Tech-Gaming

Tech-Gaming 🔹اذا وجدت ما يفيدك فشاركه لتعم الفائدة تحت شعار العالم مفتوح المصدر
🔹if you learn something share it with others don't forget world is open source
(12)

08/01/2024

اخ تراق خادم apache tomcat على بورت 80 http انماب نيكتو و الميتا
من المسح مرورا بالاستكشاف الترقيم الى ايجاد ثغرة و الدخوال
Ex ploit apache tomcat server on port 80 http scan recon enum find ex ploit and run it using nmap nikto and meta

07/29/2024

اقرا الوصف قبل ان تبدا المتطلبات
هاتف اندرويد متصل بالانترنت 2 غيغا رام اقل شي 12 غيغا مساحة خالية على الهاتف
كالي لينكس كامل متكامل في جيبك على هاتف اندرويد بلا روت
مللت من ترمكس و مشاكلها و لا تريد ترويت (root) هاتفك
ثبت نظام كالي مع كامل الصلاحيات على هاتفك مع هاذا الشرح

07/26/2024

▪️NMAP▪️
▪️انماب▪️ اول اداة يجب عليك تعلمها و استخداما سواء كنت هاو مبتدا او محترف. بعد هاذا الشرح لن تسال عن الانماب ثانية اهم و اكثر الاوامر التي تحتاجها مع شرحها لمسح و تعريف الشبكات و الاجهزة و حتى البحث عن ثغرات يكن استغلالها..
الجزء الاول

07/20/2024

▪️كالي لينكس▪️اختراق جهاز/سيرفر عن طريق بروتوكول SSH بالابي فقط بالبايثون و الميتاسبلويت و الدخول للملفات بصلاحية الادمين/روت

07/16/2024

☣️ملاحظة يمكن تطبيق السيناريو بالترمكس☣️
ديمو سيناريو حقيقي لاختراق نظام به بورت 21 FTP مفتوح بدون ارسال ولا شيء فقط بالابي و اخد صلاحيات الروت root او admin بالكالي لينكس.

07/14/2024

عمل مختبر اختراق للتمرن على سيناريوهات الاختراق الحقيقي باستعمال كالي لينكس و ميتاسبلواتابل 2 لصقل مهاراتك
Setup virtual hacking lab using kali linux and metasploitable 2 for real life hack scenarios

07/06/2024

تحميل ميتاسبلويت 6.4 اخر اصدار بامر واحد للهواتف تيرمكس
Install metasploit 6.4 latest version with one command

07/06/2024

تهيئة ترمكس لاول مرة بعد التحميل لتشغيل كل شيء بلا مشاكل...
Termux first use environments to install before use...

07/05/2024

تثببت متصفح ثور على كالي لينكس و الدخول للديب ويب و الهايدن ويكي و محرك بحث الدارك ويب

Install tor browser on kali linux and access deep web and hidden wiki and the dark web search engine

Netcat- the All-Powerful Linux UtilityNetcat is one of those few  tools--like nmap, Metasploit, Wireshark and few others...
02/22/2024

Netcat- the All-Powerful Linux Utility

Netcat is one of those few tools--like nmap, Metasploit, Wireshark and few others-- that every hacker should be familiar with. It is simple, elegant, and has a multitude of uses.

For instance, netcat can be used to;

scan to see if a port is open on a remote 🔹system

🔹pull the banner from a remote system

🔹connect to a network service manually

🔹remote administration

➡️Step 1: Netcat Basics

Let's start off by looking at the help screen for netcat. When using netcat, the command is simply "nc". To get the help screen then, type

▪️Code ==> nc -h
Note a few key switches;

-e execute

-l listen mode

-n numeric IP address mode (no DNS. Its faster)

-p designates the port

-u UDP mode

-v verbose output

🔹Step 2: Create a Simple TCP Connection

Netcat be used to create simple TCP or UDP connection to system to see whether the port and service available. So, for instance, if I wanted to connect to the SSH on another Linux system, I can type;

▪️Code ==> nc -vn 192.168.1.103 22

🔹 Step 3: Banner Grabbing
We can also use netcat to "grab" the banner on web servers by connecting to port 80 and then sending a HTTP / HEAD/1.0 request.

▪️Code ==> nc -vn 192.168.42.26 80

HEAD / HTTP/1.0
Make certain to hit "Enter" a couple times after typing the HEAD request to pull the banner.

