What is a Firewall?
A firewall is a tool that monitors communication to and from your computer. It sits between your computer and the rest of the network, and according to some criteria, it decides which communication to allow, and which communication to block. It may also use some other criteria to decide about which communication or communication request to report to you (either by adding the information to a log file that you may browse whenever you wish, or in an alert message on the screen), and what not to report.
What Is It Good For?
Identifying and blocking remote access Trojans. Perhaps the most common way to break into a home computer and gain control, is by using a remote access Trojan (RAT). (sometimes it is called "backdoor Trojan" or "backdoor program". Many people simply call it a "Trojan horse" although the term "Trojan horse" is much more generic). A Trojan horse, is a program that claims to do something really innocent, but in fact does something much less innocent. This goes to the days where the Greek soldiers succeeded to enter through the gates of Troy by building a big wooden horse, and giving it as a present to the king of Troy. The soldiers allowed the sculpture to enter through their gates, and then at night, when the soldiers were busy guarding against an outside attack, many Greek soldiers who were hiding inside the horse went out and attacked Troy from the inside. This story, which may or may not be true, is an example of something which looks like something innocent and is used for some less innocent purpose. The same thing happens in computers. You may sometimes get some program, via ICQ, or via Usenet, or via IRC, and believe this program to be something good, while in fact running it will do something less nice to your computer. Such programs are called Trojan horses. It is accepted to say that the difference between a Trojan horse and a virus, is that a virus has the ability to self-replicate and to distribute itself, while a Trojan horse lacks this ability. A special type of Trojan horses, is RATs (Remote Access Trojans, some say "remote admin Trojans"). These Trojans once executed in the victim's computer, start to listen to incoming communication from a remote matching program that the attacker uses. When they get instructions from the remote program, they act accordingly, and thus let the user of the remote program to execute commands on the victim's computer. To name a few famous RATs, the most common are Netbus, Back-Orifice, and SubSeven (which is also known as Backdoor-G). In order for the attacker to use this method, your computer must first be infected by a RAT.
Prevention of infections by RATs is no different than prevention of infection by viruses. Antivirus programs can identify and remove most of the more common RATs. Personal firewalls can identify and block remote communication efforts to the more common RATs and by thus blocking the attacker, and identifying the RAT.
Blocking/Identifying Other Types of Trojans and WQorms?
There are many other types of Trojan horses which may try to communicate with the outside from your computer. Whether they are e-mail worms trying to distribute themselves using their own SMTP engine, or they might be password stealers, or anything else. Many of them can be identified and blocked by a personal firewall.
Identifying/Blocking Spyware's/Adbots?
The term "spyware" is a slang which is not well defined. It is commonly used mainly for various adware (and adware is a program that is supported by presenting advertisements to the user), and that during their installation process, they install an independent program which we shall call "adbot". The adbot runs independently even if the hosting adware is not running, and it maintains the advertisements, downloads them from the remote server, and provides information to the remote server. The adbot is usually hidden. There are many companies that offer adbots, and advertisements services to adware. The information that the adbots deliver to their servers from the computer where the adbot is installed, is "how much time each advertisement is shown, which was the hosting adware, and whether the user clicked on the advertisement. This is important so that the advertisements server will be able to know how much money to get from each of the advertised companies, and how much from it to deliver to each of the adware maintainers. Some of the adbots also collect other information in order to better choose the advertisements to the users. The term "spyware" is more generic, but most of the spyware fall into this category. Many types of adbots can be identified and blocked by personal firewalls.
Blocking Advertisements?
Some of the better personal firewalls can be set to block communication with specific sites. This can be used in order to prevent downloading of advertisements in web pages, and thus to accelerate the download process of the web sites. This is not a very common use of a personal firewall, though.
Preventing Communication to Tracking Sites?
Some web pages contain references to tracking sites. e.g. instruct the web browser to download a small picture (sometimes invisible) from tracking sites. Sometimes, the pictures are visible and provide some statistics about the site. Those tracking sites will try to save a small text either as a small file in a special directory, or as a line in a special file (depending on what is your browser), and your browser will usually allow the saving site to read the text that it saved on your computer. This is called "web cookies" or sometimes simply "cookies". Cookies allow a web site to keep information that it saved some time when you entered it, to be read whenever you enter the site again. This allow the web site to customize itself for you, and to keep track on everything that you did on that site. It does not have to keep that information on your computer. All it has to save on your computer is a unique identifying number, and then it can keep in the server's side information regarding what has been done by the browser that used that cookie. Yet, by this method, a web site can get only information regarding your visits in it. Some sites such as "doubleclick" or "hitbox" can collect information from various affiliated sites, by putting a small reference in the affiliated pages to some picture on their servers. When you enter one of the affiliated web pages, your browser will communicate with the tracking site, and this will allow the tracking site to put or to read a cookie that identifies your computer uniquely, and it can also know what was the web page that referred to it, and any other information that the affiliated web site wanted to deliver to the tracking site. This way tracking sites can correlate information from many affiliated sites, to build information that for example will allow them to better customize the advertisements that are put on those sites when you browse them.
