A) Password Cracking
B) Dictionary Attack
C) Encrypt and Decrypt Passwords
D) Ifconfig, ping, netstat, traceroute
E) Steganography tools
A) Password Cracking
a) Use MD5 to generate to find out the md5 hash for some words:
i) Admin
ii) Admin123
iii) admin@123
Output MD5 hash for:
Admin: e3afed0047b08059d0fada10f400c1e5 Admin123: e64b78fc3bc91bcbc7dc232ba8ec59e0 admin@123: e6e061838856bf47e1de730719fb2609
Admin@974$unil#: 4c644c8c48fe084e58c50419c94c867c
B) Dictionary attack using python
Step 1: Create Passwordlist.txt file
Step 2: Create MD5 hash of the words in passlist.txt
Step 3: Write the python code for dictionary attack
Code: import hashlib
flag=0
p_hash=input(“Enter MD5 hash: “)
dictionary = input(“Enter dictionary Filename:”)
try: password_file=open(dictionary,“r”) except:
print(“No file found”) quit()
for word in password_file: enc_word=word.encode(‘utf-8’)
digest =hashlib.md5(enc_word.strip()).hexdigest() if(digest==p_hash):
print(“password has been found”) print(“password is:” +word) flag=1
break
if(flag==0):
print(“No password found”)
Output: on Cmd
C) Encrypts and Decrypt Password
Go to http://secretmessages.online/Home/Software and download SecretMessagerPro_2.0.0. Encrypt and decrypt text and password using the secretmessagerpro software.
D) Ipconfig, ping, netstat, traceroute
ipconfig:
The “ipconfig” displays the current information about your network such as your IP and MAC address, and the IP address of your router. It can also display information about your DHCP and DNSservers.
ipconfig
ipconfig/all
ping:
Allows you to send a signal to another device, and if that device is active, it will send a response back to the sender. The “ping” commandis a subset of the ICMP (Internet Control Message Protocol), and it uses what is called an “echo request”. So, when you ping a device you send out an echo request, and if the device you pinged is active or online, you get an echo response.
ping www.google.com
This command lets you see all steps a packet takes to the destination. For example, if we send a packet to www.google.com, it actually goes through a couple of routers to reach the destination. The packet will first go to your router, and then it will go to all kinds of different routers before it reaches Google servers. We can also use the term “hops” instead of routers. Let’s run the command and see what kind of results we get.
tracert www.google.com
netstat
Displays all sorts of network statistics when used with its variousoptions. One of the most interesting variants of netstat is netstat -an, which will display a list of all open network connections on theircomputer, along with the port they’re using and the foreign IP address they’re connected to.
netstat -an
E) Steganography tools
Step 1: Prepare the secret file that you want to hide (e.g., Steganography_eg.txt)
Step 3: Drag and drop the host file inside which you want to hide secret file (light.bmp)
Step 4: Now drag and drop the secret file on image file and alert by stool to enter passwordand choose encryption algorithm will come.
Step 5: After entering password and algo, click ok. Tool will create identical copy hiddendata.bmp.
Step 6: Right click and save it.
Step 7: To reveal the hidden data open the file in S-Tool. Right click select reveal and putpassword and select algorithm.
Tweets
Ethical Hacking Lab Manual
Twitter
Facebook
WhatsApp
LinkedIn
