Hacking Tutorial: 2014

Thursday, 29 May 2014

New Facebook Hacking Tool ~Stealing Facebook profile information

A new facebook hacking tool is released . It can steal the information from victims like photos,friends list and other information. Using that , an attacker is able to create fake profile page or they may get enough information to hack your accounts(security question).

Here is the full detail about the Tool:
Facebook Profile Dumper

This is for educational purpose only. Prevent you from attackers. Don't accept invitation from stranger. Even if you get request from your friends, verify whether it is real profile or fake.

Hacking Facebook passwords-Facebook Bruteforcer softwares[for n00b]

Are you searching for Facebook or gmail Hacking Software? if your answer is yes, you come to the right place.

You may read somewhere else as "use this hacking software to hack facebook accounts". And some hacking blogs has some post like this with procedure:

Download this software
Run the application.
Enter your email id and password
Enter your victim email id.
That's all your friend account is hacked.

Some hacking bloggers also mentioned Bruteforcer for Facebook. if you enter the email id, it will hack the email.

First of all , let me ask one question " Do you think facebook is f****ng stupids?" . Do you think it is possible to hack any accounts within a minute using these kind of softwares?(Innocence).

The truth is that you are being hacked. You realized that?
Don't be a n00b, think like a Security Expert.

Then what is Facebook Hacking softwares?

There is no Such software that will hack Facebook accounts , if you give email id simply. They are fake softwares

n00b: Hey BreakTheSec, i saw Facebook hacking software article in top hackers sites. Do you think you are better than them?
BreakTheSec: No , i am not better than them. Because I am publishing the truth behind the Facebook Hacking Software! You still believe those software? then try it yourself. I am not going to stop you.

What is the Aim of these Kind of Hacking Facebook password softwares?
This kind of fake softwares are created by Hackers to trick n00b hackers. If the n00b download and run the application, it may launch some malicious programs (spyware,trojans,..).

Trojans leads to dead of your computer. But most of hackers won't do this stupid thing. They use spyware to steal your confidential data instead.

n00b: BreakTheSec. you are right, my system is infected by some kind of spyware.
BreakTheSec: that's what i said.
n00b: but how hackers hack Facebook account passwords?
BreakTheSec: There are some other ways to hack the Facebook passwords. Let me explain what they are.

Method 1:Phishing Webpage
Phishing webpage is traditional way of hacking accounts. Old is Gold!! Learn about Phishing webpage here: How to Hack Facebook Passwords?

Method 2: Keyloggers
Keylogger is spyware that will capture each key strokes in keyboard. So , if the victim type the id and passwords, it will be captured and mailed to you.
Know about

Are you still searching for Facebook password Hacking Software?!!

Local Facebook Phishing WebPage-change the name of your localhost

This post is not about hacking. It just windows tweak or trick.
Just change your localhost name and enjoy it.

You have to well know about this:
How to use wamp/xamp server.
What is localhost.

It is very simple to follow. This is for windows users only.

Steps to follow:
1.Go to C:\WINDOWS\system32\drivers\etc
2. Find the file named

HOSTS

3.Open the file with notepad.
4.you can see there like this:

127.0.0.1 localhost

5.Change the localhost to anything you like.
For ex: you can change it to "www.facebook.com".
6. save the file

Now start the wamp or xamp server and enter the www.facebook.com in browser
you will see the localhost homepage.

Why not?-You can hack your friends.
I have told that this is not hacking trick. But you can use this also for hacking your friend/lover.(in tamil "siru thrumpum pal kutha uthavum", i don't know how to say it in english)

Do you know how?
As i said change the localhost to www.facebook.com.
change your localhost homepage as facebook or gmail phishing web page.
So now the local phishing webpage is ready to hack your friend/lover/spouse(sounds crazy ?)
if he enter the www.facebook.com in your pc. He can see your local phishing page only.
so their passwords is in your hands.
Try some "under construction " or anyother error message so that they will not suspect you.

Actually i just give idea only. If you think that you can become funny and best hacker,then add your own ideas and hack them.

For Ubuntu Users,please read this:

How to change the localhost name in Ubuntu Linux?

Copyrights:
Don't try to copy the contents! if you want to post in your website or blog. Give me link as resource to this page. Link should be hyperlink not a text.
Thanks for the help

Avast community forum hacked, user names and passwords stolen

Antivirus firm Avast said it took its community forum offline following a hacking attack compromised its database.

