Ophcrack is a Microsoft Windows password cracker. It’s uses Rainbow table to crack the passwords, while still be able to use brute-force to do the job. Ophcrack can recover password from all version of Windows.
For this example, we’ll be using Ophcrack Live CD which already has all the software and required packages installed and can do the password cracking automatically.
To recover your Windows passwords, follow the following steps.
Programs compiled for Linux normally use shared libraries rather than being statically linked. The advantage to this is that it’ll save disk spaces as programs don’t need to include libraries in their package. The disadvantage to this is that a program compiled for one system, might not work on another system (distribution) as libraries might not be identically configured on different systems.
The program ldd can be used to display shared libraries used by a program, along with the path of where the library is expected to be found in the filesystem.
The following example shows dependencies of the program bash in a 64 bit machine:
$ ldd /bin/bash
linux-vdso.so.1 => (0x00007fff8a372000)
libncurses.so.5 => /lib/libncurses.so.5 (0x00007fa53a974000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fa53a770000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa53a3db000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa53abe2000)
To display more information and to not need to type the program’s full path, run the command as the following.
$ ldd -v `which bash`
linux-vdso.so.1 => (0x00007fff855ff000)
libncurses.so.5 => /lib/libncurses.so.5 (0x00007f0cc4c11000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0cc4a0d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0cc4678000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0cc4e7f000)
Version information:
/bin/bash:
libdl.so.2 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libdl.so.2
libc.so.6 (GLIBC_2.4) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.8) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.3) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.11) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.3.4) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
/lib/libncurses.so.5:
libdl.so.2 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libdl.so.2
libc.so.6 (GLIBC_2.4) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.3) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.3.4) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
/lib/x86_64-linux-gnu/libdl.so.2:
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
libc.so.6 (GLIBC_PRIVATE) => /lib/x86_64-linux-gnu/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6
/lib/x86_64-linux-gnu/libc.so.6:
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_2.3) => /lib64/ld-linux-x86-64.so.2
tar.bz2 is a file format for bzip2-compressed tar archive. tar.bz2 files are normally small in size but require more CPU power to compress and extract as compared to tar.gz files.
To view the content of a tar.bz2 file without uncompressing, use tar with the tf options as follows;
$ tar tf filename.tar.bz2
The command will produce a list of files contained in the archive. Use less if the list is too long;
$ tar tf filename.tar.bz2 | less
To view processes owned by the user shakir, simply issue the following command at the command line;
$ ps U shakir
You should get something like the following as output;
PID TTY STAT TIME COMMAND 1504 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login 1522 ? Ssl 0:02 gnome-session 1556 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session gnome-session 1559 ? S 0:00 /usr/bin/dbus-launch --exit-with-session gnome-session 1560 ? Ss 0:04 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session 1563 ? S 0:03 /usr/lib/libgconf2-4/gconfd-2 1570 ? Ssl 0:09 /usr/lib/gnome-settings-daemon/gnome-settings-daemon 1572 ? S 0:00 /usr/lib/gvfs/gvfsd ...... ...... ......
The easiest way to shutdown a Windows machine from Linux is by using Samba’s net command. The following command will send an RPC call to the Windows machine, telling it to shutdown;
$ net rpc SHUTDOWN -C "Comment here" -f -I xxx.xxx.xxx.xxx -U username%password
If successful, we’ll be presented with the following mesage;
Shutdown of remote machine succeeded
Change “Comment here” with whatever shutdown comment that you would like for the shutdown, and replace xxx.xxx.xxx.xxx with the IP address of the Windows machine that we are to shutdown. A valid username and password also need to be supplied as a parameter to the the -U switch.
For this command to be successful, the user we use must have shutdown privilege on the windows machine. The Windows machine also need to have RPC enabled, and no firewall is blocking port 135 as the port used by RPC. The net command itself however is only available if Samba is installed.
From the man page, axel is a program that downloads a file from a FTP or HTTP server through multiple connection, each connection downloads its own part of the file.
Unlike most other programs, Axel downloads all the data directly to the destination file, using one single thread. It just saves some time at the end because the program doesn’t have to concatenate all the downloaded parts.
The following is an example of using axel to download a Linux kernel;
$ axel http://www.kernel.org/pub/linux/kernel/v2.2/linux-2.2.26.tar.bz2 Initializing download: http://www.kernel.org/pub/linux/kernel/v2.2/linux-2.2.26.tar.bz2 File size: 15754692 bytes Opening output file linux-2.2.26.tar.bz2 State file found: 140628 bytes downloaded, 15614064 to go. Starting download [ 1%] [0 1 2 3 ] [ 17.3KB/s] [14:38]
It accept the following options;
--max-speed=x -s x Specify maximum speed (bytes per second) --num-connections=x -n x Specify maximum number of connections --output=f -o f Specify local output file --search[=x] -S [x] Search for mirrors and download from x servers --no-proxy -N Just don't use any proxy server --quiet -q Leave stdout alone --verbose -v More status information --alternate -a Alternate progress indicator
A network switch doesn’t foward packets to everyone in the network the same way as a network hub do, and so theoretically a person in the network cannot look at other person’s traffic. There are ways however to get through this problem, which is by performing arp spoofing.
tar.bz2 is normally the default extension for bzip2-compressed tar archive. bzip2 compression produces smaller files but requires higher CPU power to compress and extract compared to most other compression algorithms.
You can extract tar.bz2 files using tar command which is included by default in all major Linux distribtions.;
The following example will extract the file to your current directory;
tar xf /path/to/filename.tar.bz2
To extract the file to other directory, use the -C option as the following;
tar xjf /path/to/filename.tar.bz2 -C /path/to/target