For IT lovers and Tech geeks, It’s time to Setup a Penetration Testing Lab to learn Information Security and testing some hacking tips for protecting our network or home computers from being hacked. This Lab we are going to create is not only for Hacking and Penetration Testing. It’s the lab which is necessary for all computer science students and technology geeks.

A Lab within a computer reduce electricity usage and has many more benefits. Even you can create it within your personal Laptop. If it would be on a laptop, it is portable and you can carry everywhere with yourself. The time is gone when the hardware of a computer was weak and just could run an operating system with a few software. But nowadays each computer at least has a CPU i3 or higher with 4 GB RAM or higher. So you can run multiple virtual operating systems (OS) separately at the same time.

Virtualization Tools To Set Up A Penetration Testing Lab

There are many Virtualization software for this purpose and all of them are easy to install and using a virtualization environment. Hyper-v,  a free and built-in hypervisor software on Windows 8 higher. It’s the best and I like it too much, but for enterprise network and working with Microsoft software products. Like SQL Server, Windows Server, System Center,  and others.

When we are using for multi-vendor products, Linux, Windows, Mac OS, Chrome OS, Router IOS, and Web Server and web Apps, we must install and test them on Lab that can support all of them. So from basic hacking a standalone PC to Wireless hacking and even web app penetration testing to enterprise network penetration testing I suggest to create your lab with VMWare.

VMWare workstation is the appropriate tool for setting up your penetration testing lab and networking training lab. Unfortunately, it is not free like Hyper-V. But you can use VMWare player for free which is not more flexible and doesn’t have the same functions as a workstation.

So good, you completely understand which Virtualization software is preferable and flexible for Learning Penetration Testing and Hacking. Now try to create your lab. First of all download all software you need for testing. Windows Server, Windows Client, Linux Operating system, and Web Application penetrating testing.

Install VMware as Virtual Host Server

Now go to VMware website and download the VMware workstation. Download the Windows edition if you are using Windows. It has for Linux and Mac OS also.  When the download complete successfully, simply install it like simple software installation and create a new virtual machine according to this step by step article ” How to Create A Virtual Machine in VMWare?“.

Note: Your system must meet the virtualization requirement. It must support virtualization technology (VT) and enabled before installing any virtualization software. You can enable it through your system BIOS where you can find other settings also.

To install Kali Linux on VMWare read the article “How to Install Dual Boot Windows and Kali Linux?“. In the next step, I will show you How to configure VMWare for Penetration Testing Lab.

The post Setup Penetration Testing Lab to Learn Hacking at Home appeared first on TECHNIG.

A simple detail about password cracking tools from the wiki. In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A standard approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password. Password cracker is not hacking a password; this software only recovers your password. Got it? So don’t use against someone’s system or illegally.

The other purposes of password cracking tools might be to help a user recover a forgotten password of a system or any software. But in the world of hacking, hackers are using such a tools to break or crack the stolen password hashes of a database. Or using them to hack the wireless network and crack the passwords. So hope you completely understand the primary purpose of password cracking tools.

List of Top 10 Password Cracking Tools:

1. OphCrack
2. RainbowCrack
3. HashCat
4. Cain & Abel
5. Wfuzz Password Cracking Tools
6. Brutus Password Cracking Tools
7. John the Ripper
8. THC Hydra
9. L0phtCrack
10. Aircrack-NG

#1. OphCrack

It is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. See some features of Ophcrack password cracking tools. The uploaded version of Ophcrack compiled for Windows 64-bit platforms. This version can preload tables using the whole RAM available instead of the only 2GB on 32-bit platforms.

Features:

• Runs on Windows, Linux/Unix, Mac OS X, …
• Cracks LM and NTLM hashes.
• Free tables available for Windows XP and Vista/7/8.1.
• Brute-force module for simple passwords.
• Audit mode and CSV export.
• Real-time graphs to analyse the passwords.
• Live CD available to simplify the cracking.
• Dumps and loads hashes from encrypted SAM recovered from a Windows partition.
• Free and open source software (GPL).

