Hack Like a Pro: Cryptography Basics for the Aspiring Hacker

As hackers, we are often faced with the hurdle of cryptography and encryption. In some cases, we use it to hide our actions and messages. Many applications and protocols use encryption to maintain confidentiality and integrity of data. To be able to crack passwords and encrypted protocols such as SSL and wireless, you need to at least be familiar with the concepts and terminology of cryptography and encryption.

To many new hackers, all the concepts and terminology of cryptography can be a bit overwhelming and opaque. Cryptography is the science and art of hiding messages so that they are confidential, then "unhiding" them so that only the intended recipient can read them. Basically, we can say that cryptography is the science of secret messaging.

With this brief overview for the newcomer, I hope to lift the fog that shrouds this subject and shed a tiny bit of light on cryptography. I intend this simply to be a quick and cursory overview of cryptography for the novice hacker, not a treatise on the algorithms and mathematics of encryption. I'll try to familiarize you with the basic terminology and concepts so that when you read about hashing, wireless cracking, or password cracking and the encryption technologies are mentioned, you have some grasp of what is being addressed.

Don't get me wrong, I don't intend to make you a cryptographer here (that would take years), but simply to help familiarize the beginner with the terms and concepts of cryptography so as to help you become a credible hacker.

I will attempt to use as much plain English to describe these technologies as possible, but like everything in IT, there is a very specialized language for cryptography and encryption. Terms like cipher, plaintext, ciphertext, keyspace, block size, and collisions can make studying cryptography a bit confusing and overwhelming to the beginner. I will use the term "collision," as there really is no other word in plain English that can replace it.

Let's get started by breaking encryption into several categories.

Types of Cryptography

There are several ways to categorize encryption, but for our purposes here, I have broken them down into four main areas.

• Symmetric Encryption
• Asymmetric Encryption
• Hashes
• Wireless

A Word About Key Size

In the world of cryptography, size does matter! In general, the larger the key, the more secure the encryption. This means that AES with a 256-bit key is stronger than AES with an 128-bit key and likely will be more difficult to break. Within the same encryption algorithm, the larger the key, the stronger the encryption.

It does not necessarily mean that larger keys mean stronger encryptionbetween encryption algorithms. Between algorithms, the strength of the encryption is dependent on both the particulars of the algorithm and the key size.

Symmetric Cryptography

Symmetric cryptography is where we have the same key at the sender and receiver. It is probably the most common form of cryptography. You have a password or key that encrypts a message and I have the same password to decrypt the message. Anyone else can't read our message or data.

Symmetric cryptography is very fast, so it is well-suited for bulk storage or streaming applications. The drawback to symmetric cryptography is what is called the key exchange. If both ends need the same key, they need to use a third channel to exchange the key and therein lies the weakness. If there are two people who want to encrypt their communication and they are 12,000 miles apart, how do they exchange the key? This key exchange then is fraught with the all the problems of the confidentiality of the medium they choose, whether it be telephone, mail, email, face-to-face, etc. The key exchange can be intercepted and render the confidentiality of the encryption moot.

Some of the common symmetric algorithms that you should be familiar with are:

• DES - This was one of the original and oldest encryption schemes developed by IBM. It was found to be flawed and breakable and was used in the original hashing system of LANMAN hashes in early (pre-2000) Windows systems.
• 3DES - This encryption algorithm was developed in response to the flaws in DES. 3DES applies the DES algorithm three times (hence the name "triple DES") making it slightly more secure than DES.
• AES - Advanced Encryption Standard is not a encryption algorithm but rather a standard developed by NIST. Presently, it is considered the strongest encryption, uses a 128-, 196-, or 256-bit key and is occupied by the Rijndael algorithm since 2001. Used in WPA2, SSL/TLS, and many other protocols where confidentiality and speed is important.
• RC4 - This is a streaming (it encrypts each bit or byte rather than a block of information) cipher and developed by Ronald Rivest of RSA fame. Used in VoIP and WEP.
• Blowfish - The first of Bruce Schneier's encryption algorithms. It uses a variable key length and is very secure. It is not patented, so anyone can use it without license.
• Twofish - A stronger version of Blowfish using a 128- or 256-bit key and was strong contender for AES. Used in Cryptcat and OpenPGP, among other places. It also is in the public domain without a patent.

Asymmetric Cryptography

Asymmetric cryptography uses different keys on both end of the communication channel. Asymmetric cryptography is very slow, about 1,000 times slower than symmetric cryptography, so we don't want to use it for bulk encryption or streaming communication. It does, however, solve the key exchange problem. Since we don't need to have the same key on both ends of a communication, we don't have the issue of key exchange.

