Hcon Security Testing Framework (HconSTF)

HconSTF Browser:> Code Name: Prime

Description

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

0 comments:

Never Forget To Say Thanks :D

Types of MD5 Hashes

I have been found some md5 hash passwords in hacked sites but i don't know how they goes or which types these were. This note will tell us about md5 hashes more detail depending on different CMS, WP or Joomla or Phpmyadmin or something else.

DES(Unix) 
Example: IvS7aeT4NzQPM 
Used in Linux and other similar OS. 
Length: 13 characters. 
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash. 
Notes: [1] [2] 

Domain Cached Credentials 
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91 
Used for caching passwords of Windows domain. 
Length: 16 bytes. 
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username))) 
Note: [1] 

MD5(Unix) 
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/ 
Used in Linux and other similar OS. 
Length: 34 characters. 
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash. 
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times. 
Notes: [1] [2] 

MD5(APR) 
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj. 
Used in Linux and other similar OS. 
Length: 37 characters. 
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash. 
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times. 
Notes: [1] [2] 

MD5(phpBB3) 
Example: $H$9123456785DAERgALpsri.D9z3ht120 
Used in phpBB 3.x.x. 
Length: 34 characters. 
Description: The hash begins with the $H$ signature, then there goes one character (most often the number '9'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash. 
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times. 
Notes: [1] [2] 

MD5(Wordpress) 
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01 
Used in Wordpress. 
Length: 34 characters. 
Description: The hash begins with the $P$ signature, then there goes one character (most often the number 'B'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash. 
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times. 
Notes: [1] [2] 

MySQL 
Example: 606717496665bcba 
Used in the old versions of MySQL. 
Length: 8 bytes. 
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff. 

MySQL5 
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40 
Used in the new versions of MySQL. 
Length: 20 bytes. 
Algorithm: SHA-1(SHA-1($pass)) 
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash. 

RAdmin v2.x 
Example: 5e32cceaafed5cc80866737dfb212d7f 
Used in the application Remote Administrator v2.x. 
Length: 16 bytes. 
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm. 

MD5 
Example: c4ca4238a0b923820dcc509a6f75849b 
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS. 
Length: 16 bytes. 
Algorithm: Same as the md5() function in PHP. 

md5($pass.$salt) 
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234 
Used in WB News, Joomla version 1.0.13 and higher. 
Length: 16 bytes. 
Note: [1] 

md5($salt.$pass) 
Example: f190ce9ac8445d249747cab7be43f7d5:12 
Used in osCommerce, AEF, Gallery and other CMS. 
Length: 16 bytes. 
Note: [1] 

md5(md5($pass)) 
Example: 28c8edde3d61a0411511d3b1866f0636 
Used in e107, DLE, AVE, Diferior, Koobi and other CMS. 
Length: 16 bytes. 

md5(md5($pass).$salt) 
Example: 6011527690eddca23580955c216b1fd2:wQ6 
Used in vBulletin, IceBB. 
Length: 16 bytes. 
Notes: [1] [3] [4] 

md5(md5($salt).md5($pass)) 
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S 
Used in IPB. 
Length: 16 bytes. 
Notes: [1] [3] 

md5(md5($salt).$pass) 
Example: 816a14db44578f516cbaef25bd8d8296:1234 
Used in MyBB. 
Length: 16 bytes. 
Note: [1] 

md5($salt.$pass.$salt) 
Example: a3bc9e11fddf4fef4deea11e33668eab:1234 
Used in TBDev. 
Length: 16 bytes. 
Note: [1] 

md5($salt.md5($salt.$pass)) 
Example: 1d715e52285e5a6b546e442792652c8a:1234 
Used in DLP. 
Length: 16 bytes. 
Note: [1] 

SHA-1 
Example: 356a192b7913b04c54574d18c28d46e6395428ab 
Used in many forums and CMS. 
Length: 20 bytes. 
Algorithm: Same as the sha1() function in PHP. 

sha1(strtolower($username).$pass) 
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a 
Used in SMF. 
Length: 20 bytes. 
Note: [1] 

sha1($salt.sha1($salt.sha1($pass))) 
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234 
Used in Woltlab BB. 
Length: 20 bytes. 
Note: [1] 

SHA-256(Unix) 
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9zYE1v0 
Used in Linux and other similar OS. 
Length: 55 characters. 
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash. 
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times. 
Notes: [1] [2] 

SHA-512(Unix) 
Example:$6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTIxGEjssvtT1aKyZHjs 
Used in Linux and other similar OS. 
Length: 98 characters. 
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash. 
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times. 
Notes: [1] [2]

SHA-1(Django) = sha1($salt.$pass) 
Example: sha1$12345678$90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b 
12345678 is salt (in the hexadecimal format) 
90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b is SHA-1 hash. 

