Moving To a New Site

I have just decided that it's time to move on and have my own domain. All the posts in this blog will be moved to:

www.pinoygeek.org

Personal posts will be transferred to: raldz.pinoygeek.org

Monday, February 06, 2006

Philippines is one of the top Linux Ubuntu user

Ubuntu Linux is one of the easiest Linux Distro ever released, with my first time to use it eight months ago, I didn't feel any pain in setting it up and using it, as a matter of fact one of my computer is already a full time Ubuntu machine.

This ease of use has become Ubuntu's major market advantage and has captured the heart of Filipinos. According to Canonical, the Philippines is one of the top shipping destination of free Ubuntu CDs. I personally agree with this because I have ordered and have given away 100 plus Ubuntu CDs just in San Pablo City, Philippines. And from my observation as I stroll around the city, I have seen computer shops using Ubuntu in their machines. This major shift towards Ubuntu was also caused by BSA's campaign together with the Philippines' local authorities to crack down the users and distributors of pirated software primarily Microsoft products. Now Microsoft is really losing its market share in the Philippines because of the introduction of Linux, and users are now gearing towards the easy to use Ubuntu.

Because the Philippines is one of the top Ubuntu user, Mark Shuttlewort, the president of Canonical decided to conduct a seminar in Manila last February 2, 2006 focusing on the Ubuntu operating system and how home users and small companies can utilize a free and very stable version of Linux. The seminar was a success and as an open source supporter, I just can't help but smile everytime I see or hear news how Linux and Open Source is gaining market share.

Windows: How To Crack Passwords

By: Darren Miller

Cracking Passwords

One of the key components in performing a security assessment is the acquisition of user account information and cracking of the account password. There are many methods and tools that can be used to crack passwords, however, you must first retrieve the information to crack. And once again, there are many ways of acquiring the account information. This article will illustrate one method of acquiring user account information using a combination of social engineering and open source tools. We will then briefly go over a particular cracking method and tool.

Handing Over The Keys To The Kingdom

On one particular occasion, we were instructed by a client to do what ever it took, within legal means, to walk out of their building with the network user account information.

We were introduced to one of the Sr. Engineering staff as a consultant working on a new Anti-Virus solution. We asked the Engineer to show us around the server room and he happily did so. While we were talking, we asked him if he would mind if we ran a specialized virus checker on one of the Windows domain controllers, and he readily provided us with console access.

The disk we were using was labeled to look like it contained anti-virus tools. In reality, it contained a modified version of a program called "pwdump". The moment we ran the script, a bunch of information came up that indicated that their systems memory was clear of any known virus. What was really happening was all domain account information and the corresponding password hashes were being dumped to a file on the disk. We rapped up our tour and walked out of the building with everything we needed.

Windows Password Cracking

When we returned to our office, we imported all the user account information in a distributed password cracking system (Multiple servers performing password cracking at the same time). Within approximately 30 minutes we had cracked 70% of account passwords. The remaining accounts took approximately two days.

An example of what this Windows account information looks like is:

jdoe:1152:A5C67174B2A219D1

The jdoe accounts password is represented by its hashed equivalent "A5C67174B2A219D1". This string of number and letters, when deciphered, is "CrackMe". You can test this with the tool I am going to introduce you tool in the next section of this article. Without going into all the technical details about how the cracking takes place, this type of deciphering is basically done by trying to match up the hashed password over time and a bunch of iterations. When you take the word "CrackMe", and hash it, it produces the string of numbers and letters (A5C67174B2A219D1). So what you are really doing is matching that string, then making the assumption that the human readable version is "CrackMe".

How To Generate Password Hashes

First and foremost I must warn you that the tool I am going to point you to is very powerful and could cause you problems if you are not careful with it. You must agree to hold me harmless if in fact you decide to download and use this tool. This tool, called Cain & Abel, is the Swiss Army knife of cracking and does a lot more than just that.

Once it is installed on your system, you can go to the "Tools" menu and choose "Hash Calculator". In the "Text to Hash" box type "CrackMe" without the ""'s and hit calculate. Look at the Type "LM" and you will see the hash from above of ":A5C67174B2A219D1".

This tool as a great password cracking program and we use it quite regularly. And as I said, it does a lot more than just cracking so be careful with it.

Conclusion

As I stated in the beginning of this article, there are many ways to obtain account information and many more ways to decipher it. In this case, we physically walked out of an office building with everything we needed. Shortly after cracking all the accounts we were able to use their remote access system to gain entry into their internal network as an administrator. There are also ways of capturing user account information using man-in-the-middle attack techniques, remote social engineering, and phishing just to name a few.

The bottom line is, make your passwords complex, and change them as often as you can.

Sunday, February 05, 2006

EasyUbuntu: Make your Linux Ubuntu as easy to use as ever

Ubuntu is one of my favorite Linux Distribution aside from MEPIS and SUSE. From installation to actual usage, even a novice wouldn't have any trouble at all. But somehow not everything you need is already in Ubuntu, you have to manually install legacy drivers and softwares from the repositories in order to put your Ubuntu in steriods. This manual installation may be a bit of a task for an ordinary user, that's where EasyUbuntu would help.

EasyUbuntu is an easy to use script that gives the Ubuntu user the most commonly requested apps, codecs, and tweaks that are not found in the base distribution - all with a few clicks of your mouse.

EasyUbuntu is so easy to use in fact, that even your grandma could be playing encrypted dvds, streaming Windows Media, and sporting the latest Nvidia or Ati drivers in minutes! And yes, EasyUbuntu is GPL.

Get your EasyUbuntu here.