«
Expand/Collapse
81 items tagged "lan"
Related tags:
hacks [+],
Newbie [+],
socks [+],
router [+],
mac addresses [+],
lan adapters [+],
intercepter [+],
chaos communication congress [+],
arp [+],
BackTrack [+],
Area [+],
vulnerability [+],
messenger version [+],
certificate [+],
Support [+],
General [+],
wireless lan [+],
winpcap based [+],
talk [+],
system [+],
security [+],
sarpi [+],
openwrt [+],
linksys wrt54g [+],
lan routers [+],
inspection [+],
felix fietkau [+],
bypass [+],
backbone network [+],
arpon [+],
akeni [+],
wol e [+],
wol [+],
wake [+],
vulnerability research [+],
usage profile [+],
toxin [+],
ssl [+],
smb shares [+],
smb [+],
script [+],
sambascan [+],
quot [+],
public shares [+],
perl script [+],
networks security [+],
networks [+],
network sniffer [+],
messenger [+],
malicious script [+],
mac address [+],
lan hacking [+],
interceptor [+],
icq [+],
home [+],
filter [+],
execution [+],
ettercap [+],
dissection [+],
command execution [+],
command [+],
caldav server [+],
caldav [+],
broadcast messages [+],
authentication header [+],
aruba networks [+],
aruba [+],
art [+],
apple computers [+],
apple [+],
vmware [+],
vlans [+],
virtual lan [+],
virtual [+],
una [+],
tool [+],
tar gz [+],
ssl connections [+],
pdf [+],
nat [+],
misc [+],
messenger v1 [+],
maxim salomon niels bakker [+],
man in the middle attack [+],
internet [+],
handler [+],
exploits [+],
elisa jasinska [+],
dei [+],
congress [+],
chaos communication camp [+],
certificate chain [+],
camp network [+],
advisory [+],
Software [+],
Hardware [+],
Angolo [+],
wlan [+],
wireless lan cards [+],
wireless lan card [+],
wire [+],
windows [+],
wigig [+],
webserver setup [+],
webserver [+],
washing machine [+],
wanna [+],
wake on lan [+],
vpceb [+],
vp applications [+],
voice [+],
vm player [+],
viktor [+],
video camp [+],
victim machine [+],
vaio [+],
usa [+],
unwanted guests [+],
twitter [+],
tin [+],
timer [+],
thomson speedtouch [+],
thompson [+],
thanks in advance [+],
texas instruments pci 1410 [+],
texas [+],
strip [+],
stairs [+],
spectrum [+],
speaker setup [+],
sony vaio [+],
sony [+],
solo 3 [+],
software vulnerability [+],
simon [+],
signal to noise ratio [+],
setup web [+],
setup [+],
server connection [+],
serp [+],
sending [+],
scoprire la password [+],
scherzo [+],
sat [+],
salve [+],
russell knister [+],
root shell [+],
ricerca [+],
request [+],
raw data rate [+],
rasmus [+],
ralf philipp [+],
radio [+],
pvc [+],
public ip [+],
program settings [+],
problem [+],
power [+],
potato cannon [+],
player [+],
pirate [+],
php files [+],
persistent software [+],
pc desktop [+],
password dell [+],
packet [+],
p2p [+],
opendns [+],
open source initiative [+],
office [+],
notebook [+],
new flavors [+],
nbsp [+],
my own [+],
musical [+],
mitm [+],
midori [+],
micha [+],
miami [+],
mia [+],
metasploit [+],
mano [+],
mame cabinet [+],
mains power [+],
machine [+],
luke [+],
location base [+],
local area network [+],
local [+],
lhost [+],
lcd [+],
lan party [+],
lan filter [+],
lan device [+],
lan controller [+],
lan connected [+],
laboratory research team [+],
keyboard scan [+],
kernel 2 [+],
iphone [+],
ipadress [+],
internal ip address [+],
interface [+],
intel graphics media accelerator [+],
index [+],
inch pvc pipe [+],
hub [+],
http [+],
html [+],
host os [+],
host ip [+],
host [+],
hey guys [+],
hackers [+],
gigabit network [+],
ghz [+],
getter [+],
gateway ip [+],
gateway [+],
g wi [+],
fun [+],
fonera [+],
firmware [+],
fellas [+],
fastweb [+],
external switch [+],
external antennas [+],
exploit [+],
ethical hacker [+],
ethercap [+],
enterprise [+],
electricity consumption [+],
electricity [+],
eavesdropping [+],
driver lan [+],
dns [+],
distros [+],
dissector [+],
didn [+],
destination port [+],
dd wrt [+],
danilo [+],
cve [+],
crate [+],
craig heffner [+],
could [+],
cosa [+],
controller firmware [+],
controller [+],
classic [+],
cisco systems inc [+],
cisco callmanager [+],
cisco [+],
chiaro [+],
che [+],
carlos torales [+],
card [+],
cant [+],
buon giorno a tutti [+],
bt4 [+],
bt3 [+],
broadband internet service [+],
box [+],
boombox [+],
biquad antenna [+],
biquad [+],
ben guderian [+],
basic linux books [+],
backdoor [+],
apr [+],
apple iic [+],
apple ii [+],
app [+],
antenna [+],
analyzation [+],
ammo [+],
alice vela [+],
access [+],
Wireless [+],
Topics [+],
Supporto [+],
Specialist [+],
Pentesting [+],
802.11ac [+],
network [+],
arp poisoning [+],
sniffer [+],
mac [+]
-
-
16:00
»
SecuriTeam
The Twitter 5.0 app for the iPhone is vulnerable to eavesdropping via [Man In The Middle][1], this vulnerability can lead an attacker on the same local area network (LAN) to capture and/or modify pictures the victim is seeing on the Twitter app.
