SlideShare una empresa de Scribd logo

Faisal aslam

Descargar como DOC, PDF
Nadeem Gujjar
Nadeem Gujjar
1 de 7
Online System’s Password Hacking CS 473 Network Security Final Project Phase 1-A By Faisal Aslam 02030006 • Key should also be retrieved • GUIz should be made whichn should show the current status of the each process Table of Contents 1) Project Title 2) Abstract 3) Explanation 4) Architecture a. Conceptual Diagram b. Interaction between Concepts 5) List of Deliverables and Milestones 6) Tools and Technologies 7) Team 02030006 Faisal Aslam 1
Online System’s Password Hacking CS 473 1) Project Title: Online System’s Password Hacking 2) Abstract: An online system password hacking program, which will be using brute force technique. The program will be able to run in a distributed way on many machines at the same time (unique password tries in all machines collectively). Also the program will save its state at regular intervals so that it can start running again from where it left last time (killed by someone or intentionally stopped). Also make use of probability to first make combinations that are most likely to be selected as a password. Program should be independent of site to be hack. Like for example if I want to hack the password of www.yahoo.com or www.hotmail.com there should be no change in the logic of program but only few changes in a configuration file (XML file). The program should accomplish it task in reasonable amount of time (like within a week). The program will demonstrate to actually hack the password of any well known system for example hotmail, yahoo or LUMS registration system. 3) Explanation: 1) XML based Configuration XML based text file with a define DTD so that user can configure the password hacking program. Following is the rules that DTD will define in structured way. • Will have URL of the site to hack password • Will have the FAILUREKEY that occur in an html page if password fails • Will suggest a set of predefined combinations which will have highest priority (to try as a candidate password). For example one login name, “root”, “super user”, “password” etc. • Will specify set of valid characters (alphabets, numbers, special characters etc) which will combine in different permutation to make a candidate password. • The XML file will able user to add probability against every valid characters. For example “A” with probability “0.2” etc. The value of probability will start from 0 and will mostly be LESS then 1 (as we can not mostly say with 100% surety that some character will be part of password. Unless we have observed one entering his password). • One can also be able to specify probability against many valid characters instead of specifying it against every other character. This is named as a group probability. 02030006 Faisal Aslam 2
Online System’s Password Hacking CS 473 2) Sate Of program: The program will have current state that will be an indication of the all the combination it has tried so far (and what is left behind). 3) Save and retrieve State The state of program is saved after regular intervals so that if someone stop the program (or kill it) and run it later it will start from the last saved state. 4) Probability Calculation The will use probability to first make combination (from valid character set) which have higher probability. 5) Failure Key The failure key (some words/sentence) is the key to identify the html page (response after a password try) when password is wrong. If an html response page does not have a failure key then it mean a success and password is hacked. 6) Distributed and parallel running The program will be able to run in distributed way on many machine so that power of many machines can be used for computing password, in less time. To distribute program one has to make changes in the configuration file so that unique combination (of candidate password) can be try on different machines. 02030006 Faisal Aslam 3
Online System’s Password Hacking CS 473 4) Architecture: a. Conceptual Diagram: The following Conceptual diagram show different concepts and there interaction with the XML configuration file as state storage. Usually we do not show interaction of data storage in conceptual diagram but here this is added so that one can get better understanding of the whole process. PasswordHacker PasswordGenerator ProbabilityCalculator 1 1 1 1 1 1 1 1 1 1 1 1 Configuration HTMLParser State 1 FailureKey 1 1 1 ConfigurationLoader StatePersistent 1 XML 1 Configuration XMLReader File State Storage b. Concept Interactions: The “PasswordHacker” Concept will be the main Concept (which will be the starting concept). That Concept will first load the state of program by calling a function in State Concept. If this hacking program is executed before then that saved state is retrieve from storage system otherwise it will start from default null state (starting state). The “PasswordHacker” concept then called “PasswordGenerator” which see if the “Configuration” is already in the memory. If “Configuration” is not in the memory then “ConfigurationLoader” will load the configuration in the static “Configuration” concept (memory). The “PasswordGerator” then (using “Configuration” Concept and “ProbablityCalculator” Concept) finds next valid Password to try. This candidate password is returned to the “PasswordHacker”. 02030006 Faisal Aslam 4
Online System’s Password Hacking CS 473 After getting a candidate Password from “PasswordGenerator” the “PasswordHacker” put this password in the html form and posts it. The result of our post is given to “HTMLParser” concept. “HTMLParser” find FAILUREKEY in the page. If page have a FAILUREKEY then it return false (which mean continue tries) and if page do not have a FAILUREKEY then password is hacked successfully and program is stopped. On every retry (in case of failure) it will update it “State” concept and after every fix number of tries it will save it “State” in the storage medium (DB/text file). 5) List of Deliverables and Milestones: Num. Milestone Deliverable Expected 1. Define Document Type Definition DTD document (with 30/12/2002 (DTD): a sample XML) by email as well a hard For the configuration of the program one copy. has to come up with a detailed DTD that full fill all requirements specified above. 2. Develop a small and simple prototype: Show the working of 12/01/2002 prototype and code is Make a prototype that work on a submitted. yahoo/hotmail account whose password is already known. So the prototype after trying for 10 time, use the known right password and save it. The prototype will demonstrate the project is possible and its final version correctly, and work to retrieve unknown password. The prototype will not use configuration file, probability or distributed running capabilities. 3. Develop and complete design using The UML design is 15/01/2002 UML: submitted by email and hard copy. The design will include detail class diagram and a sequential diagram. 4. Develop a complete working version: A working model is 25/01/2002 shown. The version will full fill all the requirements stated above. 02030006 Faisal Aslam 5
Online System’s Password Hacking CS 473 5. Final Submission after testing The final code 01/02/2002 submission and also Also submit the proof the program had the password of worked by actually hacking a already decided yahoo/hotmail (or any other) account. (unknown) user yahoo/hotmail is told. 6) Tools and Technologies: Some technologies/tools might not be used and few addition technologies/tools might be used during development of the project. 1) Java 2) Network programming in Java 3) Threads (in Java) 4) HTML and Java Script 5) Rational Rose and UML 6) MS Access 7) JDBC 8) XML 9) DOM XML Parser 7) Team: Faisal Aslam - 2002-03-0006 02030006 Faisal Aslam 6
Online System’s Password Hacking CS 473 5. Final Submission after testing The final code 01/02/2002 submission and also Also submit the proof the program had the password of worked by actually hacking a already decided yahoo/hotmail (or any other) account. (unknown) user yahoo/hotmail is told. 6) Tools and Technologies: Some technologies/tools might not be used and few addition technologies/tools might be used during development of the project. 1) Java 2) Network programming in Java 3) Threads (in Java) 4) HTML and Java Script 5) Rational Rose and UML 6) MS Access 7) JDBC 8) XML 9) DOM XML Parser 7) Team: Faisal Aslam - 2002-03-0006 02030006 Faisal Aslam 6