How to see the remembered passwords | passwords autofill Cracked

I am going to teach you how to see the passwords which are shown as astersik characters(*).

What is the use?

if your friend/lover select the remember passwords option when login,then you got the chance to hack their password without much effort(no need of phishing ).

Two cases:

Case I:
if they select remember password in mozilla popup. It is easy to see the password using this method:How to see the saved passwords in mozilla?

Second I:
If the select remember passwords in login form , here is the another method.

How to see the remembered passwords ?
Whenever someone select remember password in login form,the passwords will be automatically filled. But the problem is that we can login but can not see the password. Because the password will be shown as "astersik characters"(*). Her e is the trick to crack that also.

Visit any site which remembers passwords and show astersik characters in password box.

Copy the following code

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

Paste in the address bar.
Press enter key
Now the hidden password behind the astersik character will be shown.

Tutorial With Example Picture:
Lets take the yahoomail.com
if the password is auto filled as shown in the picture, then this method will work for you.

What is Brute Force Cracking Attack?|Cracking HASH passwords

Hi friends, If you don't know about cracking encrypted or ciphered data using Brute Force attack,this article will help you to gain much knowledge about the Brute Force attack.

What is Brute Force attack?
     Brute force attack is one of the password cracking method. In this method we are not decrypting the passwords. Instead we are trying to crack the password by comparing different combination of characters (all possible keys) with hash code.

How ?
   Let us assume the password length is 3. we have characters set(abcdefghijklmnopqrstuvwxyz0123456789) excluding the special characters.

The Number of Permutation takes to crack the password:
    For first character :upper case letters(26 )+Lower Case Letters(26)+10 Numbers =62
Likewise for second and third character we have 62 different ways.
So the total permutation to produce different keys is =62*62*62=238328 ways.

If you include the special characters in character set,then the permutation to crack the password will increase.

The main problem with Brute force attack :
     If the password length is small,then it will be cracked in small amount of time. This method will take too longer time to crack lengthy passwords. It can take several hours, days ,months ,years.
The time depending upon the two factors :
Password Length
Upper case and lower case letter combinations.

Conclusion:

For Hackers:
Hope you understand about brute force attack,also the drawback of this method. You can take advantage if the password is simple and small in length.

For Security needers
If you really want to secure your account from hackers, then use the Strong password. Don't know how to create the strong passwords ? no need to worry,read this How to create Strong Passwords?|security Tips

How to Crack MD5 Using Cain and abel tools-Brute Force Attack

Hi Hackers, hope you like the tutorials from BTS(Break The Security). Last time i have introduced a cain&abel cracking tool(read for more details "Introduction to Cain and Abel cracking tool"). Now i am going to explain how to use the cain and abel tools for cracking MD5 passwords(Using Brute Force method).
To know about Brute Force Attack read this Post: Introduction to Brute Force attack cracking
Cracking Password Step 1:
Open the cain &abel tool
You can see the different types of tabs. we are going to crack the passwords ,right?! then why are you waiting ? click the Cracker tab

Cracking Step 2:
In sidebar you can see list of hash methods. select MD5 Hashes in sidebar. Now you can see a blank sheet. There you are going to add the hash code for cracking.

.
Cracking Step 3:
Right click on the blank sheet and select "add to list" option.

Cracking Step 4:
Now you can see the pop box and ask you to enter the Hash code in hex. copy and paste the hash code in that box and hit ok button.
For instance, let us take this hash code

c3ea886e7d47f5c49a7d092fadf0c03b

now the code will be added to the work sheet.

Cracker Step 5:
Right click on the hash code and select the Method. For now let's use Brute force attack(i will post cracking tutorials using other methods in my next posts). So select "Brute Force Attack"

Cain-Abel Cracker Tool Tutorials Step 6:
you can see a small window. Click "Start" button to start the cracking of passwords.
Special Options:
if it take too long to crack then limit the password by fixing min and max of password length. for instance if you think the password length will be above the 4 then set the min as "5".
You can start the password cracking from certain words(better don't use until you well know about victim and cracking).

Cracking Tutorials Step 7:
At the end of the cracking ,you will see the message as "Attack stopped. Hash Cracked"
you can see the password in "start from " box. or press the exit sheet button. you will see the cracked password in work sheet in the password column

Password Cracker Open Source Software Created by BreakTheSecurity

Hi Break The Security's Hackers, i have created Password Cracking Tool. I have released it as open source software in sourceforge.net.