-
-
16:00
»
SecuriTeam
The Vulnerability Laboratory Research Team discovered a filter bypass software vulnerability in the official Akeni LAN (LE) Messenger v1.2.118.
-
-
15:01
»
Hack a Day
[Danilo Larizza] is sharing a network connection between a couple of apartments. They are not far apart, but they are also not right next to each other so a set of external antennas is necessary. He built this 2.4 GHz biquad antenna on the cheap (translated) just to test if it improved the signal before he [...]
-
-
13:41
»
Packet Storm Security Exploits
A filter bypass vulnerability in Akeni LAN (LE) Messenger version 1.2.118 allows for malicious script insertion / cross site scripting attacks.
-
13:41
»
Packet Storm Security Misc. Files
A filter bypass vulnerability in Akeni LAN (LE) Messenger version 1.2.118 allows for malicious script insertion / cross site scripting attacks.
-
-
12:47
»
SecDocs
Authors:
Felix Fietkau Tags:
router Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: OpenWrt is a Linux distribution for embedded Wireless LAN routers. In this lecture I'm going to introduce OpenWrt and show you how you can use and customize it for your own projects. OpenWrt is basically a complete Linux distribution designed to work within the space constraints of average wireless routers like the Linksys WRT54G or the ASUS WL-500g. Since April 2005 the build system has been completely rewritten to support a large repository of packages that are built automatically and to make it easy to port it to other router platforms in the future. That makes it useful for creating custom solutions involving wireless networking, like a Hotspot service complete with authentication and billing or a small Voice over IP server (with Asterisk). I'd like to present the structure of the OpenWrt base system and show you how you can create your own packages and firmware images with the tools that we provide (Image Builder, SDK and the build system itself).
-
12:47
»
SecDocs
Authors:
Felix Fietkau Tags:
router Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: OpenWrt is a Linux distribution for embedded Wireless LAN routers. In this lecture I'm going to introduce OpenWrt and show you how you can use and customize it for your own projects. OpenWrt is basically a complete Linux distribution designed to work within the space constraints of average wireless routers like the Linksys WRT54G or the ASUS WL-500g. Since April 2005 the build system has been completely rewritten to support a large repository of packages that are built automatically and to make it easy to port it to other router platforms in the future. That makes it useful for creating custom solutions involving wireless networking, like a Hotspot service complete with authentication and billing or a small Voice over IP server (with Asterisk). I'd like to present the structure of the OpenWrt base system and show you how you can create your own packages and firmware images with the tools that we provide (Image Builder, SDK and the build system itself).
-
12:47
»
SecDocs
Authors:
Felix Fietkau Tags:
router Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: OpenWrt is a Linux distribution for embedded Wireless LAN routers. In this lecture I'm going to introduce OpenWrt and show you how you can use and customize it for your own projects. OpenWrt is basically a complete Linux distribution designed to work within the space constraints of average wireless routers like the Linksys WRT54G or the ASUS WL-500g. Since April 2005 the build system has been completely rewritten to support a large repository of packages that are built automatically and to make it easy to port it to other router platforms in the future. That makes it useful for creating custom solutions involving wireless networking, like a Hotspot service complete with authentication and billing or a small Voice over IP server (with Asterisk). I'd like to present the structure of the OpenWrt base system and show you how you can create your own packages and firmware images with the tools that we provide (Image Builder, SDK and the build system itself).
-
-
21:38
»
SecDocs
Authors:
Felix Fietkau Tags:
router Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: OpenWrt is a Linux distribution for embedded Wireless LAN routers. In this lecture I'm going to introduce OpenWrt and show you how you can use and customize it for your own projects. OpenWrt is basically a complete Linux distribution designed to work within the space constraints of average wireless routers like the Linksys WRT54G or the ASUS WL-500g. Since April 2005 the build system has been completely rewritten to support a large repository of packages that are built automatically and to make it easy to port it to other router platforms in the future. That makes it useful for creating custom solutions involving wireless networking, like a Hotspot service complete with authentication and billing or a small Voice over IP server (with Asterisk). I'd like to present the structure of the OpenWrt base system and show you how you can create your own packages and firmware images with the tools that we provide (Image Builder, SDK and the build system itself).
