Category Archives: Security

LinkedIn cracked passwords

This post is about the LinkedIn password hash leak that had occured on 5th of June. Original leakers published about 6,5 million SHA1 hashes on a Russian forum InsidePro.

Here is the original file that was published:
combo_not.zip ~118 MB

The file includes non-salted SHA1 hashes, with 3,5M of them “masked” with 5 leading zeros (more about this). You can use either a JTR patch or the special Hashcat version to crack them.

Here is a list of passwords I have cracked until now (3,6M) – format (hash:pass):
gesla.rar – cca. 92 MB

The list would be longer if I had more time and better hardware.

Secure internet access via SSH tunnel

Connecting throught an open wireless network, airport or public Wifi? Concerned about security? SSH SOCKS5 proxy is one of the best and easiest ways to connect securely to the Internet. Using SSH tunnel will defend you from hackers sniffing your connections, which they can do on public or insecure local networks even if you use SSL or other (in)secure protocols.

Considering you have your server set up and ready, connect to your SSH server and enable the tunnel by opening up your command line and entering:

ssh -D 1337 username@yourserver.com

-D 1337 specifies the port number which is your choice, but be sure to use ports over 1024 to avoid firewalls. To enable compression which will speed up the connection on slower servers, use -C flag.
Continue reading

Iphone dsniff script

IOS MITM (arp poisoning) shell script that features dsniff and ettercap. This script collects all packets and parses cleartext passwords. Dsniff and ngrep are availible in Cydia repositories. You are welcome to submit bugs, feature requests and improvements.

Download: isniff
Continue reading

Automatic MITM shell script

Automatic MITM (arp poisoning) shell script that features tools like sslstrip, dsniff and ettercap. The script collects all packets, including SSL traffic collected with sslstrip and logs all the URLs using uslsnarf from dsniff collection. You are welcome to submit bugs, feature requests and improvements.

  • sslstrip, dsniff and ettercap must be installed
  • arp poisoning may cause overloads on large networks
  • the script must be run as root

Download: sniff
Continue reading

U3 USB utilities collection

I bet the first thing a geek does when he gets his U3 USB is to remove the ugly launchpad and install his own payload :) I hope this post will make it easier for you. I’ve made a vbscript which detects the U3 USB by its label because i wasn’t able to find such a script anywhere and i find it really useful. Enjoy!
Continue reading