Snoopy Drones Can Hack Your Smartphones .

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones.

London-based Sensepoint security researchers have developed a drone called 'Snoopy' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported.

The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections.

Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use 'Wireless Evil Twin Attack' to hack Smartphones.

Once connected, Snoopy Drone can access your WiFi enabled Smartphones, allowing the attacker to remotely capture login credentials, personal data, and more.

Snoopy is self-powered and extremely mobile and researchers have successfully stolen Amazon, PayPal, and Yahoo credentials while testing it out in the skies of London.


The collection of metadata, including Wireless Network Names and Device IDs is not illegal, but intercepting personal data would likely violate wiretapping and identity theft laws.

If the technology got in the hands of criminals, there are all kinds of things they could do. Researchers said they have no malicious intent in developing Snoopy Drone, they are demonstrating the technology to highlight how vulnerable Smartphone users can be.

WiFi hacking is very simple to execute and are becoming far more common these days. If you are concerned about such attacks, just turn off that automatic WiFi network-finding feature.

Hack ATM Machines With Just An SMS .

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE

Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

"What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time." researchers said.

HARDWIRED Malware for ATMs

According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.

"Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely."

HOW-TO HACK ATMs

• Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
• The attacker sends two SMS messages to the mobile phone inside the ATM.
• SMS 1 contains a valid activation ID to activate the malware
• SMS 2 contains a valid dispense command to get the money out
• Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
• Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
• Amount for Cash withdrawal is pre-configured inside the malware
• Finally, the hacker can collect cash from the hacked ATM machine.

Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.

This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.

Hacking Someone's Facebook Password Using Some Software Or Website? No Sir You Can't!

Do you know there are over thousands of websites and software that claim to hack Facebook password of any account? They'd ask you the victim's profile ID, maybe your credentials and some money too and will reportedly tell you the password which, to be honest, never works. Ever wonder why? Let me tell you why, they're FAKE! They're a scam which tricks you somehow in losing your money or your own Facebook account. Just give it a thought, why would Zuckerberg and his team spend Billions of Dollars on Facebook if one could hack it in less than a minute? Today, we'll take a look at this topic in detail with some example websites and software and get answers to some common related questions.

Back in 2005, I came across a mechanism that reportedly hacked Yahoo mail password for a user using some simple tricks. It didn't work for me for obvious reasons but I didn't stop believing the possibility until I grew up to realize how helpless I am here. One of the major concerns of large organizations like Facebook and Yahoo is security because of the super sensitive information about people they have. Several hundred million dollars are spend yearly by these organizations to ensure security and then there's these websites that claim to undo all that protection in less than a minute.

The Facebook password cracking Websites and Software

Let's start with some examples here. I googled the subject and picked the top results without order. Didn't care to search harder because there are thousands such and I know that all are FAKE.

So let's look at this GETFBHACK.com.

Their FREE Facebook hacker program is said to be capable of cracking the password of any Facebook user within a day. Sounds cool, I could try it out, but my Norton Antivirus rejected the file straight away.

I also picked up another one. This Hack-Fbook-Password asks me to enter the profile ID of a user and it will crack the password. I said Okay and began the process.

It ran certain algorithms to determine the password and finally landed me on a page that said I could DOWNLOAD the password IF I fill an online survey first. Those of you who've been redirected to surveys would know they don't work and are put just so to get traffic and earn money.

I said maybe I should leave the website now but hey, they gave me a prize!

So I just became the luckiest person in my city just like that!

Now tell me, how can a sane person believe in all this?

The truth!

Let me get this straight to you, these websites do nothing at all just waste your time and are never able to do the job. In fact, downloaded programs just make the situation worse when you run them. I had my Norton Antivirus to guard me otherwise I could be in severe danger currently.

These software are mostly keyloggers and tracking programs that record your keystrokes and action and steal personal information from your computer in the background and send it to their master servers. So ultimately a hacker wannabe gets hacked, how ironic!

From now on in the post, I'll be using the word 'Hacker' for these websites and software since you're no more in the position to be called that.

Why do these 'Hackers' do all that?

Setting up websites, maintaining them and developing software is not an easy task. It requires some money. So why do these 'hackers' do all the hassle? It's because they get equivalent or more money in return. They can extract your credit card details and other banking info from your system and use it for their advantage. They can hack your account and use it for wrong purposes. Give me one reason why one wouldn't steal money and hack accounts for no loss.

