Hacking Safe with Thermal camera

This inexplicably brief "research" paper presents an interesting physical world attack that may be easily deployed by a determined attacker to compromise many high-security access control systems in use today. Although this paper's findings are hardly groundbreaking (and in some ways, are downright obvious), it includes some cool pictures of what should be most certainly taken into account in risk management, secure zone planning, and when drafting operating procedures for high-risk areas. But most of all, I just wanted to share ;-)

In short, virtually all keypad entry systems - as used in various applications, including building access control, alarm system control, electronic lock safes, ATM input, etc - are susceptible to a trivial low-profile passphrase snooping scheme. This attack enables the attacker to quickly and unobtrusively recover previously entered passphrases with a high degree of success. This is in contrast to previously documented methods of keypad snooping; these methods were in general either highly intrusive - required close presence or installation of specialized hardware - or difficult to carry out and not very reliable (e.g., examining deposited fingerprints - works in low-use situations only, and does not reveal the ordering of digits).

The attacker can perform the aforementioned attack by deploying an uncooled microbolometer thermal imaging (far infrared) camera within up to approximately five to ten minutes after valid keycode entry. Although this may sound outlandish, the heat transferred during split-second contact of individual keys with human body (even through, for example, gloves) is significant enough and dissipates slowly enough to make this possible after the area has been cleared of all personnel.

Furthermore, since the image can be acquired from a considerable distance (1-10 meters is easy to achieve), the attacker can afford to maintain a remarkably low profile through the process.

To put things in perspective, portable (handheld) thermal imaging devices, such as the one pictured above, are commercially available without major restrictions from manufacturers such as Flir or Fluke. Prices begin at $5,000 to $10,000 for brand new units, and top-of-the-line models boast a 0.05 K thermal resolution at impressively low sensor noise levels. The "return on investment" can be quite high in most illicit uses, and indeed - historically, ATM phishers were known to be willing to spend money on specialized equipment such as custom assemblies that included high-end digital cameras with wireless access. As such, the scheme is not as outlandish as it might have seemed.

The following sequence of images demonstrates the feasibility of the attack; in this case, the target is LA GARD ComboGard 3035 electronic lock (with rubber keys) installed on an industrial-grade safe:

 

Keypad in idle state - in visible light (left) and in thermal imaging (right). Minimal ambient temperature variations are present due to different thermal characteristics of materials used in the safe.

 

A sequence of keys is being pressed (1-5-9). The difference in colors on the right is due to IR camera automatically adjusting to relatively high temperature of human body, to avoid overexposure and blooming.

Code entry complete. All pressed keys are still clearly readable in this thermogram; the sequence of digits can be infered from the relative temperature of these spots - ones with lower registered temperature (more faint color) were pressed earlier than others.

There are some real-world considerations, of course: reuse of digits in a code, very rapid code entry, vastly differing keypress times, and other code entry quirks (say, victim's habit of resting his palm on the keypad) may render the attack less successful, and may make results more ambiguous. That said, it's still nifty, and apparently not limited to bad science-fiction or computer games; civilian access to sufficiently advanced technology is possible. All in all, many airports, numerous bank branches, and various other entities, might want to reconsider the effectiveness of their defenses.

A proper defense against such techniques would be not to rely on keypad-only access control in easily accessible areas, unless additional advanced countermeasures can be implemented (well-implemented scrambling keypads originally intended to thwart fingerprint or key wear analysis, for example). Smart-card, biometric, or plain old key-based protection can be added to reduce exposure.

Side thought: in terms of safe cracking, another interesting area of research is differential power analysis (DPA) of electronic locks. High-security locks on small- and medium-size safes usually have external connectors that can be used to supply emergency battery power to the device; these usually directly connect to the same route that is used to supply primary power, and as such can be used to measure power consumption characteristics and/or capture CPU-generated feedback noise, and possibly to differentiate between valid and invalid keycodes as digits are entered. If you happen to have a good 'scope lying around, give it a try.

Oh - wanna buy a brick?

Build Your own SSL server

Pasword protected folder!!!!

Do you want to password protect your folder? Do you want to make it invisible so that it remains unnoticed by the normal users? Well here is a way to do that. In this post I will show you how to make a password protected folder in Windows without using any additional software. Here is is step by step procedure to create a password protected folder. 

 

How to create a Password Protected Folder?

 

Step-1: Create a new folder (Right-click -> New -> Folder) and give it any name of your choice. For instance I name it as ABC.

Hack a computer's admin password!!!

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

• You do not need to know the old password to set a new one
• Will detect and offer to unlock locked or disabled out user accounts!
• There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

 

Create your own run commands!!!!

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer. 

CREATING THE CUSTOMIZED RUN COMMAND

 

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

Hacking a pc Just with IP

The article will illustrate about the hacking of a remote computer’s hard disk drive. I will only show how to hack a remote computer, but it will be only for educational purposes. Don’t misuse. 