Download the latest Ophcrack version from Sourceforge, the open source software storage.

2. RainbowCrack

The RainbowCrack password cracking tools is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It cracks hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.

A brute force hash cracker generates all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plaintext is found. If all possible plaintexts are tested, and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.

Features:

• Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
• Support rainbow table of any hash algorithm
• Support rainbow table of any charset
• Support rainbow table in raw file format (.rt) and compact file format (.rtc)
• Computation on multi-core processor support
• GPU acceleration with NVIDIA GPUs (CUDA technology)
• GPU acceleration with AMD GPUs (OpenCL technology)
• GPU acceleration with multiple GPUs
• Runs on Windows operating systems
• Windows XP 32-bit / 64-bit
• Windows Vista 32-bit / 64-bit
• Windows 7 32-bit / 64-bit
• Windows 8 32-bit / 64-bit
• Runs on Linux operating systems (x86 and x86_64)
• Unified rainbow table file format on all supported operating systems
• Command line user interface
• Graphics user interface

Download the latest version of RainbowCrack password cracking tools from project-rainbowcrack website.

3. HashCat

Hashcat is the world’s fastest CPU-based password recovery tool. While it’s not as fast as its GPU counterpart oclHashcat, extensive lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However, for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Features: 

• Worlds fastest password cracker
• Worlds first and only GPGPU based rule engine
• Free
• Multi-GPU (up to 128 GPUs)
• Multi-Hash (up to 100 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilisation, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses dictionary based attacks
• Supports distributed cracking
• Supports pause/resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Built-in benchmarking system
• Integrated thermal watchdog
• 150+ Algorithms implemented with performance in mind
• and much more

Download the latest version HashCat from the oclhashcat website.

4. Cain & Abel

It is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords.

It also helps you for recovering wireless network keys, revealing password boxes, uncovering cached passwords and analysing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources. However, it also ships some “non-standard” utilities for Microsoft Windows users.

Download the latest version of Cain and Abel from the oxit website which creates and support this software.

 5. Wfuzz Password Cracking Tools 

Time for special password cracking tools for web applications. The Wfuzz password cracking tools is a software designed for brute forcing Web Applications. It can be used for finding resources not linked (directories, servlets, scripts, etc.). Brute force GET and POST parameters for checking a different kind of injections (SQL, XSS, LDAP, etc.), brute-force Forms parameters (User/Password), Fuzzing, etc. See some features below and read full details at the edge-security website.

Some Features:

• Multiple Injection points capability with multiple dictionaries
• Recursion (When doing directory brute force)
• Post, headers and authentication data brute forcing
• Output to HTML
• Colored output
• Hide results by return code, word numbers, line numbers, regex.
• Cookies fuzzing
• Multithreading
• Proxy support
• SOCK support
• Time delays between requests
• Authentication support (NTLM, Basic)
• All parameters brute-forcing (POST and GET)
• Multiple encoders per payload
• Payload combinations with iterators
• Baseline request (to filter results against)
• Brute force HTTP methods
• Multiple proxy support (each request through a different proxy)
• HEAD scan (faster for resource discovery)
• Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i,
  Vignette, Coldfusion and much more.i
  (Many dictionaries are from Darkraver’s Dirb, www.open-labs.org)s

Download the latest version from the edge-security website.

6. Brutus Password Cracking Tools

The Brutus is also a good password cracking tools for the web application, but it is not updated for many years. You might still need a web application password cracker. Brutus was one of the most popular remote online password cracking tools. It claims to be the fastest and most flexible password cracking tool. This tool is free and is only available for Windows systems. It was released back in October 2000.

Features:

Brutus version AET2 is the current release and includes the following authentication types :

• HTTP (Basic Authentication)
• HTTP (HTML Form/CGI)
• POP3
• FTP
• SMB
• Telnet
• Other types such as IMAP, NNTP, NetBus etc. are freely downloadable from this site and directly imported into your copy of Brutus. You can create your forms or use other peoples.