🔹Step 4 Port Scanning with netcat

Netcat is capable of so many tasks. Among those is the port scan. You are already familiar with nmap the most widely used port scanner. Netcat can do something very similar without all the bells and whistles of nmap.
To run a port scan with netcat, enter;

▪️Code ==> nc -v -n -z -w1 192.168.42.26 22-150

🔹Step 5: Opening TCP connection between two machines for "chat"

Netcat is capable of creating a simple TCP or UDP connection between two computers and then open a communication channel between them. Let's open a listener on the remote system first. A listener is opened by simply entering the netcat command (nc) followed -l (listen) and the port number you want to listen for connections on (in this case, let's try listening on port 4294, but you can use any port).

▪️Code ==> nc -l -p4294

Then connect to that listener from a remote machine

▪️Code ==> nc 192.168.100.111 4294

When it connects, I can then begin typing my message, such as "What is the Best Place to learn cybersecurity?"
That message will then appear on the remote system with the listener.

And there's more of usefull thinks that NC can do like (remote administration, transferring files,.....)

✔️Cryptcat

Cryptcat is netcat's encrypted cousin. This means that we can make a connection to a remote machine where all our traffic is encrypted with some of the strongest encryption algorithms available anywhere, Two-fish (Two-fish encryption is nearly as strong as AES). You can download it at www.cryptcat.sourceforge.net, but if you are using Kali, it is already installed. Although the switches are largely the same as netcat, the command is "cryptcat" rather than "nc".

Netcat, like Metasploit, nmap, and Wireshark, is a key tool for the hacker and network administrator alike. It's versatility makes it an essential tool for multiple purposes.

Installing required environments for   to make sure everything works fine https://youtu.be/NJLrzbE-49w
08/08/2021

Installing required environments for to make sure everything works fine

https://youtu.be/NJLrzbE-49w

NOTICE : all video provided in this channel are for EDUCATIONAL purposes only ,

Top 10 tools you need to master for your hacking career explained  : part 6 : NETWORK - The masterpiece.6️⃣➡️ Computer n...
06/26/2021

Top 10 tools you need to master for your hacking career explained : part 6 : NETWORK - The masterpiece.

6️⃣➡️ Computer network:

✴️A computer network is a group of computers that use a set of common communication protocols over digital interconnections for the purpose of sharing resources located on or provided by the network nodes. The interconnections between nodes are formed from a broad spectrum of telecommunication network technologies, based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.

➡️The nodes of a computer network may include personal computers, servers, networking hardware, or other specialised or general-purpose hosts. They are identified by hostnames and network addresses. Hostnames serve as memorable labels for the nodes, rarely changed after initial assignment. Network addresses serve for locating and identifying the nodes by communication protocols such as the Internet Protocol.

➡️Computer networks may be classified by many criteria, including the transmission medium used to carry signals, bandwidth, communications protocols to organize network traffic, the network size, the topology, traffic control mechanism, and organizational intent.

➡️Computer networks support many applications and services, such as access to the World Wide Web, digital video, digital audio, shared use of application and storage servers, printers, and fax machines, and use of email and instant messaging applications.

➡️A computer network extends interpersonal communications by electronic means with various technologies, such as email, instant messaging, online chat, voice and video telephone calls, and video conferencing. A network allows sharing of network and computing resources. Users may access and use resources provided by devices on the network, such as printing a document on a shared network printer or use of a shared storage device. A network allows sharing of files, data, and other types of information giving authorized users the ability to access information stored on other computers on the network. Distributed computing uses computing resources across a network to accomplish tasks.

✴️ Network packet ✴️

➡️Most modern computer networks use protocols based on packet-mode transmission. A network packet is a formatted unit of data carried by a packet-switched network. The physical link technologies of packet network typically limit the size of packets to a certain maximum transmission unit (MTU). A longer message is fragmented before it is transferred and once the packets arrive, they are reassembled to construct the original message.

➡️Packets consist of two types of data: control information and user data (payload). The control information provides data the network needs to deliver the user data, for example, source and destination network addresses, error detection codes, and sequencing information. Typically, control information is found in packet headers and trailers, with payload data in between.