Recomendados

7. 9589 1-pb
7. 9589 1-pb7. 9589 1-pb
7. 9589 1-pb
IAESIJEECS
 
Mobile Email Security
Mobile Email SecurityMobile Email Security
Mobile Email Security
Rahul Sihag
 
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
IJERA Editor
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
 
Using NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key CryptographyUsing NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key Cryptography
iosrjce
 
Slice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed PersistenceSlice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed Persistence
Pinaki Poddar
 
Twet
TwetTwet
Twet
Computer Science
 
Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)
Pinaki Poddar
 

Recomendados

7. 9589 1-pb
7. 9589 1-pb7. 9589 1-pb
7. 9589 1-pb
IAESIJEECS
 
Mobile Email Security
Mobile Email SecurityMobile Email Security
Mobile Email Security
Rahul Sihag
 
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
IJERA Editor
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
 
Using NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key CryptographyUsing NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key Cryptography
iosrjce
 
Slice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed PersistenceSlice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed Persistence
Pinaki Poddar
 
Twet
TwetTwet
Twet
Computer Science
 
Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)
Pinaki Poddar
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
sandi4204
 
Python (Jinja2) Templates for Network Automation
Python (Jinja2) Templates for Network AutomationPython (Jinja2) Templates for Network Automation
Python (Jinja2) Templates for Network Automation
Rick Sherman
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
Mohmad Feroz
 
Password hacking
Password hackingPassword hacking
Password hacking
Mr. FM
 
Php interview-questions and answers
Php interview-questions and answersPhp interview-questions and answers
Php interview-questions and answers
sheibansari
 
Hibernate
HibernateHibernate
Hibernate
Shaharyar khan
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
James Bayer
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
James Bayer
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
James Bayer
 
Jinx - Malware 2.0
Jinx - Malware 2.0Jinx - Malware 2.0
Jinx - Malware 2.0
Itzik Kotler
 
A Taste of Clojure
A Taste of ClojureA Taste of Clojure
A Taste of Clojure
David Leung
 
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ... KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
Nexgen Technology
 