Why people fall in their webs?

Why do people try to use such unreal hacking procedures? It's because it's unreal to me, it's unreal to you but not to those who are not much familiar with the working of a software. They get in the web of these hackers and eventually get screwed up pretty bad without consent.

The websites give guarantees and also portray their 'imaginary' happy customers so as to trick a reader. Such tactics are simple but really powerful and serves to their advantage in most cases. This is also why there are thousands of such websites available.

So is Facebook account an 'unbreakable fortress'?

Well, NO. Facebook accounts can be hacked. No online service is foolproof and that is because of the flaws and bugs in their software. There are several ACTUAL hackers in the world who can analyse a website's security and use that against it thus making hacking a reality.

But I'm 100% sure none of them uses these scam and fake websites that claim to do the impossible. You can check out our hacking section to know more.

I'll end the 'lesson' with an idiom, "look before you leap". Focus, think and then follow. In case of any queries or confusions head over to the comments section. Cheers :)

Access Your Facebook Account with 3 Passwords .

Yes, You can access your Facebook account with 3 different passwords . I was surporised when i read this message posted by one of my friend in Facebook. So , immediately, i tested whether it is true one or not. Yes, it is working.

Facebook allows the following variation of your passwords:

1. Your Original Password:
Let us assume that you are using "breakTheSecurity" as password.  Yeah, you can log in with your default password ;)

2. Your original password with the case reversed(Toggle case):
This one will be interesting one.  You can toggle the case of your Password and use it.

For instance, your are using "breakTheSecurity" as your default password. In this password, 'T' and 'S' is Capitalized.

if you toggle the password case, then your password will become "BREAKtHEsECURITY".

3. Your original password with the first letter capitalized:

If the first character of your password is in lower case and you change it to Upper case, you can still login with this one.

For instance, the original password is "breakTheSecurity" .  In this password, the first character 'b' is in lower case.  If you capitalize the first character, then your password is "BreakTheSecurity".

The reason for 3 Passswords for your facebook account
It is not security flaw.  It is just feature provided by Facebook.

"We accept three forms of the user's password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password" Zdnet quoted as Facebook spokesperson saying. " we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password."

Three different Usernames:

1.  You can use your Facebook 'Username' as user name(if you have created)

2.  You can use your email address

3.  You can use use your mobile number ( if you have added your mobile number in Fb).

Yeah, i know this is one of the old one. Now only i come to know about this and like to share with BTS readers. Hope you enjoyed this article..!

17 Actions for Staying Anonymous on the Internet .

Prerequisites:

• Physical: Laptop, debian or other Linux install file
• Software: gcc, g++, make, libncurses5-dev, patch, srm, tor, proxychains, ssh, pidgin, pidgin-otr, wpa_supplicant, mac-address-changer

Here, we will discuss a great number of things you can do to keep yourself as anonymous as possible. I would recommend doing these actions if you intend to keep everyone off your heals, including Big Business, Government, and otherwise. I will agree that this setup is not ideal for day to day regular computer usage, but you may want to accomplish these tasks on a PC you use to do your covert tasks.

Note:

You may be able to accomplish some of this on an apple computer running OSX as well, however I have not tested hard disk encryption & you may still be vulnerable to any new safari vulns that come out; but you should be “mostly” safe provided you do a few things covered in an upcoming tutorial next month.