This tool uses Dictionary Attack method to crack the MD5, SHA-1,MD4,SHA-128,256,512 hash codes. Now it is simple and basic tool. In future it will become more efficient tool.

Join As developer
You can also help me to develop this tool. Your name will also included in the credits of the software. But you have to strong in Swing concept of Java. Don't worry..!! if you are not java developer, you can also write code in your own language and give it to me. I will convert to Java. If you like to develop this tool , then register in sourceforge.net and visit projects.BreakTheSecurity.com

For Users
Features:

This is very simple tool.
Easy to use and efficient tool
Portable Software (no need to install).
Fastest Password Cracking tool.

Download this tool now and use from here:

http://projects.breakthesecurity.com/

Thanks for Supporting friends.

Password Cracking Methods

Read the following two articles, this will help you to know about password cracking
BruteForceAttack
Dictionary Attack Cracking

How to Launch the Password Cracker 1.1 Application?

Recently i have developed a simple password cracking tool and released as open source software. Today let us see how to launch PasswordCracker 1.1(HashCodeCracker 1.1).

How to use Password Cracker?

Minimum Requirements:
JRE(Java run time Environment) 1.6 should be installed .

If you don't have, get it from oracle.com

Windows Users:
Download the PasswordCracker1.1 exe from here Projects.BreakTheSecurity.com
Double click the exe file, it will extract the Password Cracker Folder. You can find the HashCodeCracker.exe inside the folder.

Linux Users
Download the HashCodeCracke.zip file from the Projects.BreakTheSecurity.com
Extract the zip file.
Open the Terminal.
Navigate to the path of Extracted zip file (i mean HashCodeCracker Folder) in Terminal.
Type this command "java -jar HashCodeCracker.jar".
Now the application will run.

How to Crack Windows Accounts Example Screenshots Tutorial

Hi Break The Security hackers, this is just screen shot. The Detailed Text version tutorial can be found in this link:
How to hack Windows accounts Password with Ophcrack?

I have separated it into two parts because of too large number of Screen shots.

How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial

In this post, i am going to help you to crack the any type of windows accounts passwords. Learn how to hack the windows admin password like a geek.

This is My Second Backtrack Linux Tutorial.
[see the screen shots of this tutorial ]

Refer this link also: How to hack the windows 7 or vista using the following method

Requirements:

BackTrack Linux 4 or 5. Download it from http://backtrack-linux.org
One pen drive(above 4gb)
Xp Free Fast RainBow table [tables_xp_free_fast.zip]. Download it from here:http://ophcrack.sourceforge.net/tables.php

*Install the Backtrack Linux in the pen drive with small amount of persistent memory.

Step 1: Booting From Back Track
Insert the pen drive in target computer[when turned off]. We are going to boot the operating system from pen drive, so insert when the system is turned off.
Now Turn on the system.
Press F10 [boot menu, differs for system] before booting and select boot from Pen drive.
Now it will boot the Backtrack.
Select "Graphical User Interface "
Now wait for a while ( it will execute some commands}
Now you can see the "root:"
type "startx" and hit enter. It will bring you to the GUI view of Backtrack.

Step 2:Copy the SAM and System files
Click the Start button(dragon symbol)
Select System Menu
Select Storage Media(if you see nothing, close the window open it again).

You can see the list of Hard disk and Your pen drive.
Open the windows installed Hard disk and Navigate to this path:
WINDOWS/system32/config/

There you can see two files named as "SAM" and "System".

Copy the both SAM and system files .
[ Just proceed to next step without closing the window]

Create a new folder in the desktop and paste the files inside.

Step 4: Run OphCrack Tool in Backtrack
Open the ophcrack GUI(start->Backtrack->Privilege Escalation->Password Attack->offline Attacks-ophCrack GUI).

Step 5: Loading the folder that contains sam and system files

Click the Load and select "Encrypted SAM" in ophcrack tool.
Now it will ask you to select directory that contains SAM folder. Select the directory where you saved the SAM file.

Now it will load and display the list of user accounts in the windows.

Step 6: Target the Admin Account
Here i am going to hack the one of the administrator account of my computer. So remove all other accounts except the target admin account.

Step 7: The Rainbow Table

Extract the "tables_xp_free_fast.zip" file in the desktop.

