator:500:611D6F6E763B902934544489FCC9192B:B71ED1E7F2B60ED5A2EDD28379D45C91:::

NT Hashes
Newer Windows operating systems use the NT hash. In simple terms there is no significant weakness in this hash that sets it apart from any other cryptographic hash function. Cracking methods such as brute force, rainbow tables or word lists are required to recover the password if it’s only stored in the NT format.

An example of a dumped NTLM hash with only the NT component (as seen on newer systems.
Administrator:500:NO PASSWORD*********************:EC054D40119570A46634350291AF0F72:::

It’s worth noting the “no password” string is variable based on the tool. Others may present this information as padded zeros, or commonly you may see the string “AAD3B435B51404EEAAD3B435B51404EE” in place of no password. This signifies that the LM hash is empty and not stored.

The hashes are located in the Windows\System32\config directory using both the SAM and SYSTEM files. In addition it’s also located in the registry file HKEY_LOCAL_MACHINE\SAM which cannot be accessed during run time. Finally backup copies can be often found in Windows\Repair.

Tool – PwDump7 –
This tool can be executed on the system machine to recover the system hashes. Simply download the run the binary with at least administrator account privileges.

Tool – Windows Credential Editor –
Windows Credentials Editor (WCE) is great for dumping passwords that are in memory. Personally I typically use it with the -w flag to dump passwords in clear text. This can often net you passwords that are infeasible to get any other way.

Tool – Meterpreter
If you have a meterpreter shell on the system, often you can get the hashes by calling the hashdump command.

Method – Recovery Directory
Occasionally you may not have direct access to the file required, or perhaps even command line interaction with the victim. An example of this would be a local file inclusion attack on a web service. In those cases it’s recommended you try and recover the SYSTEM and SAM directories located in the Windows\Repair directory.

Method – Live CD
Sometimes you may have physical access to the computer but wish to dump the passwords for cracking later. Using a Live CD is a common method of being able to mount the Windows drive and recover the SYSTEM and SAM files from the System32/config directory since the OS isn’t preventing you access.


tv crime2ChaosVPN is a system to connect Hackers.

Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on an embedded hardware you will find in our today’s router. It should be designed that no one sees other peoples traffic. It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to actually do something when a node joins or leaves. If you want to find a solution for a Network without Single Point of failure, has – due to Voice over IP – low latency and that no one will see other peoples traffic you end up pretty quick with a full mesh based network.

Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

ChaosVPN connects hacker wherever they are. We connect road warriors with their notebook. Servers, even virtual ones in Datacenters, Hacker houses, and hackerspaces. To sum it up we connect networks – may be down to a small /32.

So there we are. It is working and it seems the usage increases, more nodes join in and more services pop up.


  • Installation dependency package

    If you get an “E: The package bison is not available for the candidate” error, please add them to your sources.list file
    deb stable chaosvpn
    deb-src stable chaosvpn
    apt-get update

  • Install
    apt-get install chaosvpn
    If the error cannot be installed
    vi /etc/apt/sources.list
    deb wheezy/updates main
    apt-get update
    apt-get install libssl1.0.0
    apt-get install chaosvpn


  • For tinc and chaosvpn docking operation
    mkdir -p /etc/tinc/chaos
    tincd –ne=chaosvpn –generate-keys=2048
    if you get “Error opening file `/etc/tinc/=chaosvpn/rsa_key.priv’: No such file or directory” error, then run a command:
    mkdir /etc/tinc/chaos/ecdsa_key.priv
  •  executed
    tincd –ne=chaosvpn –generate-keys=2048
  • run command
    vi /etc/tinc/chaosvpn.conf
    Change parameters
    $ my_vpn_ip = 172.31。。[1-255]
    Only use a-z, 0-9 and underline
    Ip address to be changed to 172.31.x.x
    Save the exit.
  • you have to join chaosVPN also must write a letter of introduction to indicate your motive, send mail to
  • If you join, in the terminal input chaosvpn, you can see some information.

    The contents of the letter of introduction are:

  • Start
    /etc/init.d/chaosvpn start
  • View the chaosvpn network port
    route -n


HP has an awful history of ‘accidentally’ leaving keyloggers onto its customers’ laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications.
tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings.

A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.

The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers.

Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger “by setting a registry value.”

Here’s the location of the registry key:

  • HKLM\Software\Synaptics\%ProductName%
  • HKLM\Software\Synaptics\%ProductName%\Default

The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually “a debug trace” which was left accidentally, but has now been removed.

A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners,” HP says in its advisory, calling the keylogger as a potential, local loss of confidentiality.

A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.

The company has released a Driver update for all the affected HP Notebook Models. If you own an HP laptop, you can look for updates for your model. The list of affected HP notebooks can be found at the HP Support website.

This is not the first time a keylogger has been detected in HP laptops. In May 2017, a built-in keylogger was found in an HP audio driver that was silently recording all of its users’ keystrokes and storing them in a human-readable file.


This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them.

Install dependencies

To start using vsaudit you must install the ‘bundler’ package that will be used to install the requireds gem dependencies through the Gemfile.

Download directly from website:

Or install with ‘gem’ (ruby package manager) with:

deftcode ~ $ gem install bundler

After that the installation has been completed, run (in the directory where is located vsaudit):

deftcode vsaudit $ bundle

Now you can start vsaudit with:

deftcode vsaudit $ ruby vsaudit.rb

NOTE: If you get an error with gem, you need to install the libssl-dev package (kali-linux: apt install libssl-dev).

Environment commands

  • Display the available options that can be set
  • List the environment variables
  • Get the value of environment variable
  • Set or change the environment variables

Audit commands

  • Check mistakes in the local configuration files
  • Scan a local o remote network
  • Enumerate the extensions
  • Bruteforce extensions
  • Get the live network traffic
  • Intercept the network traffic by custom bpf

Informations commands

  • Get informations about modules or address
  • Show the report list
  • Show the extensions list

Global commands

  • Display the help message
  • Quit from the framework