Posts

Posted on

Crack zip file password with FCrackzip

Fcrackzip is a tool that can be used to crack zip files encrypted with ZipCrypto algorithm through dictionary-based and brute-force attack.

The brute force attack can be configured to use the combination of lower,upper, numerical characters or with other symbols or punctuation marks.

Example usage:

  • fcrackzip -u -v -l 1-6 -c a example.zip
  • fcrackzip -u -v -l 1-6 -c aA1 example.zip
  • fcrackzip -u -v -D -p wordlist-dict.txt example.zip (dictionary attack)

Switch Explanation:

  • -v : verbose output, display the progress of current crack, may slow the progress a little bit
  • -l : length of password to brute-force in this case (1 to 6 characters)
  • -c : character set to try (a – lower-alphabet, A-uppercase alphabet, 1-numeric, ! – include [!:$%&/()=?[]+*~#])
  • -u : verify the zip password in case of multiple possible matches

p/s: It is strongly suggested to use dictionary attack first before going down with brute-force as passwords longer than 6 characters may take (a long) time to crack. A collection of wordlist can be found at PacketStormSecurity website

Debian and Ubuntu users can get fcrackzip from the default apt-get repository.
Windows may download fcrackzip win32 binaries from Schmorp.de website

Recommended Reading

Posted on

Using Apache mod_security and .htaccess to block comment spam on the web

Comment spam is the most annoying thing to web operators. Besides eating up bandwidth, comment spam can pollute web discussions area and which gives bad impression to visitors.

Apache HTTPD mod_security module can be configured to reduce web spam by filtering common keyword, content and referrer used by spam bots around the internet.

Here’s an example of .htaccess file to block common comment spam :

<IfModule mod_security.c>
SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,nolog,auditlog,status:503"
SecFilterSelective POST_PAYLOAD "(mortgage|viagra|poker|traffic|discount|medical|casino|lyrics|loan)"

</IfModule>

Please ensure that your Apache installation has mod_security module enabled. The method is suitable to be used on websites that receive a lot of user comments like forums, blogs (including WordPress and Drupal) and photo gallery.

Note: This is not a full-proof solution as it depends on the use of keywords.

Posted on

Goodbye 2.6.x – A downloadable archive of all Linux 2.6.x kernel releases

Linus Torvalds has announced Linux kernel 3.0-rc1, this marks the end of 2.6.x series line which has 40 releases since late 2003.

To mark this event, Con Kolivas has made a tarball archive (163MB) of all 2.6.x releases available for download. The archive uses lrzip compression which can be installed from the standard Ubuntu apt-get repository.

Note that the size of of the archive after decompression would reach 10.3 GB!

Happy downloading, and hello Linux 3.0!

Posted on

Video: Playing tunes on Google Guitar Doodle

Google has made a playable guitar doodle to commemorate the birthday anniversary of Les Paul, the electric guitar inventor. Although lacking few notes as well as the ability to lengthen the notes– within hours, people have come ups with guitar tabs for for playing popular songs on this doodle.

Among the tabs:
Intro of One – Metallica – DJDG AJAG DJDG AJAGK DJDG SJSG AJAG
Godfather – DHKJH KHJH FGD
Smoke on the Water – SFG SFG HSFG FS
Twinkle-Twinkle little star – AAGGHHG FFDDSSA GGFFDDS GGFFDDS AAGGHHG FFDDSSA
Happy Birthday – AASAFD AASAGF AAKHFDS KKFGF
Yankee Doodle – KKL; – K;L – KKL; – KJ – KKL; – FDSA – JGHJ

Posted on

How to solve Apache – Could not reliably determine the server’s fully qualified name – error in Ubuntu

Apache2 web server will almost always display this information message :
"Could not reliably determine the server's fully qualified name"
when it is first started in Ubuntu and Debian server.

The reason behind this message is because the web server fails to find the suitable domain name in the system.

How to remove the message
First, you need to edit “/etc/hosts” file and put your server name of choice in the file. For example:

127.0.0.1 server.mylocal

Then you need to add “ServerName” directive in the “/etc/apache2/apache2.conf” file.

ServerName server.mylocal

Finally, restart the web server for the changes to take effect. You will notice that the information message is gone now.

$ sudo service apache2 restart

Posted on

How to mine Bitcoin in Ubuntu using OpenCL and Bitcoinminer.py

Bitcoin is a form of decentralize digital currency, so unlike other digital currency services (like e-gold), bitcoin is not susceptible to be frozen, seized or invalidated. Bitcoin can be transfered transfered directly from person to person directly without intermediaries.

Bitcoin are generated over the internet by application called bitcoin miners using a set of algorithm to ensure that the number of generated bitcoin is within predictable and limited range. Though with the numbers of bitcoin in circulation today means that it would require significant processing power to generate bitcoins, it doesn’t stop anybody who are willing to try and mine them.

For a brief introduction to Bitcoin, please watch :

Bitcoin Miner on Ubuntu ?
Enter OpenCL and Bitcoinminer.py which allows bitcoin to be mined using a much more efficient GPU power (certain models of Nvidia and ATI graphic cards only, with appropriate drivers).

Step 1: To install the miner, you need to “install python-pyopencl subversion.

Step 2: Then you need to use subversion to obtain python-jsonrpc, by running:

svn checkout http://svn.json-rpc.org/trunk/python-jsonrpc
cd python-jsonrpc/
sudo python setup.py install

Step 3: Then you need to generate bitcoin.conf file:

cd ..
mkdir .bitcoin
echo "rpcuser=username" > .bitcoin/bitcoin.conf
echo "rpcpassword=password" >> .bitcoin/bitcoin.conf

Step 4: After that, download BitcoinMiner files

wget --no-check-certificate https://github.com/m0mchil/poclbm/raw/master/BitcoinMiner.cl
wget --no-check-certificate https://github.com/m0mchil/poclbm/raw/master/BitcoinMiner.py
wget --no-check-certificate https://github.com/m0mchil/poclbm/raw/master/poclbm.py

Step 5: Download bitcoin server for linux

wget http://iweb.dl.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.3.19/bitcoin-0.3.19-linux.tar.gz
tar xvf bitcoin-0.3.19-linux.tar.gz
~/bitcoin-0.3.19/bin/64/bitcoin -server&

Step 6: Then finally, running the miner

python poclbm.py -d 0 --user username --pass password

The parameter -d 0 denotes that the miner will use GPU #1 for its bitcoin mining generation, increment it to -d 1 for GPU #2 and so forth. Change the “password” and “username” parameter from Step 3 and Step 6 appropriately to keep people from reaping the fruits (read: steal bitcoins) of your mining operation.

For more information about mining bitcoins and about Bitcoin in general, please visit : WeUseCoins website