Asymmetric cryptography is used primarily when we have two entities unknown to each other that want to exchange a small bit of information, such as a key or other identifying information, such as a certificate. It is notused for bulk or streaming encryption due to its speed limitations.

Some of common asymmetric encryption schemes you should be familiar with are:

• Diffie-Hellman - Many people in the field of cryptography regard the Diffie-Hellman key exchange to be the greatest development in cryptography (I would have to agree). Without going deep into the mathematics, Diffie and Hellman developed a way to generate keys without having to exchange the keys, thereby solving the key exchange problem that plagues symmetric key encryption.

• RSA - Rivest, Shamir, and Adleman is a scheme of asymmetric encryption that uses factorization of very large prime numbers as the relationship between the two keys.
• PKI - Public key infrastructure is the widely used asymmetric system for exchanging confidential information using a private key and a public key.

• ECC - Elliptical curve cryptography is becoming increasing popular in mobile computing as it efficient, requiring less computing power and energy consumption for the same level of security. ECC relies upon the shared relationship of two functions being on the same elliptical curve.
• PGP - Pretty Good Privacy uses asymmetric encryption to assure the privacy and integrity of email messages.

Hashes

Hashes are one-way encryption. A message or password is encrypted in a way that it cannot be reversed or unencrypted. You might wonder, "What good would it do us to have a something encrypted and then not be able to decrypt it?" Good question!

When the message is encrypted is creates a "hash" that becomes a unique, but indecipherable signature for the underlying message. Each and every message is encrypted in a way that it creates a unique hash. Usually, these hashes are a fixed length (an MD5 hash is always 32 characters). In that way, the attacker can not decipher any information about the underlying message from the length of the hash. Due to this, we don't need to know the original message, we simply need to see whether some text creates the same hash to check its integrity.

This is why hashes can be used to store passwords. The passwords are stored as hashes and then when someone tries to log in, the system hashes the password and checks to see whether the hash generated matches the hash that has been stored. In addition, hashes are useful for integrity checking, for instance with file downloads or system files.

In the world of encryption and hashing, a "collision" is where two different input texts produce the same hash. In other words, the hash is not unique. This can be an issue when we assume that all the hashes are unique such as in certificate exchanges in SSL. NSA used this property of collisions in the Stuxnet malware to provide it with what appeared to be a legitimate Microsoft certificate. Hash algorithms that produce collisions, as you might guess, are flawed and insecure.

These are the hashes you should be familiar with.

• MD4 - This was an early hash by Ron Rivest and has largely been discontinued in use due to collisions.
• MD5 - The most widely used hashing system. It's 128-bit and produces a 32-character message digest.
• SHA1- Developed by the NSA, it is more secure than MD5, but not as widely used. It has 160-bit digest which is usually rendered in 40-character hexadecimal. Often used for certificate exchanges in SSL, but because of recently discovered flaws, is being deprecated for that purpose.

Wireless Cryptography

Wireless cryptography has been a favorite of Null Byte readers as so many here are trying to crack wireless access points. As you might guess, wireless cryptography is symmetric (for speed), and as with all symmetric cryptography, key exchange is critical.

• WEP - This was the original encryption scheme for wireless and was quickly discovered to be flawed. It used RC4, but because of the small key size (24-bit), it repeated the IV about every 5,000 packets enabling easy cracking on a busy network.
• WPA - This was a quick fix for the flaws of WEP, adding a larger key and TKIP to make it slightly more difficult to crack.
• WPA2-PSK - This was the first of the more secure wireless encryption schemes. It uses a pre-shared key and AES. It then salts the hashes with the AP name or SSID. The hash is exchanged at authentication in a four-way handshake between the client and AP.
• WPA2-Enterprise - This wireless encryption is the most secure. It uses a 128-bit key, AES, and a remote authentication server (RADIUS).

I hope you keep coming back, my rookie hackers, as we continue to explore the wonderful world of information security and hacking! For a more in depth reading on cryptography, I suggest you check out Adam Billman's cryptography guide here on Null Byte.

Read more »

Chapter 10 : RATs (Hacking on Server's PC)

 

Introduction :

A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

• Screen/camera capture or control
• File management (download/upload/execute/etc.)
• Shell control (usually piped from command prompt)
• Computer control (power off/on/log off) 

But this can also be misused. It is used only on one servers means you can use RAT on all the computers connected to your LAN system . Usually in schools/universities hostels where there is a net system using LAN.You can use RAT there to hack the system of ur friend sitting in any other room .....

