The Concept Of Cracking

The scene of cracking has exploded, mostly due to the availability of cracking programs and popularity of websites that cost money. The Internet is filled with predictable and Internet dumb users. With these users comes an opportunity for you to take what is not yours by brute force.
This article is meant to guide you to successfully cracking accounts. So let’s get on with it.
The Main Principle of Cracking
One difficult to grasp fact new crackers come to find out is that cracking a particular account is usually difficult. Understanding this fact is a key step in becoming a successful cracker. There’s great success in numbers. The more user accounts you have to try and crack, the more likely you’ll have success. The reason behind this is simple and logical. If you have a pair of dice, and need to roll snake eyes(two ones), the more tries you have, the better the chance of success.
The main principle of cracking is trying as many valid users(will be covered later) as possible. Despite what others may think, have 10,000 user accounts to try and crack is a much better scenario than having 3 user accounts and 10,000 passwords.
Internet Dumb Users
Most people on the Internet do not take security seriously. There is a misconceived notion about the Internet that it’s secure and anonymous. This lack of concern leads to guessable and common passwords. Patterns, common words, and common names are usually likely passwords. These are usually chosen by these users because they’re easy to remember. Another common lapse in judgment is the fact that these users usually use the same password for all things they have a password for; bank or credit card accounts, E-Mail accounts, and pretty much anything else you can imagine.
All About Passwords
Choosing passwords to crack with is a critical of your success. Using “tert34g” as a password to crack with is not a good idea. Yeah, there’s some small chance that you may achieve one successful attempt with it, but it’s a waste of time.
Think about it. What do most people have in common? Names, favorite foods, favorite animals, favorite sports teams, favorite colors, etc. Instead of relying on preexisting password lists, try creating your own. Why? Things change. What was popular last year is no longer popular. MySpace as a password was logical two years ago. Now, most people haven’t logged into their MySpace in months. Your unique ideas may provide you great success. Think about what’s popular now… Justin Bieber, Obama, or the Miami heat. I bet you never thought of “heat” as a password.
Selective passwords are what I call passwords that are applicable only to a single website. If you’re attempting to crack Facebook accounts, passwords like facebook, Facebook, or FACEBOOK are likely to be successful. If you’d like to go further, go into why people use Facebook. You can logically come to the conclusion that people use it for friends, buddies, etc. Those are logical passwords. The web site’s name is one of the most common passwords used by users because it’s easy to remember, and that same logic applies to every site they have an account with.
Passwords are usually lazy. Most people are too lazy to put any effort into a password, so people will rarely capitalize a password. Any part of the password. Usually, passwords cased like Michelle are rarely successful. The extra motion needed to reach the shift key is usually not a desirable motion for most users. Lowercase passwords are by far the most popular. Uppercase passwords like PASSWORD follow in second, and “properly” cased passwords like “Password” are third.
Name as password = success. One of the most successful method for cracking is using the user name as a password. Bobby’s password is possibly bobby, and Janet’s is likely to be janet. You can go further, and remove numbers with some programs. Bobby1945′s password is possibly bobby, or even boby1945. Again, laziness. Most programs support the use of user name as password, and can remove the letters or numbers from the password for added control.
Research the Website You’re Cracking
A lot of sites are becoming critical of their users’ passwords. Now, most require a minimum password length, and even have particular rules like they must contain a number. To help with this, I’ll explain the most common passwords should these kinds of rule apply.
If a website requires a number, try common passwords, and add a “1″, or any other number, on the end. password1, adam1, facebook1 are all quite plausible and lazy(which is what you’re going for).
If a website requires a capital letter, try capitalizing the first letter, or all letters: Facebook, Password, PASSWORD, LOVE.
If a website requires a capital letter and a number, try capitalizing the first letter and adding a “1″, or any other number, at the end: Password1, Michelle1, Rachel1.
If a website requires a symbol, try an exclamation mark(!) or a period(.) at the end of common passwords: password!, iloveyou., etc.
Research will prevent you from wasting time. If you don’t do proper research, and you’re cracking a site that requires passwords with a length of more than 4, and you’re using “1234″ as a password, you’re not doing a bit of good other than wasting bits and bytes of bandwidth.
Trying Other Sites with Cracked Accounts
9 times out of 10, a user has at least two accounts with the same password. An ideal situation is when you crack an account, and look in the account information, then find the user’s E-Mail address. It’s not even 50% likely, but there’s a better chance than usual that you know that E-Mail address’s password. If and when you access the E-Mail account, it’s probable that all other sites the user has registered on has sent him or her an E-Mail. Not many people clean their E-Mail box.
Don’t Crack Air; Use Valid Users
If a user account doesn’t exist, why would you try to crack it other than to waste time? Understand that like passwords, a lot of user names are common words, phrases, or patterns. bobby1 is more likely to exist than bobby10382.
As of this moment, there are a few program available for validating whether or not accounts exist. I will not discuss or list these programs, but do the research; it’s well worth it.
Combos(Password Databases)
Combos, as they are called by most crackers, are lists of user names and passwords that have already been cracked for other sites. These are highly successful, but the success can be short lived if other users have access to the same combo. Programs that search for combos are useful, but as I just stated, the success they give can be short lived. These programs are predictable, by that I mean that they use the same, repetitive collecting mechanism.
Combos are a great asset to cracking, but it can be a gold rush which other users can “steal” your hard work.
Sample List
Here’s a small sample password list off the top of my head that will likely be successful:
123456
123456789
abc123
asdf
asdfghjkl
54321
password
password1
lakers
bieber
michael
chris
jesus
money
green
yellow
blue
tiger
puppy
kitten
kitty
james
brandon
michelle
elizabeth
stacy
As you can see, all passwords are common words, or easy to remember patterns.
Cracking accounts can be easy; and it can be hard. This all depends on your research and effort before cracking. Success is paved with research