P3.docx
P3.docxP3.docx
P3.docx
IsaacMwangi25
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
XPages Blast - ILUG 2010
XPages Blast - ILUG 2010XPages Blast - ILUG 2010
XPages Blast - ILUG 2010
Tim Clark
 
Implementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoCImplementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoC
jimfuller2009
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
n|u - The Open Security Community
 
Code That Writes Code : Automatic Programming for NHibernate
Code That Writes Code : Automatic Programming for NHibernateCode That Writes Code : Automatic Programming for NHibernate
Code That Writes Code : Automatic Programming for NHibernate
Deepak Sahu
 
All of javascript
All of javascriptAll of javascript
All of javascript
Togakangaroo
 

Más contenido relacionado

Similar a Faisal aslam

136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
sandi4204
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
James Bayer
 
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ... KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
Nexgen Technology
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 

Similar a Faisal aslam (20)

136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
 
Python (Jinja2) Templates for Network Automation
Python (Jinja2) Templates for Network AutomationPython (Jinja2) Templates for Network Automation
Python (Jinja2) Templates for Network Automation
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Php interview-questions and answers
Php interview-questions and answersPhp interview-questions and answers
Php interview-questions and answers
 
Hibernate
HibernateHibernate
Hibernate
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Jinx - Malware 2.0
Jinx - Malware 2.0Jinx - Malware 2.0
Jinx - Malware 2.0
 
A Taste of Clojure
A Taste of ClojureA Taste of Clojure
A Taste of Clojure
 
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ... KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...
 
P3.docx
P3.docxP3.docx
P3.docx
 
Password hacking
Password hackingPassword hacking
Password hacking
 
XPages Blast - ILUG 2010
XPages Blast - ILUG 2010XPages Blast - ILUG 2010
XPages Blast - ILUG 2010
 
Implementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoCImplementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoC
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
 
Code That Writes Code : Automatic Programming for NHibernate
Code That Writes Code : Automatic Programming for NHibernateCode That Writes Code : Automatic Programming for NHibernate
Code That Writes Code : Automatic Programming for NHibernate
 