➡️With packets, the bandwidth of the transmission medium can be better shared among users than if the network were circuit switched. When one user is not sending packets, the link can be filled with packets from other users, and so the cost can be shared, with relatively little interference, provided the link isn't overused. Often the route a packet needs to take through a network is not immediately available. In that case, the packet is queued and waits until a link is free.

✴️ Network topology ✴️

➡️Network topology is the layout, pattern, or organizational hierarchy of the interconnection of network hosts, in contrast to their physical or geographic location. Typically, most diagrams describing networks are arranged by their topology. The network topology can affect throughput, but reliability is often more critical.

🔹 Common layouts are:

🔸Bus network: all nodes are connected to a common medium along this medium. This was the layout used in the original Ethernet, called 10BASE5 and 10BASE2. This is still a common topology on the data link layer, although modern physical layer variants use point-to-point links instead.

🔸Star network: all nodes are connected to a special central node. This is the typical layout found in a Wireless LAN, where each wireless client connects to the central Wireless access point.

🔸Ring network: each node is connected to its left and right neighbour node, such that all nodes are connected and that each node can reach each other node by traversing nodes left- or rightwards. The Fiber Distributed Data Interface (FDDI) made use of such a topology.

🔸Mesh network: each node is connected to an arbitrary number of neighbours in such a way that there is at least one traversal from any node to any other.

🔸Fully connected network: each node is connected to every other node in the network.

🔸Tree network: nodes are arranged hierarchically.

➡️The physical layout of the nodes in a network may not necessarily reflect the network topology. As an example, with FDDI, the network topology is a ring, but the physical topology is often a star, because all neighboring connections can be routed via a central physical location. Physical layout is not completely irrelevant, however, as common ducting and equipment locations can represent single points of failure due to issues like fires, power failures and flooding.

✴️ Overlay network ✴️

➡️An overlay network is a virtual network that is built on top of another network. Nodes in the overlay network are connected by virtual or logical links. Each link corresponds to a path, perhaps through many physical links, in the underlying network. The topology of the overlay network may (and often does) differ from that of the underlying one. For example, many peer-to-peer networks are overlay networks. They are organized as nodes of a virtual system of links that run on top of the Internet.

➡️The most striking example of an overlay network is the Internet itself. The Internet itself was initially built as an overlay on the telephone network.

✴️ Communication protocols ✴️

➡️A communication protocol is a set of rules for exchanging information over a network. Communication protocols have various characteristics. They may be connection-oriented or connectionless, they may use circuit mode or packet switching, and they may use hierarchical addressing or flat addressing.

➡️In a protocol stack, often constructed per the OSI model, communications functions are divided up into protocol layers, where each layer leverages the services of the layer below it until the lowest layer controls the hardware that sends information across the media. The use of protocol layering is ubiquitous across the field of computer networking. An important example of a protocol stack is HTTP (the World Wide Web protocol) running over TCP over IP (the Internet protocols) over IEEE 802.11 (the Wi-Fi protocol). This stack is used between the wireless router and the home user's personal computer when the user is surfing the web.

✴️ Common protocols ✴️

🔸🔹Internet Protocol Suite : The Internet Protocol Suite, also called TCP/IP, is the foundation of all modern networking. It offers connection-less as well as connection-oriented services over an inherently unreliable network traversed by datagram transmission at the Internet protocol (IP) level. At its core, the protocol suite defines the addressing, identification, and routing specifications for Internet Protocol Version 4 (IPv4) and for IPv6, the next generation of the protocol with a much enlarged addressing capability.

The Internet Protocol Suite is the defining set of protocols for the Internet. Although many computers communicate via the Internet, it is actually a network of networks

🔸🔹 IEEE 802 : IEEE 802 is a family of IEEE standards dealing with local area networks and metropolitan area networks. The complete IEEE 802 protocol suite provides a diverse set of networking capabilities. The protocols have a flat addressing scheme. They operate mostly at levels 1 and 2 of the OSI model.

For example, MAC bridging (IEEE 802.1D) deals with the routing of Ethernet packets using a Spanning Tree Protocol. IEEE 802.1Q describes VLANs, and IEEE 802.1X defines a port-based Network Access Control protocol, which forms the basis for the authentication mechanisms used in VLANs (but it is also found in WLANs) – it is what the home user sees when the user has to enter a "wireless access key".

🔸🔹 Wireless LAN : Wireless LAN, also widely known as WLAN or WiFi, is probably the most well-known member of the IEEE 802 protocol family for home users today. It is standardized by IEEE 802.11 and shares many properties with wired Ethernet.