The current release includes the following functionality :

• Multi-stage authentication engine
• 60 simultaneous target connections
• No username, single username and multiple username modes
• Password list, combo (user/password) list and configurable brute force modes
• Highly customisable authentication sequences
• Load and resume position
• Import and Export custom authentication types as BAD files seamlessly
• SOCKS proxy support for all authentication types
• User and password list generation and manipulation functionality
• HTML Form interpretation for HTML Form/CGI authentication types
• Error handling and recovery capability in resume after crash/failure.

If you would like to use this old and out of date tools, download from the hoobie website.

7. John the Ripper

The John the Ripper is a fast opensource password cracking tools, currently available for many flavours of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypts (3) password hash types most commonly found on various Unix systems supported out of the box are Windows LM hashes, plus lots of other hashes and cyphers in the community-enhanced version.

Download John the Ripper from the openwall website, the place to bringing security into the open environment.

 8. THC Hydra

The THC-Hydra is a fast network logon cracker which supports many different services. When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform fast dictionary attacks against more than 30 protocols, including telnet, FTP, HTTP, https, SMB, several databases, and much more.

Download the THC Hydra from THC website and see feature sets and services coverage also.

9. L0phtCrack

The L0phtCrack Password Cracking Tools is an alternative to OphCrack. It attempts to crack Windows passwords from hashes. For cracking passwords, it uses Windows workstations, network servers, primary domain controllers, and Active Directory. It also uses a dictionary and brute force attacking for generating and guessing passwords.

Features: 

• L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. It is still the easiest to use password auditing and recovery software available.
• The range of Target Systems Software runs On Windows XP and higher. It operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.
• Password Scoring
• Pre-computed Dictionary Support
• Windows & Unix Password Support
• Remote password retrieval
• Scheduled Scans
• Remediation
• Updated Vista/Windows 7 Style UI
• Executive Level Reporting
• Password Risk Status
• Password Audit Method
• Password Character Sets
• Password Length Distribution
• Summary Report

Download the latest version from l0phtcrack website.

10. Aircrack-NG

The Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks. To secure a Wireless network against Wireless hacking read the article “5 Steps to Secure your home Wireless Network“.

Download the Aircrack-ng from the Aircrack-ng website, where you can find more information about this Wireless Password Cracking Tools. You might need to read “5 ways to Hack Wireless Network” article that is a good way to secure your Wireless Network.

11. Medusa

The Medusa password Cracking tool is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

Features:

• Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
• Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
• Modular design. Each service module exists as an independent .mod file. It means that no modifications are necessary to the core application to extend the supported list of services for brute-forcing.
• Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, POP3, MS-SQL, SSHv2, among others).

Download the latest Medusa tools from the foofus website which support the fgdump tool for mass password Auditing of Windows Systems. It is also a best cracking tool.

Conclusion For Cracking Tools

These are the most popular tools that hackers are using for cracking password hashes and codes of web applications and operating systems. I’m sure that there are many important passwords cracking tools that I miss to bring the list, so tell us the name please to complete this list.

If you need more information about such a tools, read the password is cracking section of Certified Ethical Hacking (CEH) from the EC-council academy. And the post “Certification Road-map for Information Security” for security lovers.

The post Top 10 Password Cracking Tools appeared first on TECHNIG.

Perhaps, you have never used an application monitoring software that can help you do this job. If you have an IT background, then you must consider app monitoring is really important, and you must prefer a tool to perform the application monitoring.

10 Best Application Monitoring Tools

There are so many application monitoring tools that you can choose. In this article, we would like to share with you about the 10 best application monitoring tools that are commonly used by some IT professionals. All these best application monitoring tools have pros and cons. So this article is not the best application monitoring tools comparison.

LogicMonitor 

The SaaS-based performance monitoring for modern IT infrastructure. LogicMonitor is one of the first choices for those who want to use a great application monitoring tool. This monitoring tool is commonly used by IT professionals because It offers a lot of features.

This tool gives the complete stack monitoring performance of apps. One another good thing is that it gives a chance to you to get text and email alerts so that you know any issues that happen to the app. Setting the alert escalation and routing can also use LogicMonitor. Besides, this tool offers unlimited access to the users, unlimited data collection, and free updates.