All of javascript
All of javascriptAll of javascript
All of javascript
 

Faisal aslam

  • 1. Online System’s Password Hacking CS 473 Network Security Final Project Phase 1-A By Faisal Aslam 02030006 • Key should also be retrieved • GUIz should be made whichn should show the current status of the each process Table of Contents 1) Project Title 2) Abstract 3) Explanation 4) Architecture a. Conceptual Diagram b. Interaction between Concepts 5) List of Deliverables and Milestones 6) Tools and Technologies 7) Team 02030006 Faisal Aslam 1
  • 2. Online System’s Password Hacking CS 473 1) Project Title: Online System’s Password Hacking 2) Abstract: An online system password hacking program, which will be using brute force technique. The program will be able to run in a distributed way on many machines at the same time (unique password tries in all machines collectively). Also the program will save its state at regular intervals so that it can start running again from where it left last time (killed by someone or intentionally stopped). Also make use of probability to first make combinations that are most likely to be selected as a password. Program should be independent of site to be hack. Like for example if I want to hack the password of www.yahoo.com or www.hotmail.com there should be no change in the logic of program but only few changes in a configuration file (XML file). The program should accomplish it task in reasonable amount of time (like within a week). The program will demonstrate to actually hack the password of any well known system for example hotmail, yahoo or LUMS registration system. 3) Explanation: 1) XML based Configuration XML based text file with a define DTD so that user can configure the password hacking program. Following is the rules that DTD will define in structured way. • Will have URL of the site to hack password • Will have the FAILUREKEY that occur in an html page if password fails • Will suggest a set of predefined combinations which will have highest priority (to try as a candidate password). For example one login name, “root”, “super user”, “password” etc. • Will specify set of valid characters (alphabets, numbers, special characters etc) which will combine in different permutation to make a candidate password. • The XML file will able user to add probability against every valid characters. For example “A” with probability “0.2” etc. The value of probability will start from 0 and will mostly be LESS then 1 (as we can not mostly say with 100% surety that some character will be part of password. Unless we have observed one entering his password). • One can also be able to specify probability against many valid characters instead of specifying it against every other character. This is named as a group probability. 02030006 Faisal Aslam 2
  • 3. Online System’s Password Hacking CS 473 2) Sate Of program: The program will have current state that will be an indication of the all the combination it has tried so far (and what is left behind). 3) Save and retrieve State The state of program is saved after regular intervals so that if someone stop the program (or kill it) and run it later it will start from the last saved state. 4) Probability Calculation The will use probability to first make combination (from valid character set) which have higher probability. 5) Failure Key The failure key (some words/sentence) is the key to identify the html page (response after a password try) when password is wrong. If an html response page does not have a failure key then it mean a success and password is hacked. 6) Distributed and parallel running The program will be able to run in distributed way on many machine so that power of many machines can be used for computing password, in less time. To distribute program one has to make changes in the configuration file so that unique combination (of candidate password) can be try on different machines. 02030006 Faisal Aslam 3
  • 4. Online System’s Password Hacking CS 473 4) Architecture: a. Conceptual Diagram: The following Conceptual diagram show different concepts and there interaction with the XML configuration file as state storage. Usually we do not show interaction of data storage in conceptual diagram but here this is added so that one can get better understanding of the whole process. PasswordHacker PasswordGenerator ProbabilityCalculator 1 1 1 1 1 1 1 1 1 1 1 1 Configuration HTMLParser State 1 FailureKey 1 1 1 ConfigurationLoader StatePersistent 1 XML 1 Configuration XMLReader File State Storage b. Concept Interactions: The “PasswordHacker” Concept will be the main Concept (which will be the starting concept). That Concept will first load the state of program by calling a function in State Concept. If this hacking program is executed before then that saved state is retrieve from storage system otherwise it will start from default null state (starting state). The “PasswordHacker” concept then called “PasswordGenerator” which see if the “Configuration” is already in the memory. If “Configuration” is not in the memory then “ConfigurationLoader” will load the configuration in the static “Configuration” concept (memory). The “PasswordGerator” then (using “Configuration” Concept and “ProbablityCalculator” Concept) finds next valid Password to try. This candidate password is returned to the “PasswordHacker”. 02030006 Faisal Aslam 4
  • 5. Online System’s Password Hacking CS 473 After getting a candidate Password from “PasswordGenerator” the “PasswordHacker” put this password in the html form and posts it. The result of our post is given to “HTMLParser” concept. “HTMLParser” find FAILUREKEY in the page. If page have a FAILUREKEY then it return false (which mean continue tries) and if page do not have a FAILUREKEY then password is hacked successfully and program is stopped. On every retry (in case of failure) it will update it “State” concept and after every fix number of tries it will save it “State” in the storage medium (DB/text file). 5) List of Deliverables and Milestones: Num. Milestone Deliverable Expected 1. Define Document Type Definition DTD document (with 30/12/2002 (DTD): a sample XML) by email as well a hard For the configuration of the program one copy. has to come up with a detailed DTD that full fill all requirements specified above. 2. Develop a small and simple prototype: Show the working of 12/01/2002 prototype and code is Make a prototype that work on a submitted. yahoo/hotmail account whose password is already known. So the prototype after trying for 10 time, use the known right password and save it. The prototype will demonstrate the project is possible and its final version correctly, and work to retrieve unknown password. The prototype will not use configuration file, probability or distributed running capabilities. 3. Develop and complete design using The UML design is 15/01/2002 UML: submitted by email and hard copy. The design will include detail class diagram and a sequential diagram. 4. Develop a complete working version: A working model is 25/01/2002 shown. The version will full fill all the requirements stated above. 02030006 Faisal Aslam 5
  • 6. Online System’s Password Hacking CS 473 5. Final Submission after testing The final code 01/02/2002 submission and also Also submit the proof the program had the password of worked by actually hacking a already decided yahoo/hotmail (or any other) account. (unknown) user yahoo/hotmail is told. 6) Tools and Technologies: Some technologies/tools might not be used and few addition technologies/tools might be used during development of the project. 1) Java 2) Network programming in Java 3) Threads (in Java) 4) HTML and Java Script 5) Rational Rose and UML 6) MS Access 7) JDBC 8) XML 9) DOM XML Parser 7) Team: Faisal Aslam - 2002-03-0006 02030006 Faisal Aslam 6
  • 7. Online System’s Password Hacking CS 473 5. Final Submission after testing The final code 01/02/2002 submission and also Also submit the proof the program had the password of worked by actually hacking a already decided yahoo/hotmail (or any other) account. (unknown) user yahoo/hotmail is told. 6) Tools and Technologies: Some technologies/tools might not be used and few addition technologies/tools might be used during development of the project. 1) Java 2) Network programming in Java 3) Threads (in Java) 4) HTML and Java Script 5) Rational Rose and UML 6) MS Access 7) JDBC 8) XML 9) DOM XML Parser 7) Team: Faisal Aslam - 2002-03-0006 02030006 Faisal Aslam 6