WWW Hackingarticles in Category Collection of Hacking Tools

Hacking Articles
Raj Chandel's Blog
CTF Challenges Penetration Testing Web Penetration Testing Red Teaming Donate us Courses We Offer
POST CATEGORY : Hacking Tools

Search
ENTER KEYWORD
Comprehensive Guide on fcrackzip Tool

posted in HACKING TOOLS on AUGUST 22, 2019 by RAJ CHANDEL with 0 COMMENT Subscribe to Blog via
Email
In this article, we are going to discuss fcrackzip which is a third-party tool for Email Address
cracking zip files passwords. It is the best tool as it tries to search zipfile for
encrypted files and tries to guess their password. Here, we have discussed each SUBSCRIBE
option available in fcrackzip so that we can use this tool to its best of potential.
There are many cases where an individual type an incorrect password. And unzip
reacts quickly to it, it doesn’t even need to decrypt the whole file. While the Follow us
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
encryption algorithm used by zip is relatively secure, fcrackzip made cracking easy
by providing hooks for very fast password-cracking, directly in the zip file.
Understanding these is crucial to zip password cracking.
Every password’s first twelve bytes are decrypted initially. Depending on the
version of zip used to encrypt the file, the first ten or eleven bytes are random,
followed by one or two bytes whose values are stored elsewhere in the zip file, i.e.
are known beforehand. The password is considered wrong when the last bytes do
not match. The only method to determine whether the password I correct or not,
we need to unzip the file and compare the uncompressed length and crc.
Earlier versions of pkzip stored two known bytes. Thus, the error rate was roughly
1/216 =0.01%. pkware ‘improved’ the security of their format by only including one
byte, so the possibility of false passwords is now raised to 0.4%. Unfortunately,
there is no real way to distinguish one byte from two-byte formats, so we have to
be conservative.
Introduction to fcrackzip
We frequently use zipped files due to its small size and encryption algorithm. Categories
These zipped files come with a facility of password protection which maintains the
 BackTrack 5 Tutorials
security of the files.
 Cryptography & Stegnography
When u have lost the password, and the problem arises of how to crack it, fcrack
 CTF Challenges
comes to the rescue to save and provide you with the way out in order to protect
 Cyber Forensics
your documents. Simple way to crack a protected zip file with the help of fcrackzip
 Database Hacking
which is available under Linux.
 Footprinting
Fcrackzip is a free/fast zip password cracker, It was written by Marc lehmann
 Hacking Tools
<pcg@goof.com>. It was not the fastest zip cracker available, but to provide a
portable, free, but still fast zip password cracker.  Kali Linux
 Nmap
Multiple features of fcrackzip
 Others
As we are using Kali Linux, fcrackzip tool is installed by default, we just need to
 Password Cracking
open the terminal and just type “fcrackzip –help” and its help command will run
 Penetration Testing
and greet you.
 Pentest Lab Setup
-b: for using brute force algorithms.
 Privilege Escalation
-D: for using a dictionary.
 Red Teaming
-B: execute a small benchmark.
 Social Engineering Toolkit
-c: use characters from charset.
-h: show the help message.  Trojans & Backdoors
–version: show the version of this program.  Uncategorized
-V: validate or check the algorithm.  Website Hacking

-v: for verbose mode.  Window Password Hacking
-p: for using a string as a password.  Wireless Hacking
-l: for providing a specific length to password.
-u: for weed out wrong passwords.
-m: to specify the method number.
Articles
Select Month
Creating a password-protected zip file
Firstly, we have to create a password-protected file in that process we need to
select that file which we want to secure with that format, after selecting that file
we need to follow the command.
Syntax: zip –password <password you want> <name of the zip file> <file or data
you want to protect>
Cracking the password of the zip file
fcrackzip is a very impactful tool and also quite easy to use for making a brute
force attack on any zip file, for that we need to use different-different format for
cracking the password of the zip file. In order to that we (-b) which allow us to
brute force on that zip file, (-c) which define the charset for the dictionary to brute
force.
1 fcrackzip -b -c 'a' file.zip
In the above result, we are seeing all the possible outcomes of the attack if we
want to wipe out the wrong passwords we can use (-u) which allow us to see only
the correct outcome through the result.
1 fcrackzip -b -c 'a' -u file.zip
Verbose mode
In fcrackzip, verbose is a mode which can be initiated using (-v) parameter. Now
verbose mode generates extended information. In our case, verbose mode helps us
to get information about the file in that password-protected zip file, like the size
of that file, name of that file etc., And the current combination of a dictionary
which is applied on that zip file.
1 fcrackzip -b -v -c 'a' -u file.zip
Cracking numeric password with a specific length

