How to disassemble password hacker

Password theft, account takeover, it is often the case in the cyber world. It's not a difficult thing to do, but many of the newbie who just kept asking questions. . "How do I get an email passwords of others?" Or the most frequent questions I receive is .. "How did you get my password?"

To the questions that this article was written, I hope you can add insight and open your mind about the importance of maintaining current account was in vulnerable places.
How to get it? ...

There are many ways to obtain a password. Some of them do not require special expertise. Here are the ways of the most common and most frequently used: ... ..
[1]. Social Engineering
[2]. Keylogger
[3]. Web Spoofing
[4]. Facing Email
[5]. Password Cracking

[6]. Session hijacking
[7]. Being a Proxy Server
[8]. Utilizing Negligence FiturBrowser Users In Use
[9]. Googling

[1]. Social Engineering

Social Engineering is the name of a technique of collecting information by exploiting gaps victim psychology. Or maybe it should also be said as "fraud" Social engineering takes patience and caution so that the victim was not suspicious. We demanded to be creative and able to think like a victim.
Social Engineering is the art of "force" others to do things according to your expectations or desires. Of course the "coercion" that are not made openly or outside the normal behavior of the victim common practice. Humans tend to believe it or easily influenced against people who have big names, had been (or is trying) to help, and have the words or the appearance of being convincing. It is often used social engineering to ensnare perpetrator the victim. Often the perpetrator make a condition that we have some sort of dependence kepadanya.Ya, without we realize he's conditioned us in a problem and make (as if - if only) that he can overcome that problem. Thus, we would tend to do what he instructed without being suspicious.

Social Engineering occasionally be a serious threat. It seems to have no link with the technology, but beware of social engineering remains feasible because it can be fatal for your system. Why? Because after all a computer still can not get away from humans. Yes, there is no one system komputerpun on this earth that can be separated from human intervention. anything as good as your defense, if you are already controlled by the attacker through social engineering, it could be you yourselves who opened the way in to the attacker.

[2]. Keylogger

Keylogger is software that can record user activities. The tape was always stored in the form of text or images. Keyloggers work by pounding the keyboard user. This application is able to recognize these forms as sensitive as a password form for example.

There is a safe way to avoid keyloger:

1. Use a password with special characters such as !@#$%^&*(){}[]. Most keyloger will ignore these characters so that the principal (advertiser keyloger) will not get the actual password.

2. Prepare your password from home, save it in text form. We want to enter a password, copy-paste. Keyloger will read your password by tapping the keyboard. This method, however, somewhat risky. Why? because when you do copy, your data will be stored in the clipboard. Today many free softwares are found that can display the data in the clipboard.

[3]. Web Spoofing

Still remember the case of some customers pecurian BCA Bank Account? Yes, that's one obvious example of a Web spoofing. The core of this technique is to use a user error when typing a website address into the address bar. Basically, Web Spoofing is an attempt to deceive the victim into thinking he is accessing a particular site, but it's not.

In the case of BCA, the perpetrator makes the site very similar and identical to the original site so that the victim will not be fooled hesitate to fill in sensitive information such as user name and Password. In fact, because the site is a scam site, then all this valuable information is recorded by a fake web server, which is owned by the perpetrator.

[4]. Facing Email

Blocking an email? Yes, and very easy to do this. One way is to use utility mailsnarf contained in dsniff. How it works is by blocking Mailsnarf data packets through the Internet and arranges them into an email intact.

Dsniff and mailsnift the software works on the basis of WinPcap (equivalent to libcap on Linux) is a library that captures data packets. Captured packets will be stored in a file by Windump, whereas MailSnarf Dsniff and further action is to analyze these data packets and display the password (dsniff) or email content (mailsnarf).

[5]. Password Cracking

"Hacking while sleeping." That phrase is usually used by people who perform password cracking. Why? Because in general needed a long time to perform password cracking. Could for hours, even days and - today! It all depends on the target, whether the target using a common password, the password has a length of an unusual character, or a combination of passwords with special characters.

One of the commonly used software to do this is by using Brutus, one type of remote password cracker software is very well known. Brutus works with technical dictionary attack or Bruce-force attack against ports http, POP3, ftp, telnet, and NetBIOS.

Dictionary Attack try to work with words in the dictionary passwords. While brute - force attack try to work with all combinations of letters, numbers or characters.

Brute Force Atack working very slow and requires a long time depending on the type of computer specifications and character length password. We have many sites that cover the access to the login access to business continually unsuccessful.

[6]. Session Hjacking

Session hijacking is more prevalent among adult attackers. Session hijacking is often done by doing the imitation of cookies. So in essence, we should be able to imitate the victim's cookies to get their login session.

Then how do I get the victim's cookies?

1. By analyzing Cookies.

This method is relatively difficult.