RAT Trojan Horses :

Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following: Download, upload, delete, and rename files

• Format drives
• Open CD-ROM tray
• Drop viruses and worms
• Log keystrokes, keystroke capture software
• Hack passwords, credit card numbers
• Hijack homepage
• View screen
• View, kill, and start tasks in task manager
• Hide desktop icons, taskbar and files
• Print text
• Play sounds
• Randomly move and click mouse
• Record sound with a connected microphone
• Record video with a connected webcam

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.

Popular RAT Software :

• Shark
• Bifrost
• Bandook
• BO2K
• ProRAT
• SpyRAT
• HackRAT
• Netbos
• Optixe
• AutoSpY
• Nclear
•  Amituer
• Bandk
• Yuri RAT
• Y3k RAT
• slha RAT
• Openx RAT
• Poison Ivy RAT
• Mosucker
• SubSeven RAT
• Nuclear RAT
• NetBus RAT
• ProRAT
• megapanzer
• LanHelper

But i suggest using optix pro

so a short tutorial on how to use optix for you guys..

How to use it ?

So a short tutorial on how to use optix for you guys..

1) INTRO :

It isnt that hard to use.The Program used to build server files are :

.ClientClient.exe = Client
.BuilderBuilder.exe = Builder


WARNING: DO NOT RUN THE FILE(s) THAT YOU CREATE WITH BUILDER.EXE - THESE
FILES ARE THE ONES INTENDED TO RUN ON THE REMOTE COMPUTER THAT YOU WANT.TO REMOTELY ADMINISTRATE, NOT YOUR OWN!!!!

2) Quick Start Tutorial:

1) Open Builder
2) Click"Build/Create Server:" button
3) Save Server as "server.exe"
4) Click UPX Packing
5) Click OK
6) Run Server.exe on the computer you wish to administrate (WARNING: NOT ON YOUR OWN COMPUTER!!!)
7) Open Client
8) Type in IP Address of other computer
9) Hit the Green Button in top-right hand corner to connect!

To find out exactly how to use a particular part of the program, simply
hover your mouse button over the face of a button, control etc. and a
"help hint" will appear instructing you as to the purpose of that
particular field/button etc.

UPX Packing is automated in the server build process if you wish to pack
your file!

to get an up-2-date copy of BlackFire's cgi logger (cgi notification)
go to:

http://www.bfndevelopment.com/

However a new logger (alternativecgilogger.zip) is also provided in
this version. Advanced users check it out!

3) FEATURE LIST :

v1.33 - Client Side :

COMPATIVBLE WITH ALL PAST SERVER VERSIONS! in a limited way! (own risk)
Client SOCKS 4/5 Support
Power Options - logoff,suspend,reboot,shutdown etc.
Server Information - Get info about builder settings
File Manager
Process Manager
Windows Manager
Registry Manager
FTP Manager
SOCKS 4/5 Server
Remote IP Scanner
Port Redirect
Application Redirect
Service Manager
Message Box
Matrix Chat (Client-2-vic)
Client-2-Client chat
Computer Information
Get Passwords - (RAS/Cached - 9x and AIM)
Online Key Logger - (now window titles)
Screen Capture with left click mouse manipulation
Keyboard Manipulation - (more advanced)
Cam Capture
SendKeys - old version of SendKeys for older servers
Humor normals - Flash keyboard lights, Monitor on/off, Disable keyboard/mouse etc.
Humor Screen Printer - print text to their screen!

v1.33 - Server Side :

COMPATIBLE WITH ALL PREVIOUS CLIENT VERSIONS! in a limited way! (own risk)
Configurable:
Notification Information Separators
IP Address Separator
Info included in any Notification
Idenfitication Name
Server Port
Server Password
Fake Error
Server Icon
Registry Run startup
Registry RunServices startup
win.ini startup
system.ini startup
s7 special method startup!
Server File Name
Start Directory (windir/sysdir)
Melt Server
Unlimited ICQ Number Notification
Unlimited CGI Script Notification
Unlimited IRC Server/channel Notification
Unlimited PHP Script Notification
Unlimited SMTP Notification
Toggling killing of in-built exe/service list for firewalls
Toggling killing of in-built exe/service list for Anti-Virus
Toggling killing of in-built exe/service list for packages classifed as both anti-virus and firewall!
Unlimited Number of custom exe's to kill
Unlimited Number of custom services to kill
Easily Automated UPX Packing if needed.
Option for unpacked or packed server with your own packer if wanted (instructions clear)

Read more »