for that, we have created a numeric password protected the zip file with the same
command which we use earlier to create a password-protected zip file.
In this case, we use to 2 different parameters like (-c ‘1’) we use that parameter
earlier but that we use this for a different purpose now we are using this for
applying numeric charset. The second parameter is (-l)
this parameter is used to specify the length of the password (minimum length –
maximum length).
1 zip --password 123 raj.zip user.txt

2 fcrackzip -b -v -c 'a' -l 1-3 -u raj.zip
Providing intial password
In this parameter we are providing a set initial password for brute force with the
name string to supply passwords for dictionary searching, through this we can
provide them with the set of strings to add those keywords in their dictionary.
1 fcrackzip -b -v -c 'a' -p ignite -u file.zip
Dictionary Traversing
In this mode fcrackzip will read the passwords from a file that is given by us, that
file must contain one password per line and should be alphabetically ordered so
that fcrackzip will work according to its default working.
1 fcrackzip -D -p rockyou.txt file.zip
Different method
In this parameter we are using a different method than the default for our cracking
process the switch –help will print a list of available methods, and we can use –
benchmark to see which method is best for our machine, use method number
instead of the default cracking method.
1 fcrackzip -b -v -c 'a' -m 1 -u file.zip
Benchmark
This parameter helps us to find out which method of fcrackzip is more impactful in
your machine by calculating a benchmark score.
1 fcrackzip -B
Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field

of WebApp Penetration testing. Contact here
Comprehensive Guide to Steghide Tool
posted in HACKING TOOLS , PENETRATION TESTING on JULY 26, 2019 by RAJ CHANDEL
with 4 COMMENTS
In this article, we’ll learn about Steghide. There are various steganography tools
available but the part that differentiates it is that it uses a variety of algorithms to
encrypt the data. Moreover, Steghide supports to hide data behind any
image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc.
Table of Content
Introduction to Steganography
Introduction to Steghide
Features
Installation of Steghide
Getting Start with Steghide
Functionality of Steghide
Embedding of Data Via Steghide
Extraction of Data Via Steghide
Password Protect Files
Retrieve Information of Embedded File
Verbose Mode
Compression Mode
Anti-compression Mode
Embedding File Without Name
Encrypting Algorithms
Overwriting the Existing File
Introduction to Steganography
In digital steganography, electronic communications may incorporate
steganographic coding inside of a transport layer, such as a document file, picture
file, program or convention. Media records are perfect for steganographic
transmission since of their expansive estimate. For instance, a sender might begin
with a harmless picture and make few alterations to it in order to hide data, so
that, this alteration goes unnoticed for someone who is not particularly seeking
out for it.
The upside of steganography over cryptography alone is that the planned mystery
message does not stand out to itself as an object of examination. Clearly obvious
scrambled messages—regardless of how unbreakable—stimulate intrigue, and may
in themselves be implicating in nations where encryption is illicit. In this manner,
while cryptography is the act of securing the substance of a message alone,
steganography is worried about hiding the way that a mystery message is being
sent, just as disguising the substance of the message.
Introduction to Steghide
Steghide may be a steganography device which permits you to cover up
confidential records inside a picture or sound record with a passphrase. Bolsters
BMP and JPEG picture groups, AU and WAV sound groups. By default, its
employments Rijndael calculation to scramble the record and the key measure is
128 bits. This tool has its advantages and disadvantages. One upside is that it is
significantly better at covering up and can without much of a stretch shroud any
document type. It does as such by utilizing a propelled calculation to shroud it
inside the picture (or sound) record without changing the look (or sound) of the
document. This additionally implies without utilizing steghide (or if nothing else a
similar scientific methodology as steghide) it is hard to extricate the concealed
documents from the picture.
Features
Compression of embedded data
BMP, GIF and JPG supported
Encryption of embedded data
Decryption via password
Uses various algorithms for encryption
Installation
Let’s start with the installation of steghide. In windows, we can download steghide
from http://steghide.sourceforge.net/download.php. After downloading we have
to simply unzip the files and use it through the cmd. In Linux, open your terminal
and type the following command to download Steghide :
1 apt-get install steghide
Getting Started with Steghide