How To Crack IIS FTP Password Using Brute-Force


How to crack IIS FTP password using Brute-Force
Ftp is an application or service or protocol which can be used to transfer files from one place to another place ,it really comes very handy during transfer of files from a local box to a remote one .Suppose someone get access to your FTP then he/she can cause nightmare for you byuploading unappropriate images or files etc.Here we will discuss how we can crack the password of IIS installed FTP service in Windows.
What is Brute-Force?
Brute-Force is a type of attack in which every possible combination of letters, digits and special characters are tried until the right password is matched with the username. The main limitation of this attack is its time factor. The time it takes to find the proper match mainly depends on the length and complexity of the password.Here I will be using this attack to crack the password.So,lets start….
Requirements:
1. The tool we will be using ” BrutusA2”(Download: http://www.hoobie.net/brutus/)
2. You need to know the target suppose “ftp://123.123.xx.xxx”
Procedure:
Step 1. Here I have shown an authentication page of an FTP service in the image below and in the following steps we will crack its password using brutus.


9RBg6txCg81T9cuZgzZJzxDK8hwU73JFsLsYZ2ixtmg7GefndsgqMSRi8hH6HPjDNPUf0aexoO1Pp9W4WyvxTK8NOjJoXx0a31abOR9IUSci2YpGIQ1 300x207 How to Crack IIS FTP Password Using Brute Force
Step 2. Now open up “Brutus” and type your desire target ,select wordlist and select “FTP” from the drop down menu and click start. If you are confused then follow the image below.
 How to Crack IIS FTP Password Using Brute Force
Step 3.The time it takes as I mentioned above depends on the complexity and length of the password.So after clicking the start button wait for the time as mentioned in the tool.The password will be displayed as shown above.

How to login SSH without password?

Your aim

You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.

How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa): 
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
 
a@A:~> ssh b@B mkdir -p .ssh
b@B's password: 

Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
 
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password: 

From now on you can log into B as b from A as a without password:
 
a@A:~> ssh b@B hostname
B

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
  • Put the public key in .ssh/authorized_keys2
  • Change the permissions of .ssh to 700
  • Change the permissions of .ssh/authorized_keys2 to 640