Click the Table button in ophcrack tool. Now it will ask you to selec the table. Select the "XP free fast" and click the install button. Now browse to the Rain bow table directory "tables_xp_free_fast"
Now click ok.

Step 8: Cracking Begins
Click the Crack button.
Wait for a while [ophcrack is the fastest cracking tool. so it won't take too much time]

Step 9: Password is cracked
Yes..!! we got the password.

Don't forget to share with your friends.

Screen shots :

Screen shots windows Admin Password Cracking

Rar Password Remover Tool | Password Cracking

Sometimes if you download rar files from internet, it may be password protected.
In your friends laptop they may have password protected rar files.
Sometimes you may forget password for your rar files

What will you do in these situation? Yes.there is solution for these situation. You can use the RAR p
assword Cracker tool to retrieve the password of RAR.

Step 1 Download Password Cracking Tool :
Download it from here:

http://www.mediafire.com/?ac5c0uigdhaslya

Step 2:
Extract the rar file.
You can see setup.exe file and crack folder.
Double click the setup.exe and install the RAR password remover.

Step 3-Cracked:
Now copy the urpwdr11rc16.exe file from crack folder.
Paste into the C:\Program Files\Intelore\RAR-PR(i installed the rar password remover in this path).

Now it is cracked.

In my next post , i'll explain how to use this software.

How to Crack password protected RAR files like a hacker (Brute Force attack)?

Install the RAR password remover software as said in my last post.
Let me show how to crack the password protected RAR files using Brute Force attack method.

Step 1:
Run the application start->Allprograms->RAR password Recovery->RAR password Recovery

Step 2:
Now the Password Recovery windows is opened. Click the open button at the top of the window.

Step 3:
Browse to the Password protected RAR file and select.

Step 4:
Now set the Minmum and Maximu length of password(it's your choice)
Set allowed characters(if you think it is simple password, then select only lowercase).

Step 5:Start Cracking process
Click the Start Button. It will start to crack using brute force attack.
Wait..wait...wait........

It will take time depending on the password strength.
if you have luck, it will be finished within 10 minutes.
if you have bad luck, it will take 10months.
All depending on the password strength.

John The Ripper Tutorial-Password Cracking Softwares

What is John the Ripper?
John the Ripper is a fastest and Best Password Cracking software. It is compatible with many flavours of Unix, Windows, DOS, BeOS, and OpenVMS.

Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches

Info about John The Ripper:

It is command Line Password Cracker(Don't worry , i will guide how to use John the Ripper?).
John The Ripper is available for free
JohnTheRipper is pre Installed in Backtrack Linux
You can download it for other Linux Versions or any other operating system(Eg:windows xp).
Supports Both Brute Force and Dictionary Attack Methods
Fast and Best password Cracker.

Download John The Ripper From Here:

http://www.openwall.com/john/

How to Install John The Ripper On Ubuntu Linux? -Works for All Linux

This article will guide you how to install John The Ripper Tool(Password Cracker) in your ubuntu or Any other Linux and Unix Based System.

Requirements:

1. John The Ripper: Download the Latest and Free Version from here:

http://www.openwall.com/john/

It will be in tar.gz format, namely john-1.7.7.tar.gz

2. GCC: GCC should be installed in your system. GCC is C and C++ Compiler. Download and Install GCC

Why you need to install GCC?
John The Ripper comes as Source file. We have to compile and so that we can make the John The Ripper as executable. GCC only going to help us to compile the John The Ripper files.

Ok, Let us start installation.

John The Ripper Installation:
Step 1:
After Downloaded the john-1.7.7.tar.gz file, copy the file in Desktop.

Step 2:Extracting Tar.gz

Now Open the Terminal (Applications->Accessories->Terminal)
Enter this command in Terminal (to navigate to Desktop dir)
cd Desktop
Now Enter this command (to Extract the tar.gz file).

tar -xzf john-1.7.7.tar.gz

Now john-1.7.7.tar.gz is extracted to john-1.7.7 folder.

Alternate Extraction Method: Simply right click on the tar.gz file and select Extract here

Step 3: Compiling the Source File
Now Enter this command in Terminal(to navigate to john-1.7.7 directory)
cd john*
Then enter this command in Terminal (to navigate to src folder)
cd src
Then enter this command :
make
Now you can see list of Operating System.