1. Do not use an SSD, use a normal drive, look at raptors if you need speed
2. use/install debian, or a derivative.
3. When installing, choose to use encrypted LVM (for hard disk encryption), you will have to google the setup if you are not familiar with it, it is often used with RAID, but that is just one option. You can certainly do it with a standalone disk
4. Do not install any un-needed software or services (such as a gui) unless you absolutely have to, and in such situations, go for the most minimal install. Examples of lightweight gui’s: xfce, fluxbox, enlightenment 
5. If you can, build a custom kernal that only has the modules you need for your system. Use a custom kernel to keep your box secure (don’t forget to turn on grsec after installing).
6. Make sure your system is secure & has no services turned on or accessible from the outside.
7. Use TOR, you can view some examples here but because the tutorial was written for a different linux distro you may have to do some googling or ask questions here to avoid the dns caching issue.
8. Route connections and traffic through tor or other servers using ssh or proxychains, or your favorite software for doing so.
9. Preferably, use open access wifi networks to hide tracks (if you are worried about developing a pattern you need to have a script which will change your laptops mac address & hostname each bootup) ***hint*** the farther you can be from the wifi access points (bigger antenna) the better.
10. Only talk online using encrypted forms of communication such as: pidgin+OTR or apple’s adium which has encryption builtin.
11. Use IPtables for blocking questionable IP addresses/IP ranges that you don’t want hitting/talking to your box.
12. Use an encrypted email service such as hushmail, but definitely not yahoo or msn.
13. Use pgp.
14. If you don’t like using lynx as a web browser and have to install a gui & decide to install mozilla or something as a browser, you should use something that blocks bad scripts such as noscript. Granted if you are worried about anonymity you shouldn’t also be worried about seeing the latest youtube video & shouldn’t have things like java installed, but noscript will help to block some of the adware. While the majority of the ads & malicious code is written for windows, it should help keep your box safer.
15. Do not use the same alias for everything! Use different aliases for different things such as email, instant messaging, irc, etc… & do not tie them together by listing them as info for each other. (You may end up having a ton of accounts to keep things separate, but it’s the best way)
16. You may also want to look into removing yourself from various websites to include background information sites. We have talked about this in different forums & here are some links to help:
    Removal Link #1
    Removal Link #2
17. Should you for any reason ever need to destroy anything, linux’s SRM is the preferred method, as well as dban, both of those provide good software deletion capabilities but can take a while. Physical destruction of the ram first then the hard drive is an option too.

So, there it is folks… Just a thrown together list. Please add additional comments below to help others with methods and actions that I have not mentioned. Stay tuned in the future for more about anonymity.

How to Hack: Disable Antivirus on a Remote Computer .

If you have been following the site, you know that I have highlighted a number of ways to gain access to a remote computer with rootkits and listeners, buffer overflows of the operating system, getting the victim to click on a link to our malicious website, and sending a malicious Microsoft Office and Adobe Acrobat file.

In each case, we’ve embedded a listener/rootkit that gives us control over the system. Metasploit has a powerful listener called Meterpreter that enables us to control the system, send more commands, pivot from the victim to other systems, elevate our privileges, and many other things.
Today, we will focus on how to use the Meterpreter to disable the antivirus protection on the victim system, which is more advanced than simply bypassing the antivirus program, as I wrote about last time.
Disabling is necessary because the next time the system is scanned by the victim’s antivirus software, it’s likely to detect our listener and disable it. We need to take preemptive action to disable it before it can disable us.

So…fire up Metasploit and let’s get cracka-lacka-hacking!

Step 1: Getting Started

I’m assuming you have already embedded your Meterpreter listener by one of the many methods I’ve outlined in my earlier posts, and that you have a Meterpreter prompt as it appears in the screenshot below.



Before we can begin to kill the AV software, we need to escalate our privileges.

Usually, when we embed a listener on the victim’s system, the listener will only have the privileges of the user who provided us with a gateway to their system by clicking on the malicious website, Office doc, Abobe PDF, etc.
That user most often has limited rights or privileges to the system. Unlimited rights to do anything on the system is held by the administrator or system administrator (or sysadmin for short).
We need to escalate our privileges from the user to sysadmin to have our way with this computer.

Step 2: Checking the User

Before we start the process of escalation, let’s check what user we are logged in as. Type:

meterpreter > getuid

This will return the ID of the user we are logged in as. If we are anything but the sysadmin, we’ll need to escalate to kill the antivirus software.

Step 3: Escalate Privileges

Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin. Simply type getsystem at the Meterpreter prompt.

meterpreter > getsystem

Notice that Metasploit responds with “…got system (with technique 1)”. Metasploit has multiple methods to escalate privileges and it tries each of them out until one works.
In our case, it was successful with technique 1.

Step 4: Check That We Are Sysadmin

Now that Metasploit has told us that it has escalated our privileges to sysadmin, let’s make sure. Type:

meterpreter > getuid

As you can see in my screenshot above, the victim responds with NT AUTHORITY\SYSTEM, the syadmin user!
Congratulations! You can now have your way with this victim.

Step 5: Kill the AntiVirus Software

Now that we have unlimited rights to this system, let’s kill the antivirus software. Metasploit has a Ruby script called killav.rb. We simply run that script from the Meterpreter prompt and it will kill the system’s antivirus software.
Make certain to start the script with the keyword run. Type:

meterpreter > run killav.rb

Notice from the screenshot above that the killav.rb script not only killed the antivirus process, but also the open command prompt.