🔸🔹SONET/SDH : Synchronous optical networking (SONET) and Synchronous Digital Hierarchy (SDH) are standardized multiplexing protocols that transfer multiple digital bit streams over optical fiber using lasers. They were originally designed to transport circuit mode communications from a variety of different sources, primarily to support real-time, uncompressed, circuit-switched voice encoded in PCM (Pulse-Code Modulation) format. However, due to its protocol neutrality and transport-oriented features, SONET/SDH also was the obvious choice for transporting Asynchronous Transfer Mode (ATM) frames.

🔸🔹 Asynchronous Transfer Mode : Asynchronous Transfer Mode (ATM) is a switching technique for telecommunication networks. It uses asynchronous time-division multiplexing and encodes data into small, fixed-sized cells. This differs from other protocols such as the Internet Protocol Suite or Ethernet that use variable sized packets or frames. ATM has similarities with both circuit and packet switched networking. This makes it a good choice for a network that must handle both traditional high-throughput data traffic, and real-time, low-latency content such as voice and video. ATM uses a connection-oriented model in which a virtual circuit must be established between two endpoints before the actual data exchange begins.

🔸🔹 Cellular standards : There are a number of different digital cellular standards, including: Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), cdmaOne, CDMA2000, Evolution-Data Optimized (EV-DO), Enhanced Data Rates for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), Digital Enhanced Cordless Telecommunications (DECT), Digital AMPS (IS-136/TDMA), and Integrated Digital Enhanced Network (iDEN).

🔸🔹Routing : Routing is the process of selecting network paths to carry network traffic. Routing is performed for many kinds of networks, including circuit switching networks and packet switched networks.

In packet-switched networks, routing protocols direct packet forwarding (the transit of logically addressed network packets from their source toward their ultimate destination) through intermediate nodes. Intermediate nodes are typically network hardware devices such as routers, bridges, gateways, firewalls, or switches. General-purpose computers can also forward packets and perform routing, though they are not specialized hardware and may suffer from the limited performance. The routing process usually directs forwarding on the basis of routing tables, which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing.

There are usually multiple routes that can be taken, and to choose between them, different elements can be considered to decide which routes get installed into the routing table, such as (sorted by priority):

➡️ Prefix-Length: where longer subnet masks are preferred (independent if it is within a routing protocol or over a different routing protocol)

➡️Metric: where a lower metric/cost is preferred (only valid within one and the same routing protocol)

➡️Administrative distance: where a lower distance is preferred (only valid between different routing protocols)

Most routing algorithms use only one network path at a time. Multipath routing techniques enable the use of multiple alternative paths.

✴️ Security ✴️

🔸🔹 Computer networks are also used by security hackers to deploy computer viruses or computer worms on devices connected to the network, or to prevent these devices from accessing the network via a denial-of-service attack.

➡️ Network security

🔸🔹Network Security consists of provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and its network-accessible resources.[51] Network security is the authorization of access to data in a network, which is controlled by the network administrator. Users are assigned an ID and password that allows them access to information and programs within their authority. Network security is used on a variety of computer networks, both public and private, to secure daily transactions and communications among businesses, government agencies, and individuals.

➡️ Network surveillance

🔸🔹Network surveillance is the monitoring of data being transferred over computer networks such as the Internet. The monitoring is often done surreptitiously and may be done by or at the behest of governments, by corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent agency.

Computer and network surveillance programs are widespread today, and almost all Internet traffic is or could potentially be monitored for clues to illegal activity.

➡️ End to end encryption

🔸🔹End-to-end encryption (E2EE) is a digital communications paradigm of uninterrupted protection of data traveling between two communicating parties. It involves the originating party encrypting data so only the intended recipient can decrypt it, with no dependency on third parties. End-to-end encryption prevents intermediaries, such as Internet providers or application service providers, from discovering or tampering with communications. End-to-end encryption generally protects both confidentiality and integrity.

Examples of end-to-end encryption include HTTPS for web traffic, PGP for email, OTR for instant messaging, ZRTP for telephony, and TETRA for radio.