Find the operating System option that match with your Operating System.
Then enter the following command:

make clean Operating_System_option

For Example:

make clean Linux-x86-64

If you don't know or can't find your operating system in list, then simply try this instead:
make clean generic

It will start to compile the source file. Wait for a while. It will take few minutes to complete the compilation (depending on your system speed, it will take time).

Step 4:End of Compilation and Installation
After compilation completed, john(executable) file will be created in john-1.7.7/run/ folder

Step 5: Let us Test
Okay let us test whether John the ripper is working or not.
You are still in Terminal , right?
Enter the following command:

cd -

This will bring you to the previous directory(i mean john-1.7.7/src to john-1.7.7/ folder).
Now enter the Following command (to navigate to john-1.7.7/run/ folder):
cd run
Let us run the John The Ripper from here.
Enter the Following command:

./john --test

It will start to process. It will take time depending on the speed of your system. If you want to terminate process , then press CTRL+C.

From now The "run" folder is enough to run the Application. copy the "run" folder to your desired location. My suggestion is to keep it in Desktop itself(easy to navigate and run).

How to Recover Windows 7 Password~Windows Password Killer Tool

I have explained how to recover the lost password using Backtrack Password Cracking. Here i am going to introduce a new tool named as Windows Password Killer. It enables you remove windows 7 password to reset the administrator, standard user and guest passwords easily without any data losing or file damage.

There is 3 different editions - the Lite, Pro and Ultimate, here we take the Pro edition as an example for the password remove process with USB drive (CD/DVD also supported too).

Requirements:
1. Any Accessible Computer.
2.USB Drive or CD/DVD

Step 1: Install Password Killer
Download the Windows Windows Password Killer from Here.
Install the windows Password Killer in your friends or any accssible computer.

Step 2:Burn a bootable CD/DVD or an USB drive

Insert the USB Drive or CD/DVD.
Run the Windows Password Killer.
Select the USB drive or CD/DVD.
click the Create button.
It will ask you to verify whether you select correct disk or not. Click "Yes" button.

Step 3: Boot from USB Drive OR CD/DVD
Now let us come to our locked computer.

Insert your USB Drive before turn on the system(if you are using CD/DVD, you have to turn on and insert).
Now turn on the system, press F10 or F12(it may vary for your system) to choose the booting device.
Select the USB drive or CD/DVD.

It will boot into Windows Password Killer.

Step4 : Reseting Password
After program starts, select Windows 7 system on the start page, click 'Next'.

Select your target user accounts, and then click 'Next' to proceed the Windows 7 password recovery/unlock process.

The Windows 7 Administrator password or other user accounts password is reset successfully now. Take out the password reset CD/DVD, click 'Reboot' to restart your computer.

Enjoy.!!
Want to say thanks?!
Sorry i don't need your thanks, i just want your like in my Facebook Fan page.
or Just follow us in twitter: http://twitter.com/eHackerNews
or Just share this with your friends.
Thank you from BreakTheSec, if you did.

How to crack or Reset BIOS Password? ~Cracking Tutorials

The BIOS software is built into the PC, and is the first code run by a PC when powered on ('boot firmware'). The primary function of the BIOS is to set up the hardware and load and start a boot loader. When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive and other hardware. The BIOS then locates software held on a peripheral device (designated as a 'boot device'), such as a hard disk or a CD/DVD, and loads and executes that software, giving it control of the PC. This process is known as booting, or booting up, which is short for bootstrapping.

Bios password is usually used to protect the user's BIOS settings on the computer. If you want to reset the password on the BIOS does not need to bother to connect bateray CMOSnya, with a little trick on the Dos you can reset the BIOS password on it in 2 ways:

1. Clear CMOS
This way I consider the most ancient and most easy to break down the password on the BIOS. The steps are easy, first open the casing cover computer CPU. Then find the bios battery that looks something like the battery just a little more big clock. After the meet and consider the area around the battery there is usually a jumper with 3 pins, 2 pins and 1 pin not connected.

Suppose the three pins with the code 1 - 2 - 3. Connector that connects the initial position usually is 2-3. To reset the bios do I move the position of the plug that connects pins 2-3 to position 1-2 for about 5 seconds. Then plug it back into the starting position (2-3). Try restarting the computer back on, secured the bios password is gone.

If the above looks complicated, is easy to clear cmos by unplugging the BIOS battery and then put it back. But with the consequences of removing the label is the warranty on the battery BIOS.