As already described, the net bios hacking is an easiest way to gain access over a remote computer’s 

hard disk. If the technique is successful then we can see as well as edit the data in a remote computer. So,lets start:

1. Open command prompt by typing “cmd” in the “run bar” and then hit “enter”. Type without quotes

2. The second point is to obtain an ip address. There are various ways to find out an ip address. My friends can use this software. Download the software Click Here. 
      For How to use software see my post click here

3. After You have selected a live ip, type “net view” command in c prompt and hit Enter.

4. Wait for some time and in the “cmd” window a message like this will get displayed viz., “The Command was completed successfully”.

5. Now You will have to type the remote computer’s ip address in the following manner:

C:\> net view \\198.162.1.3

and then have to hit enter. Note : in place of 198.162.1.3 You will have to type the remote computer’s ip address. If you succeed in this step, You will find the Hard disk drives and printers which will get displayed in the window.

6. After the successful attempt, use the “net view” command in the same window. Net view is a bios command by which we can view the content of the remote computer and its installed printers. This can be further explained with the following example:

i) C:\> net use G: \\198.162.1.3\L

ii) C:\> net use H: \\198.162.1.3\My shared docs

Point to be noticed is that if G and H are the network drive names which we have to create on our computer so as we can gain access over the remote computer.

Apart from this if your hard disk is divided into 3 drives say “C”, D and E, The remaining A will belong to Floppy drive and F as CD-ROM, you will have to give L as your shared drive in CMD as explained in the above example.

7. If u use the commands and it got successful, your computer will display in the cmd window like this viz, “The Command Completed Successfully”. Almost all the work has been done now.

8. Click on “My Computer” now and on opening this you will notice new “ Hard disk Drive” which is shared. Now you can access the victims computer. If the write access is enabled on victims machine, then you can edit, copy, paste, steal anything what ever you want.

[If the firewall is enabled on the remote computer, You will not then be able to gain access through Net Bios as an error message will be displayed.]

So enjoy it but within limits.

I would like to hear from You how was the article, if u enjoyed share through comments.

Hack an adsl router

Dear friends, today I will show you how to hack ADSL router of others. An ADSL router is also known as a DSL modem. The router is used to connect the computer to the DSL phone line forusing the ADSL service. In a layman's language we simply refer it as modem. In our Kashmir, usually ZTE modems are being used by most of the internet users. Almost 90 percent of users don't know about the Vulnerability of their ADSL modems which can

easily be exploited by hackers.

An ADSL router comes with a username and a password by default by its manufacturer. This default username and password is a major threat to almost all of the internet users. Let us start with the procedure of  HACKING OTHER"S DSL MODEM. shall we start:p

1. The first step involved is to see your ip address. As I have already described it, u can go to any of this type of website e.g, www.whatismyipaddress.com or simply the widget on left of the page entitled "Your Details" will display your ip address.

2. Second important step is to download ip scanner, Download it from here.

3. How to use ip scanner. this is very simple;

• After You get your ip address,let me start by using my own ip address i.e, 111.68.103.62
• When you open ip scanner, you will jave to type the ip address range in the following manner ie,   

               111.68.102.62  to 111.68.103.69

  thus you will scan different ip addresses to see which of them are alive and which are dead.

  After u click scan, a list of ip addresses will be displayed, like in figure

  
  
  • 
    
    
    
    

    Note the ip addresses with blue button are alive and the others displayed are dead.

     

    Type one of the alive ip address in your internet browser's address bar and hit enter.

    3. You will be asked for a username and a password. Type "admin" as username and "password" as password and login.

    After you login, now you are in the victim's ADSL router, You can edit configurations there and he will not be able to use internet.

     

     

    Hope U have enjoyed the article....

Learn More about SSL

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using httpsprotocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words, a HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is a Secure Communication?

Suppose there exists two communicating parties: Say A (client) and B (server).

Working of HTTP:

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But, imagine a situation where Asends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can easily obtain the PASSWORDS, since they remain unencrypted. This scenario is illustrated using the following diagram:

Now lets see the working of HTTPS:

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B‘s side. So, even if the Hacker manages to gain an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below:

How is HTTPS implemented?

HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the site visitors to trust it. It has the following uses:

1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate contains unique and authenticated information about the certificate owner.
3. A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So, during a secure communication, the browser encrypts the message using the public key and sends it to the server. This message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection?

In the Internet Explorer and most other browser programs like Firefox or Google Chrome, you will see a lock icon  in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So, the bottom line is, whenever you perform an online transaction such asCredit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations. Otherwise there are chances of a Phishing attack using a fake login page.

I Hope you like the information presented in this article. Please pass your comments.

Dos attack Glossary

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

What is a Denial Of Service Attack?