Now that we have killed the antivirus process, we can remain hidden within their system and do as we please with little or no chance of being detected.
Stay tuned to the website for upcoming adventures in Hacking and Penetration Testing!

Useful Linux WiFi Commands .

 

NOTE: NOT ALL CARDS/FIRMWARE SUPPORT ALL OF THE COMMANDS LISTED BELOW.
Note: To connect your Linux machine to a WLAN using WPA, WPA2 or 802.1X you will need to use WPA Supplicant

Connecting to an OPEN / WEP WLAN (DHCP)

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

1. iwconfig [interface] mode managed key [WEP key] (128 bit WEP use 26 hex characters, 64 bit WEP uses 10)
2. iwconfig [Interface] essid “[ESSID]“ (Specify ESSID for the WLAN)
3. dhclient [interface] (to receive an IP address, netmask, DNS server and default gateway from the Access Point)
4. ping www.bbc.co.uk (if you receive a reply you have access)

Connecting to an OPEN / WEP WLAN (Manual IP Setup)

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.) It may be necessary to run some packet capture software (e.g. Ethereal) to determine the IP addresses of both the Default Gateway and DNS servers.

1. iwconfig [interface] mode managed key [WEP key] (128 bit WEP use 26 hex characters, 64 bit WEP uses 10)
2. iwconfig [interface] essid “[ESSID]“
3. ifconfig [interface] [IP address] netmask [subnetmask]
4. route add default gw [IP of default gateway] (Configure your default gateway; usually the IP of the Access Point)
5. echo nameserver [IP address of DNS server] >> /etc/resolve.conf (Configure your DNS server)
6. ping www.bbc.co.uk (if you receive a reply you have access)

iwconfig Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

• iwconfig [interface] mode master (set the card to act as an access point mode)
• iwconfig [interface] mode managed (set card to client mode on a network with an access point)
• iwconfig [interface] mode ad-hoc (set card to peer to peer networking or no access point mode)
• iwconfig [interface] mode monitor (set card to RFMON mode our favourite)
• iwconfig [interface] essid any (with some cards you may disable the ESSID checking)
• iwconfig [interface] essid “your ssid_here” (configure ESSID for network)
• iwconfig [interface] key 1111-1111-1111-1111 (set 128 bit WEP key)
• iwconfig [interface] key 11111111 (set 64 bit WEP key)
• iwconfig [interface] key s:mykey (set key as an ASCII string)
• iwconfig [interface] key off (disable WEP key)
• iwconfig [interface] key open (sets open mode, no authentication is used and card may accept non-encrypted sessions)
• iwconfig [interface] channel [channel no.] (set a channel 1-14)
• iwconfig [interface] channel auto (automatic channel selection)
• iwconfig [interface] freq 2.422G (channels can also be specified in GHz)
• iwconfig [interface] ap 11:11:11:11:11:11 (Force card to register AP address)
• iwconfig [interface] rate 11M (card will use the rate specified)
• iwconfig [interface] rate auto (select automatic rate)
• iwconfig [interface] rate auto 5.5M (card will use the rate specified and any rate below as required)

ifconfig Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)
ifconfig [interface] up (bring up specified interface)
ifconfig [interface] down (take down specified interface)
ifconfig [interface] [IP address] netmask [subnet-mask] (manually set IP and subnet-mask details)
ifconfig [interface] hw ether [MAC] (Change the wireless cards MAC address, specify in format 11:11:11:11:11:11)

iwpriv Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

• iwpriv [interface] hostapd 1 (used to set card mode to hostapd e.g. for void11)

When the monitor mode patch is installed as per the Wireless Build HOWTO the following commands may be used to set the card into monitor mode.

• iwpriv [interface] monitor [A] [B]
  • [A]
    • 0 = disable monitor mode
    • 1 = enable monitor mode with Prism2 header
    • 2 = enable monitor mode with no Prism2
  • [B]
    • Channel to monitor (1-14)

iwlist Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.) iwlist is used to display some large chunk of information from a wireless network interface that is not displayed by iwconfig.