2. Stealing Cokies.
For example the attacker wants to obtain the account A. The attacker can easily create a similar script that inserted Java script in the email to be sent to korban.Saat victim opens the email, without conscious cookiesnya will be stolen and recorded onto a web server using a PHP script.

These days most often been the target is a Friendster account. There are inserting a scipt through testimonials, there is a paste in their own profiles in order to steal cookies of the victim and others. I have tips for this:

1. Do not use Internet Explorer browser

We want to open other people's profiles, do not use Internet Explorer. Record the address of the intending profile you can see, first logout of your account and clean up all cookies, then open your Friendster profile destination.

2. Check the source code

When you accept a testimonial, please check your source code. Whether there are foreign script or words that are identical with such counterfeiting:

"Hacked", "defaced", "Owned" .. etc. ..

If in doubt ... .... reject please ..

3. Logout suddenly.

Vigilant when without an apparent reason suddenly you get logged off automatically from your account. When you are prompted to enter your username and password, see your addressbar first! whether you are on the site proper or not. Check the source code on the form action tersebut.Lihat page, where your information will be sent.

Actual session hijacking can be prevented if only the service providers pay attention to the following matters:

1. Assign a unique session identifier
2. Set the system identifier irregular pattern
3. Session identifier independent
4. Session identifier that can be mapped with a connection

client side.

Another phenomenon is that, until the time this article was published, it is still often found that users who do not sign out after opening the account. Thus, another person who uses the computer and open the same website that has been opened by the first person will be automatically logged into the victim's account.

[7]. Being a Proxy Server

We can gather information with a proxy server for victims to be able to surf. With a proxy server, the whole identity of the surfer can be ours.

[8]. Negligence in the use of a user utilizing fiturbrowser

Each browser must have features intended to ease and convenience of users in surfing. Among them is the existence of the cache and Password Manager.

On the Internet of course a lot of websites whose content has not changed in a few days (example spyrozone.tk nich .. hehehe Well, for a site like this cache to be a highly useful. Cache will store the files so that the results of browsing if you visit again later browser to that site no longer have to download a second time from the server so that every page of your site that has previously opened will open more quickly. All that is usually governed by the header time to live.

Well, how about the news provider sites are always up to date? For sites like that, its time to live will be set = 0 so that later you will continue to download every time visiting.

Not comfortable enough? Yes, but the threat began to emerge. Try it now you explore options related to the cache in your browser. Of course you can see that there is a facility to determine how much the temporary files that can be stored on the hard disk. Search also the location where the files will be saved.

Try to open the folder, you will see the files html & image files from sites you have visited. Internet options —> Settings" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">In IE browsers, you can see the cache file location by exploring the menu Tools -> Internet options -> Settings

So what can be obtained? anyway just the files "spam"? Hmm ... now you try to copy all the files there into a folder. Then open one of their HTML files. If the public computer, you can find out what sites have been accessed by the person before you.

Hmm .. just by looking at your temporary files can even see the password and etc.. I have come across many sites that store passwords and display them on the url. Of course, you also must have often read in many tutorials.

Most current browsers have facilities for storing passwords. For example when receipts Mozilla Firefox, you would often receive a confirmation dialog box asking if you want your password saved or not by PasswordManager. Most users tend to choose the YES option, whether it be with full awareness or if they do not know (read: do not want to know) what the purpose of the dialogue box.

Options —> Security –> Saved password." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Others who then use the browser that can very easily get the password by entering the victim Tools menu -> Options -> Security -> Saved passwords.

Another example is the Wand password facility owned by the Opera browser. When you enter a user name and password in a form and pressing the submit button, an opera by default will ask for confirmation to you if you want the browser to save your id and password or not. Again and again ... most netter careless, they tend to select the option "YES".

And then? Others who then use a browser that can view any site that has been accessed by the user, point your browser to the site, place the cursor on a form the user name, press [ALT] + [ENTER] and BOOOMM!! Why? Do not be surprised once! Hehehe .. login form will automatically be filled in with user name complete with a password the victim; D (It's fun Enough ..

These are just a few examples, explore the feature-firtur another browser!

[9]. Googling

Google.com. Many sites that have collapsed, passwords and numbers - were stolen credit card numbers result from the act of someone who abuse miracle Previously, it was easily to do. Only by typing certain keywords associated with the user name and password, you can harvest hundreds of passwords a user via google. But now it seems you have to bite the fingers if you use the way the above.

Do not be sad before because Google has just spawned a new product, the Google Code Search. Start a new threat arises, "the clever" is now able to crawl up to the archive file that is located in a public web server directory. Be careful who had a habit to store important information in it (passwords, and other valuable info) should be eliminated from now on that habit. Always protect sensitive folders so that your site may live longer




Followers

 
Copyright @ Dewapelangi. Best Cell Phones | Best Cell Phones | Cool Gadgets | Fx Trading | Printer