La connexion s'effectue une première fois par 2FA mais l'utilisateur peut à nouveau recevoir une demande 2FA pour confirmer qu'il n'est pas un robot. À ce moment, le 2FA de Facebook ne joue plus son rôle et n'envoie pas de SMS.
20180612
20150709
THC Hydra Password Cracking Tool
THC Hydra is another classic password cracking tool. Strictly speaking Hydra is a network logon password cracking tool, which is actually very fast. A great feature about Hydra is that you can add modules to increase the functinonality of this hacking tool.
Hydra supports various network protocols including, but not limited to AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, and Rexec.
Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-)) Hydra is born more than 10 years ago, this page is used as a recap of the functionalities it provides, but also the differences in feature sets, services coverage and code between the most popular network authentication cracker tools available. Each feature is compared against Hydra as of the current version. This table is updated as new features are added to the project.
Development just moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
Cain & Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Cain & Abel v4.9.56 released
http://www.oxid.it/cain.html
Tor Project
What is Tor ?
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
Overview
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.
Why we need Tor
Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.
How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.
A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.
But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.
Why Anonymity Matters
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.
20150708
Cryptocat, Chat with privacy.
Private chat can be easy and accessible.
Cryptocat is a fun, accessible app for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Even the Cryptocat network itself can't read your messages. Cryptocat is open source, free software, developed by encryption professionals to make privacy accessible to everyone.
Group chat, file sharing, and more!
- Chat with groups of friends at the same time using Cryptocat's group chat encryption. Cryptocat's fun interface makes it easy!
- Send files and photos to friends quickly and easily, with the assurance that not even the Cryptocat network itself can read your data.
- Connect to Facebook Messenger to see which Facebook friends are also using Cryptocat, and set up encrypted chat with them instantly.
Cryptocat is not a magic bullet. Even though Cryptocat provides useful encryption, you should never trust any piece of software with your life, and Cryptocat is no exception.
Cryptocat does not anonymize you:
While your communications are encrypted, your identity can still be traced since Cryptocat does not mask your IP address. For anonymization, we highly recommend using Tor.
Cryptocat does not protect against key loggers: Your messages are encrypted as they go through the wire, but that doesn't mean that your keyboard is necessarily safe. Cryptocat does not protect against hardware or software key loggers which might be snooping on your keyboard strokes and sending them to an undesired third party.
Cryptocat does not protect against untrustworthy people: Parties you're conversing with may still leak your messages without your knowledge. Cryptocat aims to make sure that only the parties you're talking to get your messages, but that doesn't mean these parties are necessarily trustworthy.
Cryptocat is a fun, accessible app for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Even the Cryptocat network itself can't read your messages. Cryptocat is open source, free software, developed by encryption professionals to make privacy accessible to everyone.
Group chat, file sharing, and more!
- Chat with groups of friends at the same time using Cryptocat's group chat encryption. Cryptocat's fun interface makes it easy!
- Send files and photos to friends quickly and easily, with the assurance that not even the Cryptocat network itself can read your data.
- Connect to Facebook Messenger to see which Facebook friends are also using Cryptocat, and set up encrypted chat with them instantly.
Cryptocat is not a magic bullet. Even though Cryptocat provides useful encryption, you should never trust any piece of software with your life, and Cryptocat is no exception.
Cryptocat does not anonymize you:
While your communications are encrypted, your identity can still be traced since Cryptocat does not mask your IP address. For anonymization, we highly recommend using Tor.
Cryptocat does not protect against key loggers: Your messages are encrypted as they go through the wire, but that doesn't mean that your keyboard is necessarily safe. Cryptocat does not protect against hardware or software key loggers which might be snooping on your keyboard strokes and sending them to an undesired third party.
Cryptocat does not protect against untrustworthy people: Parties you're conversing with may still leak your messages without your knowledge. Cryptocat aims to make sure that only the parties you're talking to get your messages, but that doesn't mean these parties are necessarily trustworthy.
Subscribe to:
Posts (Atom)