Some personal firewalls can be set to block communication to tracking sites. It is not a common use of a personal firewall, though, and a personal firewall is not the best tool for that, but if you already have one, this is yet another possible use of it.
Blocking or Limiting the NetBIOS Communication? (as well as other default services)
The two common methods of intruders to break into home computers, are through a RAT (which was discussed in II.3a) and through the NetBIOS communication. The NetBIOS is a standard for naming computers in small networks, developed long ago by IBM and Microsoft. There are a few communication standards which are used in relation to the NetBIOS. The ones that are relevant for Microsoft Windows operating systems, are: NBT (NetBIOS over TCP/IP), IPX/SPX, and NetBEUI. The communication standard which is used over the Internet, is NBT. If it is enabled, and there is no firewall or something else in the middle, it means that your computer is listening for communications over the Internet via this standard, and will react according to the different NBT commands that it gets from the remote programs. It is thus that the NBT (which sometimes loosely called "NetBIOS") is acting as a server. So the next question should be "what remote NBT commands the NBT server will do on the local computer". The answer to this question depends on the specific setting on your computer. You may set your computer to allow file and print sharing. If also NBT is enabled, it means that you allow remote users to share your files or printers. This is a big problem. It is true that in principle the remote user has to know your password for that computer, but many users do not set a password for their user on Windows, or set a trivial password. Older versions of Win95 had file and print sharing over NetBIOS enabled by default. On Win98, and WinMe it was disabled by default, but many technicians, when they set a home network, they enable the file and print sharing, without being aware that it influences also the authorizations of a remote Internet user. There are even worms and viruses who use the File sharing option to spread in the Internet. Anyway, no matter whether you need it for some reason or just are not aware of it, a personal firewall can identify and block any external effort to communicate with the NetBIOS server on your computer. The more flexible personal firewalls can be set to restrict the authorization to communicate with the NetBIOS. Some Windows operating systems, especially those which are not meant for home uses, offer other public services by default, such as RPC. A firewall can identify communication efforts to them, and block them. Since such services listen to remote communications, there is a potential risk when there are efforts to exploit security holes in the programs that offer the services, if there are such security holes. A firewall may block or limit the communication to those services.
Hiding Your Computer on the Internet?
Without a firewall, on a typical computer, even if well maintained, a remote person will still be able to know that the communication effort has reached some computer, and perhaps some information about the operating system on that computer. If that computer is handled well, the remote user will not be able to get much more information from your computer, but might still be able to identify also who your ISP is, and might decide to invest further time in cracking into your computer.
With a firewall, you can set the firewall so that any communication effort from remote users (in the better firewalls you may define an exception list) will not be responded at all. This way the remote user will not be able to even know that it reached a live computer. This might discourage the remote attacker from investing further time in effort to crack into your computer.
The Non-Firewall Defenses
We've discussed a few situations where a personal firewall can provide defense. Yet, in many cases a computer maintainer can deal with those situations even without a firewall. Those "alternative" defenses, in many cases are recommended regardless of whether you use a firewall or not.
Remote Access Trojans?
The best way to defend against remote access Trojans (RATs) is to prevent them from being installed in the first place on your computer. A RAT should first infect your computer in order to start to listen to remote communication efforts. The infection techniques are very similar to the infection techniques that viruses use, and hence the defense against Trojan horses is similar to the defense against viruses. Trojan horses do not distribute themselves (although they might be companions of another Internet worm or virus that distributes them. Yet, because in most cases they do not distribute themselves, it is likely that you will get them from anonymous sources, such as instant messengers, Kazaa, IRC, or a newsgroup. adopting a suspicious policy regarding downloads from such places, will save you not only from viruses but also from getting infected with Trojan horses, including RATs. Because Trojan horses are similar in some ways to viruses, almost all antivirus programs can identify, block from being installed, and remove most of the Trojan horses, including all the common ones. There are also some programs (sometimes called antiTrojan programs) which specialize in the identification and removal of Trojan horses. For a list of those programs, and for comparison on how well different antivirus, and antiTrojan programs identify different Trojan horses, see Hackfix (http://www.hackfix.org), under "Software test results". Hackfix also has information on the more common RATS (such as the Netbus and the Subseven) and on how to remove them manually. There are some tools and web sites, such port scanners, and some ways with a use of more generic tools such as telnet, msconfig, and netstat, which may help you to identify a RAT.