• iwlist [interface] scan (Give the list of Access Points and Ad-Hoc cells in range (ESSID, Quality, Frequency, Mode etc.) Note: In tests only worked with Atheros cards).
• iwlist [interface] channel (Give the list of available frequencies in the device and the number of channels).
• iwlist [interface] rate (List the bit-rates supported by the device).
• iwlist [interface] key (List the encryption key sizes supported and display all the encryption keys available in the device).
• iwlist [interface] power (List the various Power Management attributes and modes of the device).
• iwlist [interface] txpower (List the various Transmit Power available on the device).
• iwlist [interface] retry (List the transmit retry limits and retry lifetime on the device).
• iwlist [interface] ap (Give the list of Access Points in range, and optionally the quality of link to them. Deprecated in favour of scan)
• iwlist [interface] peers (Give the list of Peers associated/registered with this card).
• iwlist [interface] event (List the wireless events supported by this card).

Madwifi-ng Commands

MADWiFi supports virtual access points (VAPS), which means you can create more than one wireless device per wireless card (the host wireless card = wifi0).
By default, a sta mode VAP is created by, which is MadWifi talk for a ‘managed mode wireless interface’.
Note: replace athx with your interface name as required (e.g. ath0, ath1)

• wlanconfig athx destroy (Destroy VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode sta (Create a managed mode VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode ap (Create an Access Point VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode adhoc (Create an Ad-Hoc VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode monitor (Create a Monitor mode VAP, athx)
• Changing modes:
  • ifconfig athx down (Take the VAP down)
  • wlanconfig athx destroy (Destroy the VAP, athx)
  • wlanconfig athx create wlandev wifi0 wlanmode [sta|adhoc|ap|monitor] (Create a new sta, adhoc, ap or monitor VAP)
• Scan for Access Points (requires both steps):
  • modprobe wlan_scan_sta (To insert the scanning module)
  • wlanconfig athx list scan (To list the APs)

John the Ripper Basics Tutorial .

I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I won’t go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).

The Process

• Step 1: Download John the Ripper.

• Step 2: Extract JTR. In windows use winzip. In unix type:

tar -xzf john-1.6.tar.gz

• Step 3: In windows open the command prompt. Go to the Start menu, click Run, type ‘command‘ (no quotes) and press enter.

You with me? Good. Go to whatever directory to have JTR in. Type ‘john‘ and press enter. A whole list of options will come up:

John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer

Usage: /WINDOWS/DESKTOP/JTR/JOHN-16/RUN/john [OPTIONS] [PASSWORD-FILES]

-single “single crack” mode

-wordfile:FILE -stdin wordlist mode, read words from FILE or stdin

-rules enable rules for wordlist mode

-incremental[:MODE] incremental mode [using section MODE]

-external:MODE external mode or word filter

-stdout[:LENGTH] no cracking, just write words to stdout

-restore[:FILE] restore an interrupted session [from FILE]

-session:FILE set session file name to FILE

-status[:FILE] print status of a session [from FILE]

-makechars:FILE make a charset, FILE will be overwritten

-show show cracked passwords

-test perform a benchmark

-users:[-]LOGIN|UID[,..] load this (these) user(s) only

-groups:[-]GID[,..] load users of this (these) group(s) only

-shells:[-]SHELL[,..] load users with this (these) shell(s) only

-salts:[-]COUNT load salts with at least COUNT passwords only

-format:NAME force ciphertext format NAME

(DES/BSDI/MD5/BF/AFS/LM)

-savemem:LEVEL enable memory saving, at LEVEL 1..3

You wont need most of these options. In fact, you don’t really need any of these options. You can simply type ‘john filename.txt‘. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you’re an impatient ass you can use a word list. This is not as effective but it’s quicker (more on that later).
How to make a crackable file: Let’s say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like this:

User:gyuJo098KkLy9

Save the file as crackme.txt (just an example) and go to the prompt and type ‘john crackme.txt’ (no quotes obviously). Now you just have to wait.

Options

Here are a list of the options and what they do.

single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.
Usage:

john -single crackme.txt

wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don’t recommend this because it doesn’t always find a match. More notes on wordlists below.
Usage:

john -wordfile:password.lst crackme.txt

rules: Lets you define the rules for using wordlists. I don’t use wordlists, so if you want to use this option I wont help you. Ok, ok, I’m just lazy. Shoot me.

incremental: I like this method. It allows you to do a bruteforce attackunder certain modes.
Usage:

john -incremental:alpha crackme.txt
(only letters)
john -incremental:digits crackme.txt
(only numbers)
john -incremental:lanman crackme.txt
(letters, numbers, and some special characters)
john -incremental:all crackme.txt
(all characters)

external: This is a little complicated, so if you are lame don’t mess with it. Basically this calls the options that are defined in the configuration settings. You can change these yourself, but I wouldn’t recommend it unless you know what you’re doing. No, I wont tell you how, go away.
Usage:

john -external:[MODE] crackme.txt

(replace MODE with whatever the name of your mode is).


restore: Ok, let’s say that you need to stop the crack in the middle. Press crtl+break. A file will be created in the JTR directory named ‘restore’ (no quotes doofus, and yes, no file extention). You can start the crack back up from that restore point. If you used the-session option you probably have a different filename.
Usage:

john -restore:restore

session: Use this if you know that you will have to stop JTR in the middle of a crack. It allows you to create a new file that holds the data of your session. You can then restore your session later.
Usage:

john -session:[save to filename] crackme.txt

status: Shows how far you got before stoping a crack (provided you used the -session option).
Usage:

john -status:[filename]

show: Shows how many passwords have been cracked in a file and how many are left.
Usage:

john -show crackme.txt

 

test: Shows how fast JTR will work on your computer.

Usage:

john -test

users: Cracks the password only for the user or users you tell it to.
Usage:

john -users:User crackme.txt

groups: Cracks the passwords only for the group or groups you tell it to.
Usage:

john -group:lamers crackme.txt

shells: Cracks the passwords only for the shell or shells you tell it to.
Usage:

john -shells:shelly crackme.txt

salts: Cracks the salts that have at least the number of passwords you specify.
Usage:

john -salts:2 crackme.txt

format: JTR can decrypt many from many different formats, not just DES (but this is the most widely used one). Use this to force JTR to try a certain format.
Usage:

john -format:DES crackme.txt (force DES)
john -format:BSDI crackme.txt (force BSDI)
john -format:MD5 crackme.txt (force MD5)
john -format:BF crackme.txt (force BF)
john -format:AFS crackme.txt (force AFS)
john -format:LM crackme.txt (force LM)

savemem: this tells JTR to automatically save your process at whatever level you specify from one to three.
Usage:

john -savemem:1 crackme.txt (save at level 1)
john -savemem:2 crackme.txt (save at level 2)
john -savemem:3 crackme.txt (save at level 3)

How to use a wordlist with JTR: I’ll assume you already have a wordlist in the JTR directory (it comes with password.lst, if you want to make your own I’ll tell you how later). Go to the prompt and type ‘john -wordfile:password.lst crackme.txt’ (no quotes, damnit). If the password is in the wordlist, it will work. Otherwise, you deserve it for using a wordlist when you have bruteforce capabilities, shame on you.
How to create a wordlist to use with JTR: First I will include a few lines of the wordlist supplied with JTR:

12345
abc123
password
passwd
123456

These lines are passwords that the program will try when you use the wordlist. Put each password on a new line. In the event that you are too lazy to write your own wordlist you can download one (Here is my post with links to wordlists). It may or may not already be the right file format (.lst). If it isn’t, just go to the prompt. Assuming the filename is lazy.txt, type ‘rename lazy.txt lazy.lst‘
Piping Output: Remember the -show option? You can get JTR to save that output to a file. Just type ‘john -show crackme.txt > crackinfo.txt‘

 

 FAQs:

• Q: Can I mix options?
  A: Yes, certain options can be mixed. You can mix options as long asthey don’t clash. Play around with it a while.
• Q: What does “Loaded 0 passwords” mean?
  A: There was a problem with either your password file or the syntax of your command. If you force BF decryption when your file has DES encryption it wont work. If your password file isn’t made right it wont work.
• Q: What does “Password files required, but none specified” mean?
  A: Can you read? You can’t just tell JTR to crack, you need to give it a file.
• Q: What does “Unknown cyphertext format name requested” mean?
  A: When you use the -format option you need to check that you typed the name of the format correctly.
• Q: How come when I typed ‘john -users: login|uid crackme.txt’ (which by the way is the usage shown in the list of option by JTR) I received this error:
  Option requires a parameter: “-users:”
  Bad command or file name
  A: The piping symbol you used (|) can mean two different things. In this case in means ‘or’. You’re supposed to use login OR uid. When you type it in a dos window, you are running two separate commands.
• Q: Can I speed up the bruteforce?
  A: Sure, just toss that old ass box of yours and get a new one.