In previous post we see that there is a number of method used by hacker to fulfill their ambition. In this post I want to explain how the hacker get the password. From the previous step at previous post, at least there are 3 steps which including activity to get the password, at enumeration, gaining access, and escalating privilege. We can get the password with several way.
Password cracking is just one of the several way used by hacker to get our password. And there are so many more way, including social enginering, in other wise called ?????.
There are 4 basic way to get the password more respected is:
Face email or block email
Dsniff and mailsnarf is tools which used to knowing any data packages passing a network card and observe it to know the password (dsniff) or email (mailsnarf).
Password cracking is just one of the several way used by hacker to get our password. And there are so many more way, including social enginering, in other wise called ?????.
There are 4 basic way to get the password more respected is:
Face email or block email
Dsniff and mailsnarf is tools which used to knowing any data packages passing a network card and observe it to know the password (dsniff) or email (mailsnarf).
This is data packages which pass a network card. And here the packages captured by WinPCap then show and saved as file log by Windump.
Basically it's not difficult to block email. We can use mailsnarf including in dsniff. Mailsnarf block packages which pass in internet and assembly it becomes a whole email.
Dsniff and Mailsnarf is software it work as WinPCap (like libcap on Linux) is a library which captured data packages. The captured packages then will be saved to a one file log by Windump, and Dsniff and Mailsnarf act more further, is observe this data packages and show the password (dsniff) or email (mailsnarf).
Basically it's not difficult to block email. We can use mailsnarf including in dsniff. Mailsnarf block packages which pass in internet and assembly it becomes a whole email.
Dsniff and Mailsnarf is software it work as WinPCap (like libcap on Linux) is a library which captured data packages. The captured packages then will be saved to a one file log by Windump, and Dsniff and Mailsnarf act more further, is observe this data packages and show the password (dsniff) or email (mailsnarf).
Password Cracking
Brutus, is one of remote password cracker working by dictionary attack technique or brute-force attack to ports of http, POP3, ftp, telnet, even NetBIOS.
There are 2 kind of password cracker, old way by guessing the combination of password one by one till the combination becomes right password. This way called as dictionary attack (if matching each word inside the dictionary) or brute-force attack (by matching all combination of character including number, and word). This way is very slow and there are many sites close the access to this login attempt which unsuccessful login?????.
The other way is by seeking our password inside the system and in this way hacker got to enter our system. It can causes by weakness of system or infiltrate of our man.
There are 2 kind of password cracker, old way by guessing the combination of password one by one till the combination becomes right password. This way called as dictionary attack (if matching each word inside the dictionary) or brute-force attack (by matching all combination of character including number, and word). This way is very slow and there are many sites close the access to this login attempt which unsuccessful login?????.
The other way is by seeking our password inside the system and in this way hacker got to enter our system. It can causes by weakness of system or infiltrate of our man.
Web spoofing
Basically is an attempt to dim us and make us think that we just access a certain sites, but in fact it's not so. In other way by being a our lead web with we are going to access. In otherwise by being proxy server to us while surfing.
Java applet and ActiveX
It has been made for access our hard disk and do whatever to it, including read the password saved on system. Windows facility which give us to remember the password is so dangerous, it causes make password saved on cache memory can be accessed by any password revealer like Snadboy's Revelation or 007 Password Recovery easily. It safe if we save our password on a piece of paper.
0 comments:
Post a Comment