Sunday 28 July 2013

Kali Linux 1.0.4 Released

Since the initial release of Kali have seen a large number of changes, upgrades and improvements in the distribution, all of which are included in version 1.0.4.

Kali Linux is an open source project developed by the Offensive Security, a successor to BackTrack Linux. This Kali Linux Update release with more new addition tool.

In addition to the new tools added to the distribution, version 1.04 of Kali Linux also contains many upgraded packages. Some of the more notable updates are:
As usual, you do not need to re-download Kali Linux 1.0.4 if you already have it installed. A regular “apt-get update && apt-get dist-upgrade” will do the job of getting you to the latest and greatest!
For more info on Kali Linux visit Official blog by Click Here or Download ISO Image from Download page.

Saturday 20 July 2013

Some of the best sites to crack MD5 Hashed

About MD5: MD5 is an algorithm created in 1991 by Professor Ronald Rivest that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
When using a one-way hash function, one can compare a calculated message digest against the message digest that is decrypted with a public key to verify that the message hasn't been tampered with. This comparison is called a "hashcheck."

Here is a list of websites that can crack MD5 Hashes.....

www.tmto.org (recommended)
md5.noisette.ch
md5decryption.com
www.c0llision.net
www.netmd5crack.com
www.md5decrypter.com
md5hashcracker.appspot.com
www.hashhack.com
isc.sans.edu
www.md5crack.com
passcracking.com
authsecu.com
md5.rednoize.com
md5.web-max.ca
www.cmd5.com
md5.thekaine.de
www.shell-storm.org
www.md5this.com
www.hashchecker.com
hashcrack.com
md5pass.com
md5pass.info
cmd5.org

Wednesday 10 July 2013

How to reset Windows password with Kali Linux

Download Kali Linux and burn the ISO to a CD/DVD. Boot Windows machine with the LiveCD. On the boot menu of Kali Linux, select Live (forensic mode). Kali Linux initialize and when it loads, it will open a terminal window and navigate to the Windows password database file. Almost all versions of windows password is saved in SAM file. This file is usually located under /Windows/System32/config. On your system it may look something like this: /media/hda1/Windows/System32/config. Below is the screenshot.
The SAM database is usually in the /media/name_of_hard_drive/Windows/System32/config

The screen shot below lists the SAM database file on my hard drive. The screen shot below lists the SAM database file on my hard drive.

Type command chntpw -l SAM and it will list out all the usernames that are contained on the Windows system.
The command gives us a list of usernames on the system. When we have the username we want to modify and we simply run the command chntpw -u “username” SAM

In the example below we typed: chntpw -u “Administrator” SAM and we get the following menu:

We now have the option of clearing the password, changing the password, or promoting the user to administrator. Changing the password does not always work on Windows 7 systems, so it is recommended to clear the password. Therefore you will be able to log in with a blank password. You can also promote the user to a local administrator as well.






Monday 8 July 2013

Access Kali Linux through Remote System

There are several open source and enterprise software program through which we can access remote system. These software becomes a necessity when you setup a remote server and do not allow direct access to the server, as because of some security measures. PuTTy is one of the major terminal emulator through which we can access a remote server. PuTTy is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet and rlogin. Here, I am going to show you how to access Kali Linux through PuTTy. My base computer is running Windows 7 and Kali Linux is installed in a VMWare Player. So we can assume that Kali Linux is installed in a remote machine, as Windows 7 and of Kali Linux is on different network now.
Before we access Kali Linux through remote system, we need to make sure that ssh service is already running in Kali Linux.
To check the status of ssh service. Open root terminal and type service --status-all


In case it shows [-], then it means ssh service is not running and you have to enable ssh service first. To do this type apt-get install openssh-server from terminal window. Once, it shows [+] sign it means service is enable. Now, we type service ssh start to run ssh service.

Once we are sure that ssh service is running in remote Kali Linux, we have to perform one more step. Run ssh-keygen -t rsa to setup rsa key for ssh authentication and enter filename and passphrase to save the key. Once this is done we are good to go.

Now open PuTTy application and type the ip address of Kali Linux (if you are not sure then type ifconfig command on Kali Linux root terminal window). Let the port no. be default, select ssh and click on open. If everything is fine then it will ask you to enter login name and password. Once you enter the correct login and password, you will get privilege to access Kali Linux from console mode.

Thursday 4 July 2013

Kali Linux review and a brief history of the BackTrack

Looks like Kali Linux is a great success. Kali Linux is the successor to BackTrack, the much loved Linux Penetration Distro/ Operating System that is aimed at penetration testers and security professionals. Before we dive into our brief review – we thought it would be cool to give a brief history of how Kali Linux came to be.
What is the history of Kali Linux and BackTrack?
We are all very familiar with Backtrack, which has been around for the last seven years – created and managed by Offensive Security, but what is the history of this famous Linux penetration testing distribution?
Much like we trace our ancestors back to Africa, so we trace Kali Linux back to Knoppix! Knoppix was one of the first ever bootable Live Linux Distro’s. Still in existence, Knoppix is a classic distro with a loyal community. Over time the Knoppix project was forked into WHoppix (yes the WH are meant to be capitalized) that was then re-forked into WHAX. WHAX was then re-branded and streamlined into the BackTrack that we all used. There is a common thread throughout these distros, (Knoppix, which became WHoppix, and then WHAX and finally into BackTrack); that is that the lineage focused on intrusion detection and digital forensics. BackTrack expanded the scope and allowed for many more tools to be incorporated into the distro. In any event, BackTrack had a long reign of almost seven years as the pentesters and hackers distro of choice. However, as of March 2013 the venerated distro was decommissioned and replaced by Kali Linux. Phew. Long story – but the bottom line is that Kali Linux is the result of a rich and colorful history.
So why bother changing the name?
Kali Linux is so different that the fine folks over at Offensive Security thought that to solve the ‘inherent problems’ of BackTrack the authors needed a complete re-write. The main issue with BackTrack v1-v5 was that it was a headache for dependencies. Here was the problem: too many pentesting tools embedded within BackTrack all struggled to co-exist within the dependencies. Many pentesting and security tools where not regularly updated by their creators so the result was that trying to update the entire OS often caused conflicts and tools would simply stop working, crash or even cause other tools to crash. A good example of this is Ettercap which was not updated for a long time.
The solution was to rebuild the distro bottom-up by making Kali Debian based. Before with BackTrack there was a /pentest/ folder, whereas now it is all updated and managed by Debian packages.
Kali Linux has 300 tools which automatically work within the Kali ecosphere. Kali also has been created with the clean “File system Hierarchy Standard” and offers vast plug and play wireless support, with the only exception appearing to be broadcom.
ARM Support
Another interesting feature about Kali Linux is that it supports ARM architecture meaning that you can use the distro on Raspberry Pi’s and Chromebooks etc. Incidentally, you can also create your own .iso file with Kali through the Debian lifebuild feature.
In summary
Kali is a well thought out penetration testing distribution which had to address its’ previous problems with regards to updates. The distro has two modes: forensics and default, all of which run best (in our opinion) in gnome. All the usual pentesting tools work with the distro with ease and the file hierarchy is the same as previous BackTrack versions – so you won’t have a problem using this distro if you are previous BackTracker. Offensive Security still insist that you run the OS as root so this probably won’t be your day to day distroFor pentesting Kali Linux is clearly an awesome OS with the world’s best pentesting suite of tools that can all be preconfigured. Couple that with the very large and loyal community, bug tracking service and attention to detail and yes, it is a solid pentesting Linux distribution.