To start Steghide, the most basic option we use the help command. This command
will display us all the options that Steghide provides us.
1 steghide --help
Embedding Data in The Image
We hide data in the image using Steghide so that only the person who
acknowledges it can read that. So, we made a text file named as user.txt in which
we wrote our confidential data and image.jpeg is that file in which we are
embedding our data. To achieve this, we’ll be executing the following command:
1 steghide embed -ef <txt filename> -cf <media filename>
Here, ef and cf are termed as embedded file and cover file respectively.
Extraction of Data Via Steghide

Using Steghide adds an extra layer of security by allowing us to use a password
for it. Now, to extract the hidden data use the following command :
1 steghide extract -sf <media filename>
Then enter the password in order to extract the file.
Here,
sf is a secret file
Password Protect Files

Now, we can also extract the files using the following command. This command is
different is that it specifies a password in the command itself, therefore, we do not
need to specify it separately.
1 steghide embed -ef <txt filename> -cf <media filename> -p <password>
Retrieve Information of Embedded File
If we have an image that is suspected to have data hidden and if so, then which
algorithm is used to encrypt the data in the file. Then we will use the following
command :
1 steghide info <media filename>
Verbose Mode
To get each and every information of a file during its extraction, we can use the
verbose mode. The verbose mode gives you the detailed information. We can use
the verbose mode by executing the following command :
1 steghide embed -v -ef <txt filename> -cf <media filename>
Compression Mode
Now if we want to compress text file before hiding it then we would use the
following command. The compression level can vary from 1 to 9. The first level
gives you speed to compress whereas, at 9th level, it will provide you with the best
compression techniques.
1 steghide embed -ef <txt filename> -cf <media filename> -z 2
Anti Compression Mode

Now if we don’t want to compress a file before hiding it then we will use the
following command :
1 steghide embed -ef <txt filename> -cf <media filename> -Z
Embedding File Without Name
We can also hide a file without naming it. We will use this command :
1 steghide embed -ef <txt filename> -cf <media filename> -N
Encrypting Algorithms
We can encrypt the data that we are hiding by using encryption techniques. And
this can be easily achieved by just using the following command :
1 steghide embed -ef <txt filename> -cf <media filename> -e <algorithm na
Overwriting the Existing File

When extracting the file let’s assume we have already have a file in the same
directory with the same name. then we can use the following command to
overwrite the existing file if that is desired. And for this use the following
command :
1 steghide extract -sf <media filename> -f
Conclusion
So, this was the short guide about Steghide. And as you can see, it is an easy tool
for steganography. It’s also user-friendly. It has, therefore, become one of the
finest steganography tools for extracting and embedding information in a
multitude of media files Steghide has many uses and its other notable
characteristics such as file encryption make it one of the finest steganography.
Author: Dheeraj Gupta is a Certified Ethical Hacker, Penetration Tester and a Tech
Enthusiast in the field of Network & Cyber Security. Contact Here
Threat Detection for your Network using Kfsensor Honeypot

posted in HACKING TOOLS on MARCH 30, 2019 by RAJ CHANDEL with 1 COMMENT
In this article, however, we will set up a framework to draw in attacker so we can