Datadog – Application Monitoring Tools

You still have another option to use app monitoring tool which is called Datadog. Datadog can fulfill the necessity of development teams who want to test the applications under the real world stresses.

Datadog offers clear and good display as well as an excellent built-in search feature to help anyone drill down the data Datadog heap collection. Datadog gives a chance to you so you can overlay the disparate data to find the relations that will otherwise not be apparent. Besides, Datadog also provides email alert and notification to make you easy access and know the status of your app in real-time.

NewRelic – Application Monitoring Tools

The NewRelic is a one of the best application performance management and monitoring software that gives you a deep analysis to the app stack. New Relic offers a real-time status checking of the app’s availability. It also gives email alerts and real-time notification.

Moreover, this cool app monitoring software also provides an API to make some custom apps in which you can develop the routine analysis of your performance data. New Relic is versatile and scalable which makes this tool one of the most capable software to discern some IT professionals.

Site24x7 – Application Performance Management

Site24x7 can also be a good choice to monitor your app status. Site24x7 an app monitoring software which will help you check and monitor your website performance, uptime, servers, applications, cloud-based apps, and hybrid configurations in real time for 24 hours in 7 days. Site24x7 offers the transaction processing tools, email services monitoring, and SSL certificates. On the other hand, the Site24x7 is available to help IT professionals keep the technology running well.

It is true that no one can guarantee 100% uptime of server, application, or other digital products, but using the Site24x7; you will be able to make sure that your server and application will run efficiently. Regarding website traffic monitoring, you can read the powerful web analytics tools article as well.

ScoutApp – Application Monitoring Tools

There is another choice to monitor your app with a special tool that you can get on the internet. In this case, you can count on Scoutapp as one of the best app performance management. Anything can be monitored using Scout such as cloud-based apps monitor, service monitoring, web monitoring, server monitoring, database monitoring, and other metric monitoring. It also supports custom plugin scripting to help you overlay many kinds of metrics. This tool is also good at bottlenecks troubleshooting, charting performance, and load balancing servers.

ManageEngine OpManager

There are so many IT professionals who believe in ManageEngine OpManager to solve their network problems. However, the monitoring capability of this software is not only used for networking, but it can also be used for app monitoring. You can count on ManageEngine OpManager to monitor and check your server, app, and database status in real-time and conveniently or anything related to the network issues.

Load Impact

The cool app monitoring tool is now coming from Load Impact. This tool can monitor your application and software correctly. The Load Impact is good at monitoring and trusted by NASDAQ to get real-time stock estimation and chart to thousands of speculators as well as investors every day. Therefore, you should not worry about the ability to monitor you own app because Load Impact can handle all of it.

Raygun

Raygun seems so effective to alert you when you got your app crashed by gathering the data and send it to your email by notification. It is quite simple, but Raygun is effective and real-time. Suppose you have some difficulties to find some bugs in your app, then you can use the search function feature available. Therefore, it is a good idea if you put this application monitoring tool to be your number tenth list.

CopperEgg

CopperEgg offers servers and apps monitoring service with ultra-high-resolution. CopperEgg also offers a hybrid dashboard which makes the use seem so easy to learn and understand about the server status including the overview of full performance and health. CopperEgg provides you an unparalleled view into user experience starting from the time of loading to the troubleshooting of cause. Moreover, CopperEgg app monitoring tool is convenient to install into the computer. So, you have to try it.

Stackify

Another cool app monitoring tool that you can use is Stackify which is unique to perform monitoring to database server and application. The best thing about this app monitoring software is that it offers safe access to all contextual data so that you know what happens to it as well as know the reason why it may happen. As it works like on the other app monitoring tools, Stackify also offers notification and alert in real-time so that you will know the status of your app fast.

Conclusions

We list you some best application monitoring tools. This application performance and monitoring tools are not all great. However, you might know more application monitoring tools. Please introduce your application monitoring & performance tools for us. We will test and add it to this list or write another article.

The post 10 Best Application Monitoring Tools for all Platforms appeared first on TECHNIG.