COH: Europe In Ruins

Im in a security class in college, and we are doing projects. Mine is on packet sniffing with wire shark.

Basically im in love with the stuff.

I was wondering if someone can point me to a safe legit hackers page.

Im trying to do a whole presentation on using multiple hacking software but i cant find a legit site :(

Im interested in using a brute force password hacking program as well. My database management professor sent us an open invite to hack his account.
Any tips for a website and programs to use for brute force?

try omgmod.org

CommieKiller = winning

Legit safe hackers page?

I lol'd. Well there are probably some, but you can't always tell whether is secretly download shit or not can you?

I don't think any of us know any programs, all the commercial types I assume should have been available to your class.

One thing you can do to look for test subjects is ask friends if they have any websites.

Try bank of America's website they will give you free money once your in.

no there was one legit forum i was told. But couldnt get through in class b/c it was blocked by the school.
forgot.

shoot packet sniffing software is easy and very legit to find. Password software not so much

Dont use brute force.

Try a keyword/brute force hybrid otherwise you wait for years.
It splices together keywords and numbers, trying for a lucky strike.
Its especially more effective the more info you know on your lecturer (last name, children, street address, pets names, favourite colour etc, etc) as you add them to the search, you reduce the number of attempts needed to break the password by a large margin (that is assuming he doesnt use a completely random string of alpha-numerals, then youre pretty much fucked).

The other way to hack his account would be subversion - in otherwords, finding an exploit or getting some sort of trojan onto his personal equipment.  This is usually the route most hackers take, as brute force is exactly that - highly detectable, and easily stoppable with a delay between password entries.

If hes using XP, or even better Vista on his machine, and he ISNT 100% up to date with his service packs, smile with glee as you are in - search for 'Win XP/Vista buffer overrun issue' or memory overrun errors.  Another exploit is with a window service that I cant put my damn finger on - but its a messaging service that allows a bit of leeway.

This is all high-end hacker stuff mind you, and if youre 'just-learning' I wouldnt expect you to pull it off with just a google search - but you can at least get some info on it - as Im not gonna share my *actual* knowledge with you =)  You get your respect from finding this stuff out solo my friend.

Delve, Disassemble and Destroy my friend *wink*

Brute forcing takes years on regular CPUs.... but if you use for example several VGAs on parallel it gets reduced from years to seconds, a friend of mine made a tutorial about how to make the software work on linux, but it's on spanish and I honestly cba to translate all that lol.



With 4x 5850s it takes him a couple of minutes to break 10 digit MD5 hashes.

This, of course, is assuming you have access to the MD5 hash (not unusual).

However, if this isnt the case, which I would assume with any Private/Public key relationship, brute force would only work if you could execute the password checks as fast as your processor can check/waits for a response.  Which wouldnt happen.

time to turn eirr forum into 'Hacking for dummies' one :p

Well i dont want to destroy at all. Im just up for the challenge of learning. His password is only 6 digits, all lower case. So possibilities arent too high.

Could you point me to a legit clean way to download a keyword/brute hybrid? I dont want to end up d/ling some trojan myself.

If you can get physical access to his computer you should install a keylogger.

When I was in boarding school i set one up on a computer. It wasnt the admins computer tho so I sabotaget it to lure the admin there to type her password. Sadly I quit before I could see my scheme come to fruitition, but I'm certain it would have worked.

You might have to flash the motherboard tho to be able to install a keylogger.

Actually, it's pretty easy too:
http://en.wikipedia.org/wiki/John_the_Ripper

These days you want to use software written to take advantage of graphics processors though, just like killer says. You won't find many of those, mostly just experiments or quick hacks that people show off for fun. However, for a 6 character password even John would be enough, if it supports the hashing method used.

What kind of account are you guys hacking?

install program that tracks what user writes to control what your girl is doing in her free time :P

Been there, done that.

/jokes

well he logs into a school computer to teach the class on the board, so most likely its a virtual system. Everything is deleted on log off. I have doubts about a keylogger.

going to try jacktherpipper.