➡️ SSL/TLS

🔸🔹The introduction and rapid growth of e-commerce on the World Wide Web in the mid-1990s made it obvious that some form of authentication and encryption was needed. Netscape took the first shot at a new standard. At the time, the dominant web browser was Netscape Navigator. Netscape created a standard called secure socket layer (SSL). SSL requires a server with a certificate. When a client requests access to an SSL-secured server, the server sends a copy of the certificate to the client. The SSL client checks this certificate (all web browsers come with an exhaustive list of CA root certificates preloaded), and if the certificate checks out, the server is authenticated and the client negotiates a symmetric-key cipher for use in the session. The session is now in a very secure encrypted tunnel between the SSL server and the SSL client.

🆘 Useful links and tool's 🆘

➡️ Wireshack the world's leading network analizer : https://www.facebook.com/109516419136687/posts/4061446163943673/

➡️ technical shortcuts explained : https://www.facebook.com/109516419136687/posts/4050681901686766/

➡️ the legendary Netcat : https://www.facebook.com/109516419136687/posts/3842582599163365/

➡️ SS7 explained : https://www.facebook.com/109516419136687/posts/3673205479434412/

➡️ Netstat explained : https://www.facebook.com/109516419136687/posts/3670918172996476/

➡️ Ip tables explained : part 1 : https://www.facebook.com/109516419136687/posts/3623133954441565/

Part 2 : https://www.facebook.com/109516419136687/posts/3631371933617767/

➡️ SSH explained : https://www.facebook.com/109516419136687/posts/3618010628287231/

➡️ SSH for pentesting : https://www.facebook.com/109516419136687/posts/3592097540878540/

➡️ Netpwn explained : https://www.facebook.com/109516419136687/posts/3594142840674010/

➡️ Pythem explained :
https://www.facebook.com/109516419136687/posts/3589843557770605/

And don't forget the legendary NMAP

Ps: if you our post's are helpful share/tag your friends 🙂

Top 10 tools you need to master for your hacking career explained  : part 5 : Cryptography5️⃣➡️ Cryptography, or cryptol...
06/24/2021

Top 10 tools you need to master for your hacking career explained : part 5 : Cryptography

5️⃣➡️ Cryptography, or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries.More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.
➡️ Cryptography prior to the modern age was effectively synonymous with encryption, converting information from a readable state to unintelligible nonsense. The sender of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries. The cryptography literature often uses the names Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, cryptography methods have become increasingly complex and its applications more varied.

➡️Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in actual practice by any adversary. While it is theoretically possible to break into a well-designed system, it is infeasible in actual practice to do so. Such schemes, if well designed, are therefore termed "computationally secure"; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these designs to be continually reevaluated, and if necessary, adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power, such as the one-time pad, but these schemes are much more difficult to use in practice than the best theoretically breakable but computationally secure schemes.
➡️ The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Cryptography also plays a major role in digital rights management and copyright infringement disputes in regard to digital media.
➡️ Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible form (called ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that carry out the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and, in each instance, by a "key". The key is a secret (ideally known only to the communicants), usually a string of characters (ideally short so it can be remembered by the user), which is needed to decrypt the ciphertext. In formal mathematical terms, a "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, and the encryption and decryption algorithms which correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes.
Some use the terms cryptography and cryptology interchangeably in English, while others (including US military practice generally) use cryptography to refer specifically to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis. English is more flexible than several other languages

✴️ essential encryption terms ✴️

🔹Algorithm 🔹
🔸Also known as a cipher, algorithms are the rules or instructions for the encryption process. The key length, functionality, and features of the encryption system in use determine the effectiveness of the encryption.

🔹 Decryption 🔹
🔸Decryption is the process of converting unreadable ciphertext to readable information.

🔹Key 🔹
🔸An encryption key is a randomized string of bits used to encrypt and decrypt data. Each key is unique, and longer keys are harder to break. Typical key lengths are 128 and 256 bits for private keys and 2048 for public keys.

✴️There are two kinds of cryptographic key systems, symmetric, and asymmetric.

🔹🔸Symmetric Key Systems
In a symmetric key system, everyone accessing the data has the same key. Keys that encrypt and decrypt messages must also remain secret to ensure privacy. While it’s possible for this to work, securely distributing the keys to ensure proper controls are in place makes symmetric encryption impractical for widespread commercial use.

🔹🔸Asymmetric Key Systems
An asymmetric key system, also known as a public/private key system, uses two keys. One key remains secret—the private key—while the other key is made widely available to anyone who needs it. This key is called the public key. The private and public keys are mathematically tied together, so the corresponding private key can only decrypt that information encrypted using the public key.

