nV News Forums


nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Networking And Security (http://www.nvnews.net/vbulletin/forumdisplay.php?f=58)
-   -   Any Ethical Hackers? (http://www.nvnews.net/vbulletin/showthread.php?t=148052)

six_storm 02-19-10 02:43 PM

Any Ethical Hackers?
This may be a "no-no" topic but I don't think it would be too bad if everyone kept it at a safe level of discussion. MODS - Close if you see the need.

Something that has really intrigued me lately has been the whole topic of "hacking"; how it's done and what we can do to prevent it. One thing we don't do at my place of work is any major security pen tests or anything other than "get a firewall, get some crazy passwords, get encrypted". So I thought I would dive into the subject, do a little digging around myself and see what happens.

I started messing around with the Linux distro "BackTrack" and checking out some of the tools with it. I tried to crack my own WPA-secured WAP and my buddy's WEP old POS WAP. I have been unlucky but it's mainly to do with some of the tools I lack (dictionary files).

Next, I started doing some reading online and finding just some methods that are being used today. I've also been messing around with a few other apps too.

I am just floored at some of the methods that "hackers" are using today and just the shear stupidity of the average user falling for these methods lol.

Anybody else study stuff like this? For fun or for just your own personal knowledge?

DiscipleDOC 02-19-10 03:07 PM

Re: Any Ethical Hackers?
IMHO hacking to me is gaining entry into something that is unauthorized by a company or a person. With that said, I can not see anything ethical about hacking. The key word here is "unauthorized". Me as an administrator, I am authorized to other users' workstations for security purposes, but I am not authorize to pry into my boss' computer--unless I have prior approval from his boss.

I don't know...the more I think about it, the more I think that hacking is something that admins should be aware of (for security purposes), but still be able to discipline themselves not to abuse their skills.

Q 02-19-10 03:19 PM

Re: Any Ethical Hackers?
There is FAR more social engineering today than actual hacking. This isn't the 80s.

Backtrack is a tool than every network admin should have. Penetration tests, actually following best practices, and constant monitoring and vigilance will get you as safe as you can be on a network. Make friends with your local university's computer science department. You'll find a load of students who love looking for this stuff. They've helped plug holes where I work.

snowmanwithahat 02-19-10 03:30 PM

Re: Any Ethical Hackers?
DD, I think you're looking at the term "ethical hacker" in the wrong light.... or rather "hacker" shouldn't be used here.

I do alot of work with CUDA (pyrit) and WPA cracking. I do this with packet captures that I've taken from my roomate's router that I know the PSK to. I've been doing this to learn more about what makes a strong password strong. Given the computational time of WPA cracking it's impossible to brute-force, so this has led me in the search of the "ultimate wordlist"... why? I'm not out to hack the world... simply to find out if my efforts to secure my data is enough to deter someone who has less than a few years to try and hack my network.

Given that description I'd say I'm an ethical hacker. Or you could look at professional peneration testers. That certainly is a more accurate description of an ethical hacker. For those of you that aren't aware profession penetration testers are people who may have hacking experience, but certainly have knowledge of vulnerabilities and a deep understanding of threats. They're hired by companies usually to probe the network under an agreement that all information and vulnerabilities will be used for strenghtening security of the network.

So, broaden your definition of hacker from implying malicious activity to someone who simply knows vulnerabilities and common weaknesses of any type of network or password scheme.

Again... I know alot about wiping passwords from SAM files. This is really useful information when my Aunt died and we had to get on to her computer to recover financial information... instead of paying lots of money for someone to "hack" her system all I had to do was load up a USB key with linux on it and go to work.

So going back to Six_storm's original intent... yes, ethical hackers definetly exist but it can be more or less viewed as research only, or as a penetration tester.

I'll have a follow-up post coming about some of the things I know... I've been building a pretty strong dictionary file for use with wpa cracking but it can be applied to any arena of password cracking, such as NTLM hash cracking

Also.... for those interested, this is actually a really good place for a thread like this since alot of the buzz in the hacking industry lately has been revolving around CUDA acceleration of things that would normally take 20x longer. For example with Pyrit I saw a 15x performance increase, so something that could take a month, now would only take 2 days (realistic time frame too....) There's also a really cool program called CUDA-multiforcer which is great for cracking NTLM, MD5, and MD4 passwords


I am just floored at some of the methods that "hackers" are using today and just the shear stupidity of the average user falling for these methods lol.
That's because alot of the vulnerabilities in the world rely on the human factor. If WPA passwords were all 63 characters long and used a full mix of upper, lower, special characters, and numbers, we'd never figure them out. But with a high degree of certainty you can build an intelligent wordlist... I'll have more info coming on that later

six_storm 02-19-10 03:44 PM

Re: Any Ethical Hackers?
Doc - All of this is for learning purposes. As a network admin myself, I want to make sure that my networks are as secure as they can possibly be. "Know thy enemy"? ;)

snowman - Glad to know that someone else is going down the same path.

I was just hoping that I could make this thread and we could discuss this topic like adults. Hopefully the kids won't come in and track mud in. ;)

snowmanwithahat 02-19-10 03:56 PM

Re: Any Ethical Hackers?
If you're looking to develop an intelligent wordlist I'd recommend first finding your target password... for example windows passwords can be short, but WPA passwords have a min length of 8 characters.... so such a thing as a universal wordlist doesn't exist... but given that knowledge we can optimize wordlists for specific applications

Before I dive into this lets make a quick distinction. A wordlist is a list of words used as passwords... a dictionary file used in this context is just a list of words... so a wordlist might be



a dictionary file would just be


etc... Unmodified words

Lets take a look at WPA. As i have mentioned there is a minimum length of 8 characters. To build a pretty intelligent wordlist it wouldn't be too hard to take dictionary files (just words) and split it off into 2 lists.

"BigDic.txt" gets split into

"<8Dic.txt" and ">8Dic.txt"

Lets assume there's a 4th file called "existingwordlist.txt"

So to get a pretty intelligent 5th file "finalwordlist.txt" you'd want to take the dictionary file with less than 8 characters, and add combinations of numbers to flesh it out to 8 characters long. For example, you're password is "cows".... well say you setup your new fancy router and you need a password you'll remember... but "cows" won't fit. So you decide to add your address to it.... it now becomes "cows1234". That's realistically what alot of people with already weak passwords do when setting up devices / accounts that require more security or longer passwords than they previously used.

So if you build the list of "<8Dic.txt" into a useful combination of possible passwords you will have a pretty accurate list of weak, but improved to WPA standard passwords that wouldn't be unrealistic.

You'd then combine the "<8Dic.txt" ">8Dic.txt", "existingwordlist.txt" into a new wordlist....

As I outlined in the post above mine... I've been trying to crack my roomate's password without explicitely putting it in there... I'm still working on some type of algorithm that would generate his password in a realistica way without me plugging it into the wordlist... but it's helped expose alot of habits that people have.

Things to keep in mind when building a wordlist

Existing weak passwords + numbers //very common
words + dates //columbus1492 or something of the sort
memorable names //things such as Ganondorf or other video game or book related names are pretty strong... but possible
keys physically related //123456, or qwerty for example... you know some of your friends or atleast your parents are using weak ones like that

I'll leave it at that, but alot of it comes down social engineering. Good wordlists take care of that for you and then to build a really intelligent wordlist I'd suggest taking things relevant to your area (state, town) and building on top of it.

There really is an art to it, but it's a really exciting area to do research in.

Also... for those of you wondering about bruteforcing, atleast in the case of WPA, it's not possible.

lets look at the min character length password for example.

96 possible characters (upper, lower, special, numeric, space)
8 character length

that's 96^8 combinations.... or 7213895789838336 possibilities

Now assume my system.... it pushes through WPA passphrases at about 16,000 keys/sec... that means it'd only take 450868486864.896 seconds.... or 14,296.95 years.... So for the avergae user bruteforcing isn't an option, and picking a password that you wouldn't commonly find in a dictionary or intelligent wordlist is a huge help in securing your data.

Contrary to that.... it'd take roughly 2 hours with my system and have ~35% success rate to use a wordlist on a majority of passwords.... be smart with your data people, know what you're up against. A week password makes a hackers job a joke

six_storm 02-20-10 10:34 PM

Re: Any Ethical Hackers?
I did a little testing today with some "free" custom made keyloggers. I have a test Windows XP Pro VM that I used as the "victim" and wow, you gotta be pretty good to get these things working right.

In order for a lot of keyloggers to work right or even run, the victim workstation has to have the .Net Framework 2.x or higher installed and Windows Firewall completely disabled. Most of the "free" ones I found were created in VB so go figure. Most keyloggers will either email you results every xx Minutes or they will send them via FTP. Finally, most AV products will not detect any infections or disturbances. Very odd. :(

Why did I give you guys my results? TO LEARN FROM IT. If you see any unsolicited FTP traffic going out of your network, you'd better see what the heck's going on. I haven't really figured out a way to disable the email portion of the keylogger yet.

If you think you are getting hacked or your accounts are getting hijacked, then change your passwords immediately.

I've got a couple more security things all of you guys should be doing but I will post them later. Hope you guys are finding this stuff informative.

snowmanwithahat 02-21-10 11:10 AM

Re: Any Ethical Hackers?
Keyloggers are something I haven't messed with, although I have had to remove some before. In the past I seriously got frustrated to the point of having to reinstall on the infected system (it was a very mucked up system that my neighbors had).

Something that I've been investigating lately is SSL / HTTPS decryption MiM attacks. It's frighteningly easy to do and really shows the dangers of being on an unencrypted network... greatly reinforcing my first post of having a strong WPA password.

Six if you want some details on how to setup a situation like this PM me. But there's also guides plastered all over the BT4 forums so if you're in as deep as I am there you may have already seen it.

Overall from the 2-3 months I've spend messing with this stuff in my free time I've really learned the steps that need to be taken to secure a system from hacking.

strong WPA passwords are a must.... WEP is a joke
Windows passwords need to be strong... however they aren't enough
BIOS passwords are needed to protect against someone booting with a flash / cd drive and bypassing your windows password
unencrypted networks cannot be trusted. It'd be far too easy for someone to go to your local Starbucks and setup a MiM attack against anyone on that wireless network and you wouldn't have the slightest idea.

I was thinking of talking to my advisor at school to see if any of the classes offer anything on GPGPU programming... I'm sure its all too new to really be out there but that would be an amazing thing to get into. These CUDA accelerated applications are making tremendous strides in cracking encryption schemes we assumed were secure.

The coolest things about it is that most see GPUs just as another core... so SLI is a null point and since all the programming you're doing is highly parallelized you don't need to really worry about how it scales because it should scale very well.

There's a guy I've been talking to who's running a quad-GTX 295 server for cracking WPA passphrases. He's saying it's pushing 80,000 keys a second... Very impressive and realistic considering my GTX 285 which is extremely overclocked is putting ou 15,000 keys a second.

Here's a shot of his rig


Very impressive.... It's kind of a waste to some of us since only 2 could be used in an SLI configuration. But he's seeing almost 100% scaling per core. ~10,000 per core. It's amazing what CUDA is doing in this area.

snowmanwithahat 02-21-10 11:49 AM

Re: Any Ethical Hackers?
For those of you interested in the performance increase that CUDA is able to provide, I ran some benchmarks to demonstrate. This is with my system at the speeds in my sig.... 3.4ghz on the cpu and (725 / 2800) on my gpu/mem


root@bt:~# pyrit benchmark
Pyrit 0.2.5-dev (C) 2008, 2009 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3

Connecting to storage... connected

Running benchmark for about 1 seconds... -

Computed 17175.52 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 285'': 15069.5 PMKs/s (Occ. 99.6%; RTT 2.6)
#2: 'CPU-Core (SSE2)': 671.3 PMKs/s (Occ. 98.1%; RTT 3.2)
#3: 'CPU-Core (SSE2)': 770.2 PMKs/s (Occ. 99.0%; RTT 2.8)
#4: 'CPU-Core (SSE2)': 753.0 PMKs/s (Occ. 98.5%; RTT 3.2)

For those of you wondering too why there's only 3 cpu cores listed. This program will dedicate a cpu core per gpu installed to 'feed' it. A reasonable trade-off I'd say.

So as you can see, it's well over a 15x improvement per gpu vs cpu core. The scaling with CUDA is amazing and really over-looked by most graphics enthusiasts... granted I do agree, video performance should come first but the other uses for these cards are amazing.

It'd be pretty reasonable to assume that GPGPU computing would find its way into drive encryption, and compression programs (winzip, winrar, etc...) I would really love to see CUDA take off into more arenas than it currently occupies

six_storm 02-23-10 08:12 AM

Re: Any Ethical Hackers?
I find the CUDA stuff interesting, nice to know that stuff snowman.

One thing I've discovered and have tested in my virtual environment are programs called "RATs" or Remote Access Tools. The concept is that you download a program, the program will build a client .exe for you. You find a "way" to deploy that to people's PCs via torrents, YouTube, etc. Once that client is installed and running on the victim's PC, you have FULL access to their computer, including the ability to change the registry on the fly, view their webcam and even their screen at your will without them even knowing. Now that is scary.

So what makes anti-virus apps not pick this stuff up? When the client is created, it is usually encrypted by a high level method of encryption, thus it can't be detected by AV.

One other thing that I've found that's scary is recruiting of clans, or at least the clans who have harmful intentions. Some clans just want to have fun and some others just want to steal your info for $$$.

After doing all this research, I definitely don't wanna be hacked EVER. But if I am one day, I'd like to know how it happened and how to strike back. Anyone who hacks me needs to be hurt twice as much, technologically speaking of course. :D

snowmanwithahat 03-25-10 10:12 PM

Re: Any Ethical Hackers?
Small update on the CUDA stuff....

I just got a 9800 GTX as a secondary physx card... I have to say im' very impressed with the pyrit results so far. I went from

~17,000 Keys/second

up to

~24,000 Keys/second

Apparently the fact that it forces it to 8x lanes each doesn't have a huge impact on performance.

Such a great investment for $30

General Lee 04-01-10 09:53 AM

Re: Any Ethical Hackers?
I don't know anything about this subject. I was never here, y'all got that?!?! :bleh:

All times are GMT -5. The time now is 12:06 PM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.