Other types of Trojans and worms?
Also here your main interest should be to prevent them from infecting your computer in the first place, rather than blocking their communication. A good antivirus and a good policy regarding the prevention of virus infections, should be the first and most important defense.
Spyware and Adbots?
The term spyware is sometimes misleading. In my view, it is the responsibility of the adware developer to present the fact that the adware installation will install or use an independent adbots, and to provide the information on how this adbot communicates, and which information it delivers, in a fair place and manner before the adware is installed. It is also a responsibility to provide this information in their web sites, so that people will be aware of that before they even download the software. Yet, in general, those adbots do not pose any security threat, and in many cases also their privacy threat is negligible for many people (e.g. the computer with adbot number 1127533 has been exposed to advertisements a, b, c, such and such times, while using adware x, while on computer with adbot number 1127534 has been exposed to advertisements a,d, and e, such amount of time, with the use of adware y, and clicked on ads number d). It should be fully legitimate for software developers to offer an advertisement supported programs, and it is up to the user to decide whether the use of the program worth the ads and the adbot, or not. Preventing adbot from communicating is generally not a moral thing. If you decide to use an adware, you should pay the price of letting the adbot work. If you don't want it, please remove the adware, and only if for some reason the adbot continue to work even if no hosting adware that uses it is installed, you may remove the adbot. Anyway, there are some very useful tools to identify whether a program is a "spyware", or whether a "spyware" is installed on your computer, and you are certainly entitled to this information. Two useful programs are "AdAware" which identifies "spyware" components on your computer and allows you to remove them, and Ad-Search which allows you to provide a name of a program, and it tells you whether this program is a "spyware" and which adbot it uses. It is useful to assist you in choosing whether to install a program or not. You may find those programs in http://www.lavasoft.nu (or, if it doesn't work, you may try http://www.lavasoftusa.com). Those programs are useful, mainly because many adware developers are not fair enough to present this information in a fair manner. AdAware allows you to also remove those adbot components from your computer. This might, however, terminate your license to use the hosting adware programs, and might even cause them to stop functioning. A website which offers to check whether a specific program that you wish to install is "spyware" or not, is http://www.spychecker.com .
Blocking Advertisements?
Leaving aside the moral aspect of blocking advertisements, a personal firewall is not the best tool for that anyway. This is not the main purpose of a firewall, and neither its main strength. Some of them can block some of the advertisements from being downloaded, if you know how to configure them for that. Yet, there are better tools for that, such as Proxomitron (http://www.proxomitron.org), CookieCop 2 (search for the word cookiecop on http://www.pcmag.com), or Naviscope (http://www.naviscope.com), and there are many other programs as well. You may check for other alternatives, e.g. in Tucows (http://www.tucows.com/adkiller95.html).
Blocking Tracking Sites?
Also here, a personal firewall is not the best tool for that, and there are other tools and ways which are more effective. These are cookie utilities. Since a tracking site uses a cookie to identify and relate the information gathered to the same person (or computer), by preventing the cookie from being installed. The tracking site will lose its ability to track things. There are plenty of cookie management utilities. Some of them are freeware, and some are not. CookieCop which was mentioned in the former section is one of them. WebWasher (http://www.webwasher.com) is another recommended one, and there are plenty of other alternatives such as cookie-crusher, cookie-pal, pop-up killer, etc. You may search for other alternatives, in Tucows (http://www.tucows.com/cookie95.html).
NetBIOS and Other Services?
The NetBIOS over TCP/IP (NBT) which is sometimes loosely called "NetBIOS", is a service which has some security problems with it. It is enabled by default in Windows default installations, and it is very common to see that a firewall does the job of preventing the efforts to get access to your computer via NBT. Yet, in almost all cases, this service is not needed, and thus can be disabled. To disable NBT in Win95/98/ME is not as simple as it is in Win2K/XP, but can still be done reliably. We explain how to do this in another article (#to be written soon). It is needless to say, that if NBT is disabled, there is no need for a firewall to block communication to it. Also, in the case of other services, such as RPC services, and others, in many cases you simply don't need those services and better disable them from within Windows rather than use the firewall to block them. There are various ways to know which services are running on your computer, and which of them are listening for communications from the outside. If there are ones that you don't need, they should be disabled.
Hiding the Computer?
In web sites of many personal firewall companies, they are putting a lot of weight on the ability of their firewall to hide the computer on the Internet. Yet, exposing your home computer on the Internet is by itself, neither a security nor a privacy threat. If you provide some services to the Internet on your computer, for example, you put a web server on your computer to allow other people to view web pages, then you might get rid of some of the crackers, by setting your firewall to unhide only this type of communications. Some attackers will not make a full scan of your computer, but only a partial scan, and if they did not scan for the specific service that you provided, they will not see your computer. Yet, if the service is a common one, there is a good chance for many of them to scan it and thus find the existence of your computer. If they "see" the existence of your computer, they might decide to scan it further, and find out the services you are providing, and scan it for security holes to use. Yet, there is no much meaning to it when we speak about simple home computers.
What a Firewall Cannot Do!
Another misconception about personal firewalls is that they are incorrectly thought as if they claim to give an overall protection against "hackers" (i.e. intrusions). They are not.
Defense Against Exploitation of Security Holes
A firewall can allow or deny access to your computer or from your computer according to the type of communication, its source and destination, and according to the question which program on your computer is handling the communication. Yet, its ability to understand the details of the communication is very limited. For example, you may set the firewall to allow or to deny your e-mail program from getting and/or sending messages. It may allow or deny your web browser from browsing the Internet. But if you allowed your e-mail program to communicate with the e-mail servers for sending and receiving messages, (and you are likely to allow it if you want to use your e-mail program), or if you set the firewall to allow your web browser to communicate with web sites, the firewall will not be able to understand the content of the communication much further, and if your web browser has a security hole, and some remote site will try to exploit it, your firewall will not be able to make a distinction between the communication that exploits the security hole, and legitimate communication. The same principle goes with e-mail program. A personal firewall may block you from receiving or sending e-mail messages, but if you allowed it to receive messages, the personal firewall will not make a distinction between a legitimate message and a non-legitimate one (such as a one that carries a virus or a Trojan horse). Security holes in legitimate programs can be exploited and a personal firewall can do practically nothing about it.
I should comment, however, that some personal firewalls come combined with some Trojan horse detection, or intrusion detection. This is not part of the classical definition of a firewall, but it might be useful. Such tasks are usually taken by other tools such as antivirus programs or antiTrojan programs.
Tricks to Bypass or Disable Personal Firewalls
There are also various ways to disable, or bypass personal firewalls. During the time a few tricks to bypass or disable were demonstrated by various programs. Especially, tricks for an internal program to communicate with the outside bypassing or tricking the firewall. For some of them such as the one demonstrated by the Leaktest, and in which a non-legitimate program disguises itself as Internet Explorer, practically today, all personal firewalls are immuned. For other tricks, such as a one demonstrated by Outbound, which uses some non-standard type of communication directly to the network adapters bypassing the components of the operating system which are suppose to deal with Internet communication, and by that bypassing the firewall, are only now being patched against by the various firewalls, and yet other methods, such as the one demonstrated by Tooleaky, which uses Internet Explorer as a messenger to communicate with the outside, and is thus identified as a mere legitimate browsing, are still waiting for most of the personal firewall to find a fix.
Firewalls CANNOT Decide for You What is a Legitimate Communication and What is Not
One of the main problems with personal firewalls, is that you cannot simply install them and forget them, counting on them to do their job. They can deny or permit various types of communications according to some criteria, but what is this criteria, and who decides what is the criteria for whether they should permit or deny some communication?
The answer, is that it is the computer user's job to define the exact criteria when the firewall should allow a communication and when it should block it. The firewall may make it easier for you, but it should not take the decisions. There are too many programs, too many versions, and it is not possible for the firewall to decide accurately when a communication is legitimate and when it is not. One person might think that it is legitimate for some program to deliver some information to the outside in order to get some service, while another will think that it is not. One version of a program might communicate with its home server in order to check whether there is an upgrade, and another version might also install the upgrade even if you do not wish. Some firewalls will try to identify communication efforts which are largely considered as legitimate, and will let you the information so that it will be easier for you to decide whether such should be allowed. Others will suffice with more basic information, making no suggestions (and thus - no incorrect recommendations). One way or another, once you installed a firewall, you will have better means to understand what types of communications are running on your computer, but you will also have to understand them in order to be able to configure your firewall so that it will correctly know which communications to allow and which to block.
Common Problems and Deficiencies Regarding Personal Firewalls
A personal firewall might be a good contribution to security. Yet, if you do not understand much about the topic, then you are likely to be confused and misled by its alerts and queries, and thus find yourself spending hours in chasing after imaginary crackers, fear from imaginary threats, and misconfigure it due to misunderstanding. You may find yourself blocking legitimate and important communication believing it to be cracking efforts, and thus surprised to see why things work slowly or why you are disconnected from the Internet, or you might be misled to allow a non-legitimate communication by some software that tricked you to believe that it is a legitimate one. On the other side, if you are quite knowledgeable on computers and security, then you are likely to effectively defend your computer even without a firewall (by means discussed in section II.4) and it is thus that the role of personal firewall in securing your computer, is extremely small and not much important. We discuss here in brief some of the problems that personal firewalls may generate.