✴️ Common Encryption Algorithms ✴️

🔹🔸Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.

Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more accurate. Despite slowly being phased out, Triple DES has, for the most part, been replaced by the Advanced Encryption Standard (AES).

🔹🔸 AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations. Although it is highly efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.

AES is largely considered impervious to all attacks, except for brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher.

🔹🔸 RSA Security
RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It also happens to be one of the methods used in PGP and GPG programs. Unlike Triple DES, RSA is considered an asymmetric algorithm due to its use of a pair of keys. You’ve got your public key to encrypt the message and a private key to decrypt it. The result of RSA encryption is a huge batch of mumbo jumbo that takes attackers a lot of time and processing power to break.

🔹🔸Blowfish
Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish is known for its tremendous speed and overall effectiveness. Meanwhile, vendors have taken full advantage of its free availability in the public domain. You’ll find Blowfish in software categories ranging from e-commerce platforms for securing payments to password management tools, where it protects passwords. It’s one of the more flexible encryption methods available.
🔹🔸Twofish
Computer security expert Bruce Schneier is the mastermind behind Blowfish and its successor Twofish. Keys used in this algorithm may be up to 256 bits in length, and as a symmetric technique, you only need one key. Twofish is one of the fastest of its kind and ideal for use in hardware and software environments. Like Blowfish, Twofish is freely available to anyone who wants to use it.

✴️ Cryptographic hash function ✴️

➡️ cryptographic hash function (CHF) is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function which is practically infeasible to invert or to reverse the computation of.Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Cryptographic hash functions are a basic tool of modern cryptography.

➡️ The ideal cryptographic hash function has the following main properties:

🔹🔸it is deterministic, meaning that the same message always results in the same hash
🔹🔸it is quick to compute the hash value for any given message
🔹🔸it is infeasible to generate a message that yields a given hash value (i.e. to reverse the process that generated the given hash value)
🔹🔸it is infeasible to find two different messages with the same hash value
🔹🔸a small change to a message should change the hash value so extensively that a new hash value appears uncorrelated with the old hash value (avalanche effect)

➡️ Cryptographic hash functions have many information-security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information-security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for more general functions with rather different properties and purposes.

✴️ Cryptographic hash algorithms ✴️

🔹🔸MD5
MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4, and was specified in 1992 as RFC 1321. Collisions against MD5 can be calculated within seconds which makes the algorithm unsuitable for most use cases where a cryptographic hash is required. MD5 produces a digest of 128 bits (16 bytes).

🔹🔸SHA-1
SHA-1 was developed as part of the U.S. Government's Capstone project. The original specification – now commonly called SHA-0 – of the algorithm was published in 1993 under the title Secure Hash Standard, FIPS PUB 180, by U.S. government standards agency NIST (National Institute of Standards and Technology). It was withdrawn by the NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly designated SHA-1. Collisions against the full SHA-1 algorithm can be produced using the shattered attack and the hash function should be considered broken. SHA-1 produces a hash digest of 160 bits (20 bytes).

🔹🔸 RIPEMD-160
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996. RIPEMD was based upon the design principles used in MD4 and is similar in performance to the more popular SHA-1. RIPEMD-160 has, however, not been broken. As the name implies, RIPEMD-160 produces a hash digest of 160 bits (20 bytes)

🔹🔸Whirlpool
Whirlpool is a cryptographic hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto, who first described it in 2000. Whirlpool is based on a substantially modified version of the Advanced Encryption Standard (AES). Whirlpool produces a hash digest of 512 bits (64 bytes).

🔹🔸SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA), first published in 2001. They are built using the Merkle–Damgård structure, from a one-way compression function itself built using the Davies–Meyer structure from a (classified) specialized block cipher.

SHA-2 basically consists of two hash algorithms: SHA-256 and SHA-512. SHA-224 is a variant of SHA-256 with different starting values and truncated output. SHA-384 and the lesser-known SHA-512/224 and SHA-512/256 are all variants of SHA-512. SHA-512 is more secure than SHA-256 and is commonly faster than SHA-256 on 64-bit machines such as AMD64.

