Saturday, April 27, 2013

Using Xhydra to hack AIM (Aol Instant Messenger) screen names.

I really Love Backtrack 5 and all the tools it comes with, Metasploit, Xhydra, Nmap, some of the most popular. But there's nothing i enjoy more than the feeling of success, the feeling you get when your hard work finally pays off, and the password goes through. I had a lot of fun doing this as a password pentester back in my younger days. i was surprised at just how easy it was to get peoples passwords using a brute forcer and the right server configuration. i was popular on AIM. i had over 160 friends, and what that meant is that i had over 160 active screen names to try and get the password to!
Here's how it's done.
Fire up a terminal, zenmap and Xhydra

ping smtp.aol.com your output should look like this:
In some circumstances the IP address will be different. i will supply you with the correct one; but hypothetically any IP address will work

step 1. ping smtp.aol.com (64.12.175.136)

step 2. port scan the IP address and verify port 587 (SMTP AUTH) is open

step 3. input data into Xhydra
-target tab-
single target: 64.12.175.136
port: 587
service: smtp


-password tab-
username: programmerdemon (or any screenname)
password: passwordlist (i have my own)
*others can be found in /root/pentest/passwords/wordlist/
*or/root/pentest/passwords/john/password.lst
*or Here 


 -tuning tab-
about 8 tasks should be fine
 -start-

it was my screenname so i didn't show the password. also, you may want to use a proxy. any questions don't hesitate to email.
Thanks! 
 

 

Friday, April 26, 2013

Installing Backtrack 5 R3 to hard drive and Dual boot with Windows.

Believe it or not - a few of my readers are having a hard time with this. it's ok. I was there, many times before. Fortunately, Backtrack 5 is relatively easy to install to your hard drive and make bootable. I remember before Backtrack there was a linux distribution called P.H.L.A.K. Acronym for "Professional Hackers Linux Assault Kit". anyway, it was nearly impossible during the first few releases to install to the hard disk. you had to manually partition the drive yourself, configure the boot loader yourself and then hope that you don't lose any data creating the swap and Ext partitions. Backtrack 5 does it all automatically. I have a few pictures (taken with a smartphone) to help guide the way for you.
I highly advise installing backtrack 5 to the hard drive. the CD loader takes waaay to long to get anything done and you really don't need to use a whole lot of hard drive space.

First thing you need is a computer running backtrack 5 on a live DVD
 Then all you have to do is click the Install Backtrack icon



 Starting here:
go through each step
Step 1, 2 and 3 are Language, Time zone and keyboard layout.
After that, it can be a bit tricky re-sizing and partitioning the drive


What you want to do here is click "Install them side by side, choosing between them each startup"
what this will do is keep your windows or other OS partitions but resize them, making available disc space to install backtrack 5 on. at the bottom of the screen there is a slider - on the right side slide the slider to desired size of your backtrack partition. i chose 40.1gb. That's plenty for me. unless you're going to be keeping a lot of files and saving music and images, you really shouldn't need more than 30gb's.

click forward, then continue. the setup will then install backtrack after partitioning the drive
Keep in mind, the new boot loader will have BT5 as first  option by default. just hit the down arrow to select your other os.
All questions are welcome to email

davidjgeraway@gmail.com 

Wordlist to start with for passwords

 Due to the recent popularity of this post and through multiple complaints that people don't wan't to spend the 30 seconds to copy/paste out of a page and make their own document, i have provided a download link to the .txt. I'm not too familiar with google docs, so please don't try any XSS with the provided link to the PW list.
BASIC PASSWORD FILE