A False Sense of Security
As we've already learned here, a firewall is limited in its ability to secure your computer. Yet, many people believe that if they will install a personal firewall they will be secured against the various security threats. I was even surprised to find out that there are people who believe that give much higher priority in installing a personal firewall than in installing an antivirus program. An always updated antivirus program plays a much more important role in the security of a personal home computer than installing and maintaining a personal firewall. A personal firewall should not come on account of any other security measure that you use.
A False Sense of Insecurity
When you install a firewall and you look at all the communication efforts through it, you might be surprised at the amount of communication efforts from the Internet to your computer. Most of them are blocked by a typically configured firewall. There are all the times efforts to try to communicate with various backdoor Trojans on your computers. If you are not infected, there will be nothing to listen and to respond to those communication efforts, and they are thus practically harmless. There are efforts to communicate with your NBT driver, to see if your computer by mistake allows file sharing. There are other types of probes to see if your computer exists, or various efforts of servers to probe your computer in order to find the best path for legitimate communication to it. There are sometimes remnants of communications that were supposed to go to other computers, but made their way to yours (for advanced readers: because the IP number that your computer uses, were used by some other computer earlier). Those communication efforts are blocked even without a firewall. If your computer is not infected with a RAT, and if your computer don't have NetBIOS over TCP/IP enabled or even it does not have file and print sharing enabled (and on most computers this is disabled by default), then none of these pose any security threat. If your computer is not infected with a SubSeven Trojan, then no matter how often there will be efforts to communicate with it, they are all doomed to be failed.
Yet, some personal firewall (such as Norton Personal Firewall or ZoneAlarm) by default proudly announce that they have just blocked an effort to crack into your computer. Norton may even define those efforts that were blocked as "high security threats" while they were not a threat at all even if your computer didn't have a personal firewall at all. Such firewalls give you the false impression that they save your computer again and again from extremely dangerous threats on the Internet, so that you wonder how did you survive so much time without noticing any intrusion before you installed the firewall. I usually say, that those personal firewalls are set their "report level" to "promotional mode". Namely, the personal firewall is set to give you the false impression that it is much more important than it really is.
Chasing After Ghosts
This is a side effect of the types of misunderstandings that were discussed in the previous subsection.
When a person who starts to learn about the jargon related to personal firewalls, is reported that some "dangerous" communication efforts persist from the same source, the person is decisive to locate and identify the "hacker", and perhaps report about it to the police or to its Internet service provider. However, since many people do not really understand thoroughly how things work, they may sometimes spend many hours in trying to locate a cracker that does not exist, or when the knowledge they need to have, in order to track the cracker, is much higher than what they have, and they might even suspect the wrong person due to lack of knowledge (e.g. the connection person on the Internet service provider that was used by the cracker). More knowledgeable people, usually do not bother to track those "hackers" (which are usually teenagers), but instead are concentrating on the security of their computer.
Blocking Legitimate Communications
No personal firewall is smart enough to decide for the user what is a legitimate communication and what is not. A personal firewall cannot make a distinction between a legitimate program trying to contact its server to check and notify the user when there is a newer version, and a non-legitimate program trying to communicate with its server in order deliver sensitive information such as passwords, unless the user tells it. It is thus up to the user to decide what should be considered as legitimate and what should not. Yet, can we count on the user to be knowledgeable enough to decide what is legitimate and what is not? In many cases the user is not knowledgeable enough, and may thus allow non-legitimate communication or disallow a legitimate and important communication. There are many types of communications handled just to manage other communications. Among this are various types of communications between your computer and the various servers of your Internet service provider. A not knowledgeable user may interpret those types of communications as cracking efforts, and will thus decide to block them. As a result, a connection might become slower, a connection to the Internet service provider might be disconnected quiet often and other types of communication problems.
Being Tricked by Trojans bbb
Just as less knowledgeable users may instruct the firewall to block legitimate communications, they can be tricked by various Trojans to allow them to communicate. Some Trojans are using names resembling or identical to names of legitimate programs, so that the user would think that it is a legitimate programs. Users should be aware of that.
Heavy Software, Buggy Software
Until now we discussed only problems related to lack of appropriate knowledge by the user. Yet, there are other problems regarding personal firewalls. For example, some of them are known to be quite heavy on computer resources, or slow down the communication speed. Different personal firewalls quite vary with regard to that. If you have a new computer with a slow Internet communication (such as regular dial-up networking) then it might not slow down your computer noticeably. Yet, if you use an older computer, and a fast communication, you might find that some personal firewalls will slow down your communication quite drastically. Personal firewalls also vary on how much they are stable.