2. Through DOS

First out of the windows with me restart your computer, start the computer in MS-DOS mode, use the option "Command Prompt Only"

At c: prompt, type: DEBUG
press enter. You will see the sign (-) at the DEBUG prompt, then type:
o 70 2e
at the DEBUG prompt will be displayed as-o 70 2e.
press enter and type:
-O 71 ff
press enter, the last type:
Q
hit enter, then you will get out of the DEBUG prompt and return to the C:> prompt.
Now restart your COMPUTER, and see the results

Large Password List: Free Download Dictionary File for Password Cracking

For password cracking, you can choose two different methods 1. Dictionary Attack 2. Brute Force Attack. The Dictionary attack is much faster when compared to Brute force attack.(There is another method named as "Rainbow table", it is similar to Dictionary attack).

In order to achieve success in dictionary attack, we need a large size of Password list.

Here is the list of 1,717,681 passwords(Free to download):
http://dazzlepod.com/site_media/txt/passwords.txt

If you didn't get success using the above password list, then you can get the UNIQPass dictionary file from dazzlepod.

UNIQPASS is large password list useful for use with John the Ripper (JtR) wordlist mode to translate even more hashes into cleartext passwords. While we have had good success rate with our standard password list passwords.txt (17.5MB), we realized the list can be made more useful and relevant if we include commonly used passwords from the recently leaked databases belonging to large websites. As a result, we have compiled millions of unique passwords into UNIQPASS.

UNIQPASS is available for purchase at only $4.99; see preview of UNIQPASS from these 2 million randomly selected passwords (18.9MB).

Get the UNIQPass Dictionary file from here:
http://dazzlepod.com/uniqpass/

Ravan , JavaScript based Distributed Password cracking

You want to crack a hash but your system speed is low?! No need to worry..! Here is solution for you , "Distributed Password Cracking". Let me introduce a new tool called "Ravan" developed by LavaKumar.

About Ravan:
Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.

Ravan now supports MD5,SHA1,SHA256,SHA512 hashes.

How it works?

Ravan has three components:

Master:

The hash, salt, hashing algorithm, position of the salt (before or after salt) and the charset are submitted by the user. These are submitted to the web backend and it returns a ‘hash id’ which is unique to every submitted hash. It also supplies a ‘worker url’ specific to this hash that must be sent to potential workers.
Once the hash is submitted the master creates arrays of slots (each array contains 5 slots), this is submitted to the web backend. Each slot represents a small part of the keyspace, this is how the entire activity is broken down in to multiple tiny tasks. A single slot represents 1 million combinations.
The master constantly polls the web backend to check on the progress of the cracking process. As the existing list of slots is completed by the workers the master allots more slots. When a worker cracks the hash and returns the clear-text value the master confirm this and then signals all workers to stop cracking.

Web Backend:

The web backend acts as a proxy between the master and the workers. It does not perform any actual computation but validates the data submitted by both the parties and passes information between them.

Worker:

The worker performs the actual hard work of cracking the hashes. Each hash has a unique worker URL and this page explicitly asks for the user permission before the cracking process is started. Once the user accepts and clicks ‘Start’ the worker polls the web backend for available slots, the web backend returns an array of slots from its database. The worker cracks each slot and sends the result to the web backend. After completing all the slots it polls the web backend for more slots.

Here is the tool:

http://www.andlabs.org/tools/ravan.html

How to Use Ravan for Password Cracking?

In my previous article, i explained about the Ravan Tool. Now let us see how to use the Ravan for cracking passwords.

Requriments:

Lot of Friends :

Ravan is Distributed password cracking method. So you will need lot of friends who have Pc with Internet connection. The speed of cracking will increase based on the number of pc contribute in the cracking.

How to use Ravan?

Step1:

Go to http://www.andlabs.org/tools/ravan.html
Enter the value of the hash that must be cracked
Enter the value of the salt, if it is not a salted hash then leave it blank
Enter the charset. Only these characters will be use in the brute force attack
Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
Select the position of the salt. (clear-text+salt or salt+clear-text)
Hit ‘Submit Hash’

Step 2:

If hash is successfully submitted, it would return a URL. Now you just need to send this URL to all your friends and ask them to click the start button.

The main page manages the cracking so it must not be closed or the cracking would fail.

That is it. Once your friends click start they would be doing pieces of the work and submitting results back.

The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed.