Comprehensive Guide on fcrackzip Tool

In this article, we are going to discuss fcrackzip which is a third-party tool for cracking zip files passwords. It is the best tool as it tries to search zipfile for encrypted files and tries to guess their password. Here, we have discussed each option available in fcrackzip so that we can use this tool to its best of potential.

There are many cases where an individual type an incorrect password. And unzip reacts quickly to it, it doesn’t even need to decrypt the whole file. While the encryption algorithm used by zip is relatively secure, fcrackzip made cracking easy by providing hooks for very fast password-cracking, directly in the zip file. Understanding these is crucial to zip password cracking.

Every password’s first twelve bytes are decrypted initially. Depending on the version of zip used to encrypt the file, the first ten or eleven bytes are random, followed by one or two bytes whose values are stored elsewhere in the zip file, i.e. are known beforehand. The password is considered wrong when the last bytes do not match. The only method to determine whether the password I correct or not, we need to unzip the file and compare the uncompressed length and crc.

Earlier versions of pkzip stored two known bytes. Thus, the error rate was roughly 1/216 =0.01%. pkware ‘improved’ the security of their format by only including one byte, so the possibility of false passwords is now raised to 0.4%. Unfortunately, there is no real way to distinguish one byte from two-byte formats, so we have to be conservative.

Introduction to fcrackzip

We frequently use zipped files due to its small size and encryption algorithm. These zipped files come with a facility of password protection which maintains the security of the files.

When u have lost the password, and the problem arises of how to crack it, fcrack comes to the rescue to save and provide you with the way out in order to protect your documents. Simple way to crack a protected zip file with the help of fcrackzip which is available under Linux.

Fcrackzip is a free/fast zip password cracker, It was written by Marc lehmann <[email protected]>. It was not the fastest zip cracker available, but to provide a portable, free, but still fast zip password cracker.

Multiple features of fcrackzip

As we are using Kali Linux, fcrackzip tool is installed by default, we just need to open the terminal and just type “fcrackzip –help” and its help command will run and greet you.

  • -b: for using brute force algorithms.
  • -D: for using a dictionary.
  • -B: execute a small benchmark.
  • -c: use characters from charset.
  • -h: show the help message.
  • –version: show the version of this program.
  • -V: validate or check the algorithm.
  • -v: for verbose mode.
  • -p: for using a string as a password.
  • -l: for providing a specific length to password.
  • -u: for weed out wrong passwords.
  • -m: to specify the method number.

Creating a password-protected zip file

Firstly, we have to create a password-protected file in that process we need to select that file which we want to secure with that format, after selecting that file we need to follow the command.

Syntax: zip –password <password you want> <name of the zip file> <file or data you want to protect>

Cracking the password of the zip file

fcrackzip is a very impactful tool and also quite easy to use for making a brute force attack on any zip file, for that we need to use different-different format for cracking the password of the zip file. In order to that we (-b) which allow us to brute force on that zip file, (-c) which define the charset for the dictionary to brute force.

In the above result, we are seeing all the possible outcomes of the attack if we want to wipe out the wrong passwords we can use (-u) which allow us to see only the correct outcome through the result.

Verbose mode

In fcrackzip, verbose is a mode which can be initiated using (-v) parameter. Now verbose mode generates extended information. In our case, verbose mode helps us to get information about the file in that password-protected zip file, like the size of that file, name of that file etc., And the current combination of a dictionary which is applied on that zip file.

Cracking numeric password with a specific length

for that, we have created a numeric password protected the zip file with the same command which we use earlier to create a password-protected zip file.

In this case, we use to 2 different parameters like (-c ‘1’) we use that parameter earlier but that we use this for a different purpose now we are using this for applying numeric charset. The second parameter is (-l)

this parameter is used to specify the length of the password (minimum length – maximum length).

Providing intial password

In this parameter we are providing a set initial password for brute force with the name string to supply passwords for dictionary searching, through this we can provide them with the set of strings to add those keywords in their dictionary.

Dictionary Traversing

In this mode fcrackzip will read the passwords from a file that is given by us, that file must contain one password per line and should be alphabetically ordered so that fcrackzip will work according to its default working.

Different method

In this parameter we are using a different method than the default for our cracking process the switch –help will print a list of available methods, and we can use –benchmark to see which method is best for our machine, use method number instead of the default cracking method.

Benchmark

This parameter helps us to find out which method of fcrackzip is more impactful in your machine by calculating a benchmark score.

Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field of WebApp Penetration testing. Contact here

Comprehensive Guide to Steghide Tool

In this article, we’ll learn about Steghide. There are various steganography tools available but the part that differentiates it is that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc.

Table of Content

  • Introduction to Steganography
  • Introduction to Steghide
  • Features
  • Installation of Steghide
  • Getting Start with Steghide
  • Functionality of Steghide
    • Embedding of Data Via Steghide
    • Extraction of Data Via Steghide
    • Password Protect Files
    • Retrieve Information of Embedded File
    • Verbose Mode
    • Compression Mode
    • Anti-compression Mode
    • Embedding File Without Name
    • Encrypting Algorithms
    • Overwriting the Existing File

Introduction to Steganography

In digital steganography, electronic communications may incorporate steganographic coding inside of a transport layer, such as a document file, picture file, program or convention. Media records are perfect for steganographic transmission since of their expansive estimate. For instance, a sender might begin with a harmless picture and make few alterations to it in order to hide data, so that, this alteration goes unnoticed for someone who is not particularly seeking out for it.

 The upside of steganography over cryptography alone is that the planned mystery message does not stand out to itself as an object of examination. Clearly obvious scrambled messages—regardless of how unbreakable—stimulate intrigue, and may in themselves be implicating in nations where encryption is illicit. In this manner, while cryptography is the act of securing the substance of a message alone, steganography is worried about hiding the way that a mystery message is being sent, just as disguising the substance of the message.

Introduction to Steghide

Steghide may be a steganography device which permits you to cover up confidential records inside a picture or sound record with a passphrase. Bolsters BMP and JPEG picture groups, AU and WAV sound groups. By default, its employments Rijndael calculation to scramble the record and the key measure is 128 bits. This tool has its advantages and disadvantages. One upside is that it is significantly better at covering up and can without much of a stretch shroud any document type. It does as such by utilizing a propelled calculation to shroud it inside the picture (or sound) record without changing the look (or sound) of the document. This additionally implies without utilizing steghide (or if nothing else a similar scientific methodology as steghide) it is hard to extricate the concealed documents from the picture.

Features

  • Compression of embedded data
  • BMP, GIF and JPG supported
  • Encryption of embedded data
  • Decryption via password
  • Uses various algorithms for encryption

Installation

Let’s start with the installation of steghide. In windows, we can download steghide from http://steghide.sourceforge.net/download.php. After downloading we have to simply unzip the files and use it through the cmd. In Linux, open your terminal and type the following command to download Steghide :

Getting Started with Steghide

To start Steghide, the most basic option we use the help command. This command will display us all the options that Steghide provides us.

Embedding Data in The Image

We hide data in the image using Steghide so that only the person who acknowledges it can read that. So, we made a text file named as user.txt in which we wrote our confidential data and image.jpeg is that file in which we are embedding our data. To achieve this, we’ll be executing the following command:

Here, ef and cf are termed as embedded file and cover file respectively.

Extraction of Data Via Steghide

Using Steghide adds an extra layer of security by allowing us to use a password for it. Now, to extract the hidden data use the following command :

Then enter the password in order to extract the file.

Here,

sf is a secret file

Password Protect Files

Now, we can also extract the files using the following command. This command is different is that it specifies a password in the command itself, therefore, we do not need to specify it separately.

Retrieve Information of Embedded File

If we have an image that is suspected to have data hidden and if so, then which algorithm is used to encrypt the data in the file. Then we will use the following command :

Verbose Mode

To get each and every information of a file during its extraction, we can use the verbose mode. The verbose mode gives you the detailed information. We can use the verbose mode by executing the following command :

Compression Mode

Now if we want to compress text file before hiding it then we would use the following command. The compression level can vary from 1 to 9. The first level gives you speed to compress whereas, at 9th level, it will provide you with the best compression techniques.

Anti Compression Mode   

Now if we don’t want to compress a file before hiding it then we will use the following command :

Embedding File Without Name

We can also hide a file without naming it. We will use this command :

Encrypting Algorithms

We can encrypt the data that we are hiding by using encryption techniques. And this can be easily achieved by just using the following command :

Overwriting the Existing File

When extracting the file let’s assume we have already have a file in the same directory with the same name. then we can use the following command to overwrite the existing file if that is desired. And for this use the following command :

Conclusion

So, this was the short guide about Steghide. And as you can see, it is an easy tool for steganography. It’s also user-friendly. It has, therefore, become one of the finest steganography tools for extracting and embedding information in a multitude of media files Steghide has many uses and its other notable characteristics such as file encryption make it one of the finest steganography.

Author: Dheeraj Gupta is a Certified Ethical Hacker, Penetration Tester and a Tech Enthusiast in the field of Network & Cyber Security. Contact Here

Threat Detection for your Network using Kfsensor Honeypot

In this article, however, we will set up a framework to draw in attacker so we can catch or study them. Since almost the majority of the attackers around the globe are focusing on Windows servers for the various of their known defects and vulnerabilities, we will set up a Windows framework to do only that. we will set up a honeypot. In the event that you abandon it ready for action, you can watch other attackers rehearsing their attack and prepare for it.