The output size in bits is given by the extension to the "SHA" name, so SHA-224 has an output size of 224 bits (28 bytes); SHA-256, 32 bytes; SHA-384, 48 bytes; and SHA-512, 64 bytes.

🔹🔸SHA-3
SHA-3 (Secure Hash Algorithm 3) was released by NIST on August 5, 2015. SHA-3 is a subset of the broader cryptographic primitive family Keccak. The Keccak algorithm is the work of Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche. Keccak is based on a sponge construction which can also be used to build other cryptographic primitives such as a stream cipher. SHA-3 provides the same output sizes as SHA-2: 224, 256, 384, and 512 bits.

Configurable output sizes can also be obtained using the SHAKE-128 and SHAKE-256 functions. Here the -128 and -256 extensions to the name imply the security strength of the function rather than the output size in bits.

🔹🔸BLAKE2
BLAKE2, an improved version of BLAKE, was announced on December 21, 2012. It was created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein with the goal of replacing the widely used but broken MD5 and SHA-1 algorithms. When run on 64-bit x64 and ARM architectures, BLAKE2b is faster than SHA-3, SHA-2, SHA-1, and MD5. Although BLAKE and BLAKE2 have not been standardized as SHA-3 has, BLAKE2 has been used in many protocols including the Argon2 password hash, for the high efficiency that it offers on modern CPUs. As BLAKE was a candidate for SHA-3, BLAKE and BLAKE2 both offer the same output sizes as SHA-3 – including a configurable output size.

🔹🔸BLAKE3
BLAKE3, an improved version of BLAKE2, was announced on January 9, 2020. It was created by Jack O'Connor, Jean-Philippe Aumasson, Samuel Neves, and Zooko Wilcox-O'Hearn. BLAKE3 is a single algorithm, in contrast to BLAKE and BLAKE2, which are algorithm families with multiple variants. The BLAKE3 compression function is closely based on that of BLAKE2s, with the biggest difference being that the number of rounds is reduced from 10 to 7. Internally, BLAKE3 is a Merkle tree, and it supports higher degrees of parallelism than BLAKE2.

✴️ Attacks on hashed passwords ✴️

➡️ A common use of hashes is to store password authentication data. Rather than store the plaintext of user passwords, a controlled access system stores the hash of each user's password in a file or database. When someone requests access, the password they submit is hashed and compared with the stored value. If the database is stolen (an all too frequent occurrence ), the thief will only have the hash values, not the passwords.

However, most people choose passwords in predictable ways. Lists of common passwords are widely circulated and many passwords are short enough that all possible combinations can be tested if fast hashes are used. The use of cryptographic salt prevents some attacks, such as building files of precomputing hash values, e.g. rainbow tables. But searches on the order of 100 billion tests per second are possible with high-end graphics processors, making direct attacks possible even with salt.

🆘 Useful tools 🆘

➡️ findmyhash Package Description
🔹Accepted algorithms are:
🔸MD4 – RFC 1320
🔸MD5 – RFC 1321
🔸SHA1 – RFC 3174 (FIPS 180-3)
🔸SHA224 – RFC 3874 (FIPS 180-3)
🔸SHA256 – FIPS 180-3
🔸SHA384 – FIPS 180-3
🔸SHA512 – FIPS 180-3
🔸RMD160 – RFC 2857
🔸GOST – RFC 583
🔸WHIRLPOOL – ISO/IEC 10118-3:2004
🔸LM – Microsoft Windows hash NTLM – 🔸Microsoft Windows hash
🔸MYSQL – MySQL 3, 4, 5 hash
🔸CISCO7 – Cisco IOS type 7 encrypted passwords
🔸JUNIPER – Juniper Networks $9$ encrypted passwords
🔸LDAP_MD5 – MD5 Base64 encoded
🔸LDAP_SHA1 – SHA1 Base64 encoded.

➡️ hashcat Package Description
🔹hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

Ps: hashcat and findmyhash can be found pre-installed in kali linux

🔹 If you found our post useful support us by sharing/tagging your friends ,thank you 🙂
----------------------
🔸 Facebook --> Ishop-tech

🔸 YouTube --> https://youtube.com/channel/UCWzofP5wDowkw0Il2g3VKag

Address

Earth, TX

Website

Alerts

Be the first to know and let us send you an email when Tech-Gaming posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Tech-Gaming:

Videos

Share

Nearby media companies


Other Gaming Video Creators in Earth

Show All