Skip to main content

Cracking files



Most password‐protected files can be cracked in seconds or minutes. You can demonstrate this “wow factor” security vulnerability to users and management. Here’s a hypothetical scenario that could occur in the real world:

1.  Your CFO wants to send some confidential financial information in an Excel spreadsheet to a company board member.

2.  She protects the spreadsheet by assigning it a password during the   file‐save process in Excel.

3.  For good measure, she uses WinZip to compress the file and adds another password to make it  really  secure.

4.  The CFO sends the spreadsheet as an e‐mail attachment, assuming that the e‐mail will reach its destination.
 The financial advisor’s network has content filtering, which monitors incoming e‐mails for keywords and file attachments. Unfortunately, the financial advisory firm’s network administrator is looking in the contentfiltering system to see what’s coming in.

5.  This rogue network administrator finds the e‐mail with the confidential attachment, saves the attachment, and realizes that it’s password protected.

6.  The network administrator remembers a great password‐cracking tool available from ElcomSoft called Advanced Archive Password Recovery (www.elcomsoft.com/archpr.html) that can help him out so he proceeds to use it to crack the password.

Cracking password‐protected files is as simple as that! Now all that the rogue network administrator must do is forward the confidential spreadsheet to his buddies or to the company’s competitors.

If you carefully select the right options in Advanced Archive Password Recovery, you can drastically shorten your testing time. For example, if you know that a password is not over five characters long or is lowercase letters only, you can cut the cracking time in half.

I recommend performing these file‐password‐cracking tests on files that you capture with a content filtering or network analysis tool. This is a good way to determine whether your users are adhering to policy and using adequate passwords to protect sensitive information they’re sending.

Countermeasures
The best defense against weak file password protection is to require your users to use a stronger form of file protection, such as PGP, or the AES encryption that’s built in to WinZip, when necessary. Ideally, you don’t want to rely on users to make decisions about what they should use to secure sensitive information, but it’s better than nothing. Stress that a file encryption mechanism, such as a password‐protected Zip file, is secure only if users keep their passwords confidential and never transmit or store them in unsecure cleartext (such as in a separate e‐mail).


If you’re concerned about unsecure transmissions through e‐mail, consider using a content‐filtering system or a data loss–prevention system to block all outbound e‐mail attachments that aren’t protected on your e‐mail server.


NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Comments

Popular posts from this blog

Social Engineering Toolkit (SET)

Social Engineering Toolkit  (SET) is an advanced,  multifunctional, and easy-to-use computer-assisted social engineering toolset, created by the founders of  TrustedSec (https://www.trustedsec.com/). It helps you prepare the most effective way to exploit client-side application vulnerabilities and makes a fascinating attempt to capture the target's confidential information (for example, e-mail passwords). Some of the most efficient and useful attack methods employed by SET include targeted phishing e-mails with a malicious file attachment, Java applet attacks, browser-based exploitation, gathering website credentials, creating infectious portable media (USB/ DVD/CD), mass-mailer attacks, and other similar multiattack web vectors. This combination of attack methods provides you with a powerful platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.

 To start SET, navigate to  Applications  |  Kali Linux  |  Expl…

Cracking Wifi Using :Fern(GUI)

Fern(GUI)

As a part of Kali linux , fern can be directly used from kali linux , i would be recommending the use of kali because while using other linux environments it could be a trouble because while using fern it automatically detects the path of aircrack-ng and python installed , while in other environments it is needed to set it manually...so follow the following steps :-->

1.) Download kali linux iso and make a bootable pendrive .....if you dont know how to make bootable pendrive  then follow the steps given in blog of trinity rescue kit

Kali linux iso (amd64) recommended -->here
Link to trinity rescue kit blog --> here


 2.)Open Kali linux Goto Applications-->Wireless Attack--> Fern

3.)Select Interface card wlan0

4.)Double click any where in GUI

5.)Select enable x-terms ...so that you can view that happening ...while through a automated program...

6.)Click on select network

7.)Choose the type of network that is WEP/WPA

8.)I would recommend to add dictonary file .…

Deep Web - Part 1

What is deep web ?

Deep web Aka Invisible web Aka Hidden web are parts of the world wide web whose contents are not indexed by standard search engines.
LEVELS OF WORLD WIDE WEB :
SURFACE WEBBERGIE WEBDEEP WEBCHARTER WEBMARIANAS WEB SURFACE WEB :
The surface web also known as Visible web , Clearnet , Indexed web or Lightnet is that portion of the world wide web that is readily available to the general public and searchable with standard web search engines. Level of web where vast majority of internet users are connected to and which is accessible in any nation that does not block internet access.E.g: Social media sites like Facebook, informational websites like Wikipedia, general websites, etc

BERGIE WEB :

It is the part of world wide web that is not indexed by search-engines,which is directly accessible and no proxy required. E.g: Google locked results, recently web crawled old content, pirated media, pornography etc
DEEP WEB:
Deep web Aka Invisible web Aka Hidden web are parts of the wo…