Table of Content:

  • Introduction to Honeypot
  • Introduction to KFSensor
  • Working of KFSensor

Introduction to Honeypot

Honeypot disguises itself as an actual server to give the false idea to the attackers and divert their attacks. Therefore,a honeypot should be set up just like the real server so that data can appear to be authentic by showing fake files, fake ports, fake directories, etc. As the honeypot creates the illusion of being legitimate; the attacker tends to believe that they have gained accessed of the real deal. One of the main differences is the area of the machine in connection to the genuine servers. The disguised machine is normally set someplace in the DMZ. This guarantees the inner system isn’t presented to the attacker. Honeypots work by checking and\or once in a while controlling the interloper amid their utilization of the Honeypot. This should be possible whether the assault originated all things considered or within the system, contingent upon the area of the distraction framework. Honeypots are commonly intended to review the action of an interloper, spare log documents, and record such occasions as the procedures began, orders, a record includes, erases, changes, and even keystrokes.

Introduction to KFSensor

KFSensor is a honeypot for a windows system. it also acts as an IDS. Its job is to attract and detect all the attackers in the network, hence the name ‘Honeypot’. It does so by imitating a vulnerable environment and disguising itself as a server and it way, it succeeds to not only catch the attacker but also helps to know their motive. It is specifically designed for windows therefore it contains a lot of windows dedicated unique features. It’s quite convenient to use and a user friendly due to its GUI based console, along with its low maintains.

Working of KFSensor

KFSensor’s role is to be a decoy server for the attackers in order to protect the real thing. It does its job perfectly by opening fake ports on the system where it’s installed and gathering the information when a connection is made. It does this in precisely the same way as a routine server program, such as a web server or an SMTP server. By doing this it sets up a target, or a honeypot server, that will record the activities of an attacker.

Working with KFSensor

After downloading and installing KFSensor, when you turn it on, you will see the following window. Here, click on next.

Then it will ask you to select the ports as shown in the image below, after selecting the ports click on next button.

Then it will ask you if you want get email notification of its alerts over the time. So, here, you can add the email from which you want to send and the email where you want to receive the mails.

After these formalities, click on finish button.

Once, you click on the finish button, it will show you the following window.

Now, as the honeypot has been setup, if you scan the victim target (which is installed with honeypot) using nmap, it will show you all the ports open ass a decoy, just like its shown in the image below :

And in KFSensor it will show the details of the scan along with its IP. It will also generate an alarm to alert you.

If the attacker is using any other tool to scan the network, like Nessus, even then the working of KFSensor will be same. For instance, if the attack is through Nessus as shown in the image below :

And when the attack from Nessus is completed, it will show you the faux result as you can see in the image below :

And similarly, the KFSensor will alert you as it is shown in the image below :

This way, KFSenor is the best way to detect and confuse the attacker in order to save yourself and be cautious. 

Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field of WebApp Penetration testing. Contact here

Exploiting Jenkins Groovy Script Console in Multiple Ways

There were so many possibilities to exploit Jenkins however we were interested in Script Console because Jenkins has lovely Groovy script console that permits anyone to run arbitrary Groovy scripts inside the Jenkins master runtime.

Table of Content

  • Jenkins Groovy Script Console
  • Exploit Groovy Script Console using Metasploit
  • revsh.groovy
  • Groovy executing shell commands -I
  • Groovy executing shell commands -II

Jenkins Groovy Script Console

Jenkins features a nice Groovy script console which allows one to run arbitrary Groovy scripts within the Jenkins master runtime or in the runtime on agents. It is a web-based Groovy shell into the Jenkins runtime. Groovy is a very powerful language which offers the ability to do practically anything Java can do including:

  • Create sub-processes and execute arbitrary commands on the Jenkins master and agents.
  • It can even read files in which the Jenkins master has access to on the host (like /etc/passwd)
  • Decrypt credentials configured within Jenkins.
  • Granting a normal Jenkins user Script Console Access is essentially the same as giving them Administrator rights within Jenkins.

Source: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console

Exploit Groovy Script Console using Metasploit

This module uses the Jenkins-CI Groovy script console to execute OS commands using Java.

Metasploit uses command stager to exploit against command injection.

Hence, you can observe, that it has given meterpreter session of the victim’s machine.

revsh.groovy

Suppose if you found Jenkins without login password or you are a normal user who has permission to access script console then you can exploit this privilege to get the reverse shell of the machine. At Jenkins Dashboard go to Manage Jenkins and then select Script Console.

At script console, you have full privilege to run any program code, therefore I try to execute following piece of code which I had taken from Github to get the reverse connection on my local machine via netcat listener.

Once the above script will be executed, it will give netcat session of the victim’s machine.

Groovy executing shell commands -I

Similarly, with the help of following the piece of code which I found from this here, I try to create RCE for executing OS command through groovy script console. 

Once you will run the script, it will execute the command given inside the code. you can observe result where we have fetched network configuration due to ipconfig command.

 

Groovy executing shell commands -II

Similarly, I found another very small piece of code to exploit the Groovy Console from here, which will generate RCE and execute the shell command.

Again you will run the script, it will execute the command given inside the code. you can observe result where we have fetched directory list due to dir command.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here