Advantages of External Firewalls over Personal Firewalls
1. They do not take resources from the computer. This should be clear. This is especially useful when the firewall blocks flooding attacks.
2. It is harder (although in principle still possible) for a Trojan horse to disable it, because it does not reside in the same computer that the Trojan has infected. It is not possible to use the specific communication while totally bypassing the firewall.
3. They can be used without any dependence on the operating system on the computer(s) they defend.
4. No instability problems
Saturday, 14 April 2012
Proxy How to
Proxies
What is a Proxy Server?
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>> http://www.multiproxy.org/
Why do I need to use proxy servers?
Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately.
Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server.
What is a public proxy server?
It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous.
Free service trying to provide list of public HTTP proxy servers. Usually provide small list of proxies with low percent of functioning servers due to hosting restrictions on CPU time (they simply can't allow themselves to check many proxies every second especially in parallel).
The Solution?
When using an anonymous proxy server you don’t give a anybody chance to find out your IP address to use it in their own interests. ;) If there is a need to make an (inner) proxy connect to the outside world via another (outer) proxy server, you can use the same environment variables as are used to redirect clients to the proxy to make inner proxy use the outer one:
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
E.g. your (inner) proxy server's startup script could look like this:
#!/bin/sh
http_proxy=http://outer.proxy.server:8082/
export http_proxy
/usr/etc/httpd -r /etc/inner-proxy.conf -p 8081
This is a little ugly, so there are also the following directives in the configuration file:
http_proxy http://outer.proxy.server/
ftp_proxy http://outer.proxy.server/
gopher_proxy http://outer.proxy.server/
wais_proxy http://outer.proxy.server/
What is a Proxy Server?
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>> http://www.multiproxy.org/
Why do I need to use proxy servers?
Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately.
Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server.
What is a public proxy server?
It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous.
Free service trying to provide list of public HTTP proxy servers. Usually provide small list of proxies with low percent of functioning servers due to hosting restrictions on CPU time (they simply can't allow themselves to check many proxies every second especially in parallel).
The Solution?
When using an anonymous proxy server you don’t give a anybody chance to find out your IP address to use it in their own interests. ;) If there is a need to make an (inner) proxy connect to the outside world via another (outer) proxy server, you can use the same environment variables as are used to redirect clients to the proxy to make inner proxy use the outer one:
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
E.g. your (inner) proxy server's startup script could look like this:
#!/bin/sh
http_proxy=http://outer.proxy.server:8082/
export http_proxy
/usr/etc/httpd -r /etc/inner-proxy.conf -p 8081
This is a little ugly, so there are also the following directives in the configuration file:
http_proxy http://outer.proxy.server/
ftp_proxy http://outer.proxy.server/
gopher_proxy http://outer.proxy.server/
wais_proxy http://outer.proxy.server/
IP How to
Before you can change your IP you need some information. This information includes your IP range, subnet mask, default gateway, dhcp server, and dns servers.
1. Getting your IP range - Getting information about your IP range is not difficult, I recommend using Neo Trace on your own IP. But for my test just look at your IP address, say it's 24.193.110.13 you can definitely use the IP's found between 24.193.110.1 < [new IP] < 24.193.110.255, don't use x.x.x.1 or x.x.x.255. To find your IP simply open a dos/command prompt window and type ipconfig at the prompt, look for "IP Address. . . . . . . . . . . . : x.x.x.x".
2. Subnet Mask, Default Gateway, DHCP Server - These are very easy to find, just open a dos/command prompt window and type 'ipconfig /all' without the ' '. You should see something like this:
Windows IP Configuration:
Host Name . . . . . . . . . . . . . . : My Computer Name Here
Primary Dns Suffix . . . . . . . . . :
Node Type . . . . . . . . . . . . . . .: Unknown
IP Routing Enabled. . . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . . . . . . .: xxxx.xx.x
Description . . . . . . . . . . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter (NGRPCI)
Physical Address. . . . . . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . . . . . . : Yes
IP Address. . . . . . . . . . . . . . . . . . . . . : 24.xxx.xxx.xx
Subnet Mask . . . . . . . . . . . . . . . . . . . .: 255.255.240.0
Default Gateway . . . . . . . . . . . . . . . . . : 24.xxx.xxx.x
DHCP Server . . . . . . . . . . . . . . . . . . . .: 24.xx.xxx.xx
DNS Servers . . . . . . . . . . . . . . . . . . . . : 24.xx.xxx.xxx
24.xx.xxx.xx
24.xx.xxx.xxx
Lease Obtained. . . . . . . . . . . . . . . . . . .:Monday, January 20, 2003 4:44:08 PM
Lease Expires . . . . . . . . . . . . . . . . . . . .:Tuesday, January 21, 2003 3:43:16 AM
This is all the information you will need for now, I suggest you either keep your dos/command prompt window open or copy & paste the information somewhere, to copy right click the window and select text and click once.
III. Changing your IP Address
To change your IP address first pick any IP you like out of your IP range and remember it or write it down. It is usualy a good idea to make sure the IP is dead (except for what we are going to do later on) so just ping it via "ping x.x.x.x" and if it times out then you can use it. Now go to My Computer, then Control Panel. In Control Panel select Network Connections and pick your active connection, probably Local Area Connection or your ISP name. Open that connection by double clicking on the icon in Network Connections, then select Properties under the General Tab. In the new window that pops up select Internet Protocol (TCP/IP) and click properties, it's under the general tab. In this new window select the General tab and choose "Use the following IP address" and for the IP address enter the IP you would like to use (the one you picked from your subnet earlier) and for the Subnet Mask enter the subnet mask you got when your ran ipconfig /all, same goes for the Default Gateway. Now select "Use the following DNS server addresses" and enter the information you got earlier. Now just click OK. Test that it worked, try to refresh a website and if it works you know everything is okay and you are connected. To make sure the change worked type ipconfig again and the IP address should have changed to your new one.
IV. DDoS & DoS Protection
If your firewall shows that you are being DDoSed, this is usually when you are constantly getting attempted UDP connections several times a second from either the same IP address or multiple IP addresses (DDoS), you can protect your self by changing your IP address via the method I described above.
V. Web servers & Other Services
If you know someone on your IP range is running a web server and he or she has pissed you off or you just like messing around you can "steal" their IP address so any DNS going to that IP will show your site instead because you would be running a web server yourself.
To "steal" an IP is to basically use the changing IP address method above and picking an IP that someone that is running a web server has in use. Often you will be able to keep that IP at least for some time, other times you wont be able to use it so just keep trying until it works. You your self will need to have a web server on the same port with your message. You can do this with other services too. You can also DoS or DDoS the IP address you are trying to steal to kick him off the net, but I don't recommend as its pretty illegal, an your ISP will get pissed ;)
1. Getting your IP range - Getting information about your IP range is not difficult, I recommend using Neo Trace on your own IP. But for my test just look at your IP address, say it's 24.193.110.13 you can definitely use the IP's found between 24.193.110.1 < [new IP] < 24.193.110.255, don't use x.x.x.1 or x.x.x.255. To find your IP simply open a dos/command prompt window and type ipconfig at the prompt, look for "IP Address. . . . . . . . . . . . : x.x.x.x".
2. Subnet Mask, Default Gateway, DHCP Server - These are very easy to find, just open a dos/command prompt window and type 'ipconfig /all' without the ' '. You should see something like this:
Windows IP Configuration:
Host Name . . . . . . . . . . . . . . : My Computer Name Here
Primary Dns Suffix . . . . . . . . . :
Node Type . . . . . . . . . . . . . . .: Unknown
IP Routing Enabled. . . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . . . . . . .: xxxx.xx.x
Description . . . . . . . . . . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter (NGRPCI)
Physical Address. . . . . . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . . . . . . : Yes
IP Address. . . . . . . . . . . . . . . . . . . . . : 24.xxx.xxx.xx
Subnet Mask . . . . . . . . . . . . . . . . . . . .: 255.255.240.0
Default Gateway . . . . . . . . . . . . . . . . . : 24.xxx.xxx.x
DHCP Server . . . . . . . . . . . . . . . . . . . .: 24.xx.xxx.xx
DNS Servers . . . . . . . . . . . . . . . . . . . . : 24.xx.xxx.xxx
24.xx.xxx.xx
24.xx.xxx.xxx
Lease Obtained. . . . . . . . . . . . . . . . . . .:Monday, January 20, 2003 4:44:08 PM
Lease Expires . . . . . . . . . . . . . . . . . . . .:Tuesday, January 21, 2003 3:43:16 AM
This is all the information you will need for now, I suggest you either keep your dos/command prompt window open or copy & paste the information somewhere, to copy right click the window and select text and click once.
III. Changing your IP Address
To change your IP address first pick any IP you like out of your IP range and remember it or write it down. It is usualy a good idea to make sure the IP is dead (except for what we are going to do later on) so just ping it via "ping x.x.x.x" and if it times out then you can use it. Now go to My Computer, then Control Panel. In Control Panel select Network Connections and pick your active connection, probably Local Area Connection or your ISP name. Open that connection by double clicking on the icon in Network Connections, then select Properties under the General Tab. In the new window that pops up select Internet Protocol (TCP/IP) and click properties, it's under the general tab. In this new window select the General tab and choose "Use the following IP address" and for the IP address enter the IP you would like to use (the one you picked from your subnet earlier) and for the Subnet Mask enter the subnet mask you got when your ran ipconfig /all, same goes for the Default Gateway. Now select "Use the following DNS server addresses" and enter the information you got earlier. Now just click OK. Test that it worked, try to refresh a website and if it works you know everything is okay and you are connected. To make sure the change worked type ipconfig again and the IP address should have changed to your new one.
IV. DDoS & DoS Protection
If your firewall shows that you are being DDoSed, this is usually when you are constantly getting attempted UDP connections several times a second from either the same IP address or multiple IP addresses (DDoS), you can protect your self by changing your IP address via the method I described above.
V. Web servers & Other Services
If you know someone on your IP range is running a web server and he or she has pissed you off or you just like messing around you can "steal" their IP address so any DNS going to that IP will show your site instead because you would be running a web server yourself.
To "steal" an IP is to basically use the changing IP address method above and picking an IP that someone that is running a web server has in use. Often you will be able to keep that IP at least for some time, other times you wont be able to use it so just keep trying until it works. You your self will need to have a web server on the same port with your message. You can do this with other services too. You can also DoS or DDoS the IP address you are trying to steal to kick him off the net, but I don't recommend as its pretty illegal, an your ISP will get pissed ;)
Firefox Speed Tweaks
Yes, firefox is already pretty damn fast but did you know that you can tweak it and improve the speed even more?
That's the beauty of this program being open source.
Here's what you do:
In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.
Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.
Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.
Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300
One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.
Now you should notice you’re loading pages MUCH faster now!
That's the beauty of this program being open source.
Here's what you do:
In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.
Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.
Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.
Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300
One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.
Now you should notice you’re loading pages MUCH faster now!
Create One-Click Shutdown and Reboot Shortcuts
Create One-Click Shutdown and Reboot Shortcuts:
First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.
But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:
shutdown -r -t 01 -c "Rebooting your PC"
Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message "Rebooting your PC." The shutdown command includes a variety of switches you can use to customize it. Table 1-3 lists all of them and describes their use.
I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:
shutdown -s -t 03 -c "Bye Bye m8!"
shutdown -r -t 03 -c "Ill be back m8 ;)!"
Switch
What it does
-s
Shuts down the PC.
-l
Logs off the current user.
-t nn
Indicates the duration of delay, in seconds, before performing the action.
-c "messagetext"
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.
-f
Forces any running applications to shut down.
-r
Reboots the PC.
First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.
But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:
shutdown -r -t 01 -c "Rebooting your PC"
Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message "Rebooting your PC." The shutdown command includes a variety of switches you can use to customize it. Table 1-3 lists all of them and describes their use.
I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:
shutdown -s -t 03 -c "Bye Bye m8!"
shutdown -r -t 03 -c "Ill be back m8 ;)!"
Switch
What it does
-s
Shuts down the PC.
-l
Logs off the current user.
-t nn
Indicates the duration of delay, in seconds, before performing the action.
-c "messagetext"
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.
-f
Forces any running applications to shut down.
-r
Reboots the PC.
Create A Personal Screen Saver In Win Xp
This isnt a tweak, but a great little feature! For a great way to put your digital photos to work, try creating a slide show presentation for use as a screen saver. Here's how:
1. Right-click an empty spot on your desktop and then click Properties.
2. Click the Screen Saver tab.
3. In the Screen saver list, click My Pictures Slideshow.
4. Click Settings to make any adjustments, such as how often the pictures should change, what size they should be, and whether you'll use transition effects between pictures, and then click OK.
Now your screen saver is a random display of the pictures taken from your My Pictures folder.
1. Right-click an empty spot on your desktop and then click Properties.
2. Click the Screen Saver tab.
3. In the Screen saver list, click My Pictures Slideshow.
4. Click Settings to make any adjustments, such as how often the pictures should change, what size they should be, and whether you'll use transition effects between pictures, and then click OK.
Now your screen saver is a random display of the pictures taken from your My Pictures folder.
Cracking Zip Password Files
Cracking Zip Password Files
Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".
We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.
Well, it looks like I covered most of what you need to know. I certainly hope it helped you... don't forget to read the files that come with the program
Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".
We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.
Well, it looks like I covered most of what you need to know. I certainly hope it helped you... don't forget to read the files that come with the program
Subscribe to:
Posts (Atom)