catch or study them. Since almost the majority of the attackers around the globe
are focusing on Windows servers for the various of their known defects and
vulnerabilities, we will set up a Windows framework to do only that. we will set
up a honeypot. In the event that you abandon it ready for action, you can watch
other attackers rehearsing their attack and prepare for it.
Table of Content:
Introduction to Honeypot
Introduction to KFSensor
Working of KFSensor
Introduction to Honeypot
Honeypot disguises itself as an actual server to give the false idea to the attackers
and divert their attacks. Therefore,a honeypot should be set up just like the real
server so that data can appear to be authentic by showing fake files, fake ports,
fake directories, etc. As the honeypot creates the illusion of being legitimate; the
attacker tends to believe that they have gained accessed of the real deal. One of
the main differences is the area of the machine in connection to the genuine
servers. The disguised machine is normally set someplace in the DMZ. This
guarantees the inner system isn’t presented to the attacker. Honeypots work by
checking and\or once in a while controlling the interloper amid their utilization of
the Honeypot. This should be possible whether the assault originated all things
considered or within the system, contingent upon the area of the distraction
framework. Honeypots are commonly intended to review the action of an
interloper, spare log documents, and record such occasions as the procedures
began, orders, a record includes, erases, changes, and even keystrokes.
Introduction to KFSensor
KFSensor is a honeypot for a windows system. it also acts as an IDS. Its job is to
attract and detect all the attackers in the network, hence the name ‘Honeypot’. It
does so by imitating a vulnerable environment and disguising itself as a server and
it way, it succeeds to not only catch the attacker but also helps to know their
motive. It is specifically designed for windows therefore it contains a lot of
windows dedicated unique features. It’s quite convenient to use and a user friendly
due to its GUI based console, along with its low maintains.
Working of KFSensor
KFSensor’s role is to be a decoy server for the attackers in order to protect the real
thing. It does its job perfectly by opening fake ports on the system where it’s
installed and gathering the information when a connection is made. It does this in
precisely the same way as a routine server program, such as a web server or an
SMTP server. By doing this it sets up a target, or a honeypot server, that will record
the activities of an attacker.
Working with KFSensor
After downloading and installing KFSensor, when you turn it on, you will see the
following window. Here, click on next.
Then it will ask you to select the ports as shown in the image below, after
selecting the ports click on next button.
Then it will ask you if you want get email notification of its alerts over the time.
So, here, you can add the email from which you want to send and the email where
you want to receive the mails.
After these formalities, click on finish button.
Once, you click on the finish button, it will show you the following window.
Now, as the honeypot has been setup, if you scan the victim target (which is
installed with honeypot) using nmap, it will show you all the ports open ass a
decoy, just like its shown in the image below :
And in KFSensor it will show the details of the scan along with its IP. It will also
generate an alarm to alert you.
If the attacker is using any other tool to scan the network, like Nessus, even then
the working of KFSensor will be same. For instance, if the attack is through Nessus
as shown in the image below :
And when the attack from Nessus is completed, it will show you the faux result as
you can see in the image below :
And similarly, the KFSensor will alert you as it is shown in the image below :
This way, KFSenor is the best way to detect and confuse the attacker in order to
save yourself and be cautious.
Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field

of WebApp Penetration testing. Contact here
← OLDER POSTS

WWW Hackingarticles in Category Collection of Hacking Tools

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WWW Hackingarticles in Category Collection of Hacking Tools

Uploaded by

Copyright:

Available Formats

Hacking Articles

Raj Chandel's Blog

POST CATEGORY : Hacking Tools

Comprehensive Guide on fcrackzip Tool

–version: show the version of this program.  Uncategorized

-V: validate or check the algorithm.  Website Hacking

Cracking the password of the zip file

1 fcrackzip -b -c 'a' file.zip

1 fcrackzip -b -c 'a' -u file.zip

Cracking numeric password with a specific length

1 zip --password 123 raj.zip user.txt

1 fcrackzip -b -v -c 'a' -p ignite -u file.zip

1 fcrackzip -D -p rockyou.txt file.zip

1 fcrackzip -b -v -c 'a' -m 1 -u file.zip

Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field

Comprehensive Guide to Steghide Tool

Getting Started with Steghide

Extraction of Data Via Steghide

1 steghide extract -sf <media filename>

Then enter the password in order to extract the file.

Password Protect Files

1 steghide embed -ef <txt filename> -cf <media filename> -z 2

Anti Compression Mode

Embedding File Without Name

1 steghide embed -ef <txt filename> -cf <media filename> -N

Overwriting the Existing File

Threat Detection for your Network using Kfsensor Honeypot

In this article, however, we will set up a framework to draw in attacker so we can

Working with KFSensor

Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field

You might also like