SHA-256(Django) = SHA-256($salt.$pass) 
Example:sha256$12345678$154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b 
12345678 is salt (in the hexadecimal format) 
154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b is SHA-256 hash. 

SHA-384(Django) = SHA-384($salt.$pass) 
Example:sha384$12345678$c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5 
12345678 is salt (in the hexadecimal format) 
c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5 is SHA-384 hash. 

SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass) 

SHA-1(ManGOS2) = sha1($username.':'.$pass)   

------------------------------------------------- 
Notes: 

[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash). 

[2] The hash is to be loaded to the program in full, to the "Hash" column - the program will automatically extract the salt and other required data from it. 

[3] The ':' character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space. 

[4] Salt can contain special characters - single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a'4 instead of a\'4, as well as the salts a"4 instead of a\"4 and a\4 instead of a\\4.

0 comments:

Never Forget To Say Thanks :D

Symlink Tutorial: Bypass Server


Almost hacker need to know about symlink. Watch the Video Tutorial by AtomMota about Symlink. Enjoy symlinking!



1 comments:

Never Forget To Say Thanks :D

Hacker Home Pro v2.1 Apk

Hackers Home Pro v2.1

Hacker’s Home is the 1st android app ever in the Google Play Store which includes tons of stuffs relating Hacking Computer, Wi-Fi, Website, Facebook, Emails with step by step tutorials and with live chat functionality which let you stay tuned with the hackers all around the globe.
This is the Pro Version of Hackers Home which contains More Bunch of tutorials about : 

  • Computer Hacking
  • WiFi Hacking
  • Instant Facebook Hacks Tutorial
  • Hacking Website
  • Email Hacking
  • Protect Yourself
  • Backtrack 5 tutorials
  • Windows Tricks and Hacking
  • Regular updates 
  • Ads Free
  • More Amazing Stuffs
Wanna learn to hack? Let us show you how!

Note: - This Application is only for education purpose and is 100% safe. This application is designed by the developer for the reference only.

This App Contains Step by step 1,730 Tutorials, Some of the list are as Follows :

  • Protect Your own accounts from being hacked
  • Strong your own security
  • Use your android phone to gain access to facebook, youtube, twitter, amazon accounts
  • Hack Websites with SQL injection and other methods
  • Hack Gmail, Yahoo & Msn Accounts
  • Crack Wifi WEP and WPA passwords
  • Gain access to e-mail accounts
  • Hack Facebook accounts
  • Bypassing school security
  • Speed up your internet connection on ps3, xbox, PC, or mac
  • Hacking websites with SQL injection
  • Hacking and cracking Wi-Fi by bypassing securities
  • Speed up your internet and optimize your PC
  • Setup Backtrack 
  • Backtrack 5 Tutorials
  • Some Interesting Windows Tricks
  • Password Cracking Tutorials
  • How to create Viruses
  • Video Tutorials
  • + Many More
What's in this version: (Updated : Sep 8, 2012)

  • Minor Bug Fixed
  • More Tutorial will be add soon
  • Next Update will be on 29th September
Required Android O/S : 2.2+ 

Download: Solidfiles Mirrorcreator

0 comments:

Never Forget To Say Thanks :D

Ubuntu 13.04 Beginner Guide [Myanmar Version]

Author: Negative Thunder
Publisher: Ubuntu Myanmar Loco Team
File Size: 3.43 MB
Pages: 75

Table of Contents:
Introduction to Linux
Introduction to Ubuntu
Installation
The Ubuntu Desktop
Work with Ubuntu
Software Management
Networking
Customization
Ubuntu Myanmar LocoTeam

Download: Rghost Mediafire Solidfiles Localhost Mirrorcreator

1 comments:

Never Forget To Say Thanks :D

Best Android Hacking Tools

Hello, Bros! Here is All Toolkit Pack for Android when you are in android phone mode. Use at your own risk. Happy hacking and enjoy!

Android Network Toolkit

Nmap for Android


1 comments:

Never Forget To Say Thanks :D

Copyright © 2013 Hacking Tools and Tech eBooks Collection and Blogger Templates - Anime OST.