Thursday, 30 January 2014

Installing Latest LibreOffice in Debian stable

To get the latest version of libreoffice, do the following:

sudo su
echo 'deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free' >> /etc/apt/sources.list
echo 'deb-src http://ftp.debian.org/debian/ wheezy-backports main contrib non-free' >> /etc/apt/sources.list


apt-get update && apt-get -t wheezy-backports install libreoffice

Wednesday, 29 January 2014

Tuesday, 21 January 2014

How to hash and crack UNIX passwords in python

Crypt module

I am using the crypt module here, which is a one-way hash function based upon a modified DES algorithm. You can easily adjust the script to crack secure hash algorithms (SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA’s MD5 algorithm ) by using the hashlib  module.

Crypt Overview

import crypt
crypt.crypt("user", "AD")
'AD5Qg2vQhsLRw'

AD is the salt, which is a random two-character string which will be used to perturb the DES algorithm in one of 4096 ways.

The python password cracking script

import crypt
def testPass(hashpass):
    salt = hashpass[0:2]
    dictionary = open('dictionary.txt', 'r') #this is our dictionary file
    for word in dictionary.readlines():
        word = word.strip('\n')
        crypto = crypt.crypt(word,salt)
        if crypto == hashpass:
            print "[+] Password: "+word+"\n"
            return
    print "[-] Password Not Found.\n"
    return

def main():
    hashpass = open('passwords.txt', 'r') #file with hashed password
    for line in hashpass.readlines():
        if ":" in line:
            user = line.split(':')[0]
            hashpass = line.split(':')[1].strip(' ')
            print "[*] Cracking Password For: "+user
            testPass(hashpass)
if __name__ == "__main__":
    main() 
 
Save the script as cracker.py.
You also need to create a dictionary.txt and password.txt  (with the hashed passwords) file to successfully run the program.

Create a new folder and put the three files into it, afterwards simply run 
python cracker.py

You can download all of the files here: Drive

Sunday, 12 January 2014

Installing Metasploit on Debian (or Ubuntu)














sudo su  

apt-get -y install build-essential zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev locate libreadline6-dev libcurl4-openssl-dev git-core libssl-dev libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget postgresql postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev  

apt-get install git-core postgresql curl ruby1.9.3 nmap gem  
gem install wirble sqlite3 bundler  

cd /opt  
git clone https://github.com/rapid7/metasploit-framework.git  

cd metasploit-framework  
bundle install  

./msfconsole  


msfconsole tutorial: click