Posts

Posted on

How to crack SHA1, MD5 and Windows NTLM password hash using Rainbow tables in Linux

Rainbow tables is a form of attack method used to crack stored cryptographic hashes commonly used as passwords in various application.

It is similar to brute-force and dictionary attack that it will try to compare the resulting hash with the hash it attempts to crack, except in Rainbow tables, the possible matching hashes are all precomputed before hand, and it uses reduction function to double the lookup speeds at the expense of the storage space (time vs space trade off).

Project Rainbow-Crack offer downloadable binaries (free but not opensource) for GNU / Linux and Microsoft Windows operating system. The application package comes with several tools that can help in generating (rtgen), sorting (rtsort) and cracking (rcrack) sha1,md5 and NTLM hashes.

How to use rtgen, rtsort and rcrack ?
First before starting to crack sha1 hashes, we need to generate rainbow table with rtgen.
rtgen

rtgen sha1 loweralpha-numeric 1 8 0 5000 6553600 0

Usage:
rtgen <hash type> <loweralpha | loweralpha-numeric | numeric | mixalpha-numeric| alpha-numeric> <min length> <max length> <table_index> <chain_len> <chain_num> <part_index>

rtsort
Then we need to use rtsort to sort the rainbow tables generated by rtgen.

rtsort *.rt

rcrack
Finally run rcrack to crack the hashes

rcrack *.rt -l hash1.txt

or


rcrack *.rt -h af8978b1797b72acfff9595a5a2a373ec3d9106d

crack process

For more examples to generate and use rainbow tables, please refer to Project Rainbow-Table Example

Posted on

How to: Quick and Dirty Web Server Load Balancing with IPTables in Linux

Load balancing is a method to distribute workload across multiple computer over a network. The purpose of load balance in web server is to avoid one web server from being overwhelmed by requests which eventually leads the machine to come down to a crawling halt.

Assuming that you have 3 web server to assign the load to each with this IP Address:
10.20.20.1
10.20.20.2
10.20.20.3

You can drive the traffic to each of this on every third packet with this iptables rules:

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 10.20.20.1:80

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 10.20.20.2:80

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 10.20.20.3:80

This will ensure that every 3rd packet of the request will be properly distributed among the three servers to balance the load. Note that this is only useful in simple website which serves static content or for a download servers that serve large files over the internet (CD or DVD iso downloading)

Posted on

Crack zip file password with FCrackzip

Fcrackzip is a tool that can be used to crack zip files encrypted with ZipCrypto algorithm through dictionary-based and brute-force attack.

The brute force attack can be configured to use the combination of lower,upper, numerical characters or with other symbols or punctuation marks.

Example usage:

  • fcrackzip -u -v -l 1-6 -c a example.zip
  • fcrackzip -u -v -l 1-6 -c aA1 example.zip
  • fcrackzip -u -v -D -p wordlist-dict.txt example.zip (dictionary attack)

Switch Explanation:

  • -v : verbose output, display the progress of current crack, may slow the progress a little bit
  • -l : length of password to brute-force in this case (1 to 6 characters)
  • -c : character set to try (a – lower-alphabet, A-uppercase alphabet, 1-numeric, ! – include [!:$%&/()=?[]+*~#])
  • -u : verify the zip password in case of multiple possible matches

p/s: It is strongly suggested to use dictionary attack first before going down with brute-force as passwords longer than 6 characters may take (a long) time to crack. A collection of wordlist can be found at PacketStormSecurity website

Debian and Ubuntu users can get fcrackzip from the default apt-get repository.
Windows may download fcrackzip win32 binaries from Schmorp.de website

Recommended Reading

Posted on

Using Apache mod_security and .htaccess to block comment spam on the web

Comment spam is the most annoying thing to web operators. Besides eating up bandwidth, comment spam can pollute web discussions area and which gives bad impression to visitors.

Apache HTTPD mod_security module can be configured to reduce web spam by filtering common keyword, content and referrer used by spam bots around the internet.

Here’s an example of .htaccess file to block common comment spam :

<IfModule mod_security.c>
SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,nolog,auditlog,status:503"
SecFilterSelective POST_PAYLOAD "(mortgage|viagra|poker|traffic|discount|medical|casino|lyrics|loan)"

</IfModule>

Please ensure that your Apache installation has mod_security module enabled. The method is suitable to be used on websites that receive a lot of user comments like forums, blogs (including WordPress and Drupal) and photo gallery.

Note: This is not a full-proof solution as it depends on the use of keywords.

Posted on

Goodbye 2.6.x – A downloadable archive of all Linux 2.6.x kernel releases

Linus Torvalds has announced Linux kernel 3.0-rc1, this marks the end of 2.6.x series line which has 40 releases since late 2003.

To mark this event, Con Kolivas has made a tarball archive (163MB) of all 2.6.x releases available for download. The archive uses lrzip compression which can be installed from the standard Ubuntu apt-get repository.

Note that the size of of the archive after decompression would reach 10.3 GB!

Happy downloading, and hello Linux 3.0!