-
-
21:46
»
SecDocs
Authors:
Elisa Jasinska Maxim Salomon Niels Bakker Tags:
network Event:
Chaos Communication Camp 2007 Abstract: An introduction into the structure and design of the camp network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand outdoor network in less than one week is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before Camp doors open. The Camp network concept is based on the experiences of the last Congresses. So this talk will show you why network is the way it is. Focus of this talk is network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.
-
21:46
»
SecDocs
Authors:
Elisa Jasinska Maxim Salomon Niels Bakker Tags:
network Event:
Chaos Communication Camp 2007 Abstract: An introduction into the structure and design of the camp network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand outdoor network in less than one week is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before Camp doors open. The Camp network concept is based on the experiences of the last Congresses. So this talk will show you why network is the way it is. Focus of this talk is network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.
-
-
21:49
»
SecDocs
Tags:
network Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: An Introduction into the structure and design of the congress network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand network in less than 72hrs is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before congress doors open. 23c3 network concept is based on the experiences of the last congresses So this talk will show you, why network is the way it is. Focus of this talk is wired network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.
-
-
21:32
»
SecDocs
Tags:
network Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: An Introduction into the structure and design of the congress network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand network in less than 72hrs is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before congress doors open. 23c3 network concept is based on the experiences of the last congresses So this talk will show you, why network is the way it is. Focus of this talk is wired network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.
-
-
20:12
»
Wirevolution
The current generation of Wi-Fi, 802.11n, is soon to be superseded by not one, but two new flavors of Wi-Fi:
802.11n claims a maximum raw data rate of 600 megabits per second. 802.11ac and WiGig each claims over ten times this – about 7 megabits per second. So why do we need them both? The answer is that they have different strengths and weaknesses, and to some extent they can fill in for each other, and while they are useful for some of the same things, they each have use cases for which they are superior.
The primary difference between them is the spectrum they use. 802.11ac uses 5 GHz, WiGig uses 60 GHz. There are four main consequences of this difference in spectrum:
- Available bandwidth
- Propagation distance
- Crowding
- Antenna size
Available bandwidth:
There are no free lunches in physics. The maximum bit-rate of a wireless channel is limited by its bandwidth (i.e. the amount of spectrum allocated to it – 40 MHz in the case of old-style 802.11n Wi-Fi), and the signal-to-noise ratio. This limit is given by the Shannon-Hartley Theorem. So if you want to increase the speed of Wi-Fi you either have to allocate more spectrum, or improve the signal-to-noise ratio.
The amount of spectrum available to Wi-Fi is regulated by the FCC. At 5 GHz, Wi-Fi can use 0.55 GHz of spectrum. At 60 GHz, Wi-Fi can use 7 GHz of spectrum – over ten times as much. 802.11ac divides its spectrum into five 80 MHz channels, which can be optionally bonded into two and a half 160 MHz channels, as shown in this FCC graphic:
Source:
FCC KDB 644545
802.11ad has it much easier:
“Worldwide, the 60 GHz band has much more spectrum available than the 2.4 GHz and 5 GHz bands – typically 7 GHz of spectrum, compared with 83.5 MHz in the 2.4 GHz band.
This spectrum is divided into multiple channels, as in the 2.4 GHz and 5 GHz bands. Because the 60 GHz band has much more spectrum available, the channels are much wider, enabling multi-gigabit data rates. The WiGig specification defines four channels, each 2.16 GHz wide – 50 times wider than the channels available in 802.11n.”
Source: Wireless Gigabit Alliance
So for the maximum claimed data rates, 802.11ac uses channels 160 MHz wide, while WiGig uses 2,160 MHz per channel. That’s almost fourteen times as much, which makes life a lot easier for the engineers.
Propagation Distance:
60 GHz radio waves are absorbed by oxygen, but for LAN-scale distances this is not a significant factor. On the other hand, wood, bricks and particularly paint are far more opaque to 60 GHz waves:
Source:
IEEE 802.11-07/2790r0
Consequently WiGig is most suitable for in-room applications. The usual example for this is streaming high-def movies from your phone to your TV, but for their leading use case WiGig proponents have selected an even shorter range application: wireless docking for laptops.
Crowding:
5 GHz spectrum is also used by weather radar (Terminal Doppler Weather Radar or TDWR), and the FCC recently ruled that part of the 5 GHz spectrum is now completely prohibited to Wi-Fi. These channels are marked “X” in the graphic above. All the channels in the graphic designated “U-NII2″ and “U-NII 3″ are also subject to a requirement called “Dynamic Frequency Selection” or DFS, which says that if activity is detected at that frequency the Wi-Fi device must not use it.
5 GHz spectrum is not nearly as crowded as the 2.4 GHz spectrum used by most Wi-Fi, but it’s still crowded and cramped compared to the wide open vistas of 60 GHz. Even better, the poor propagation of 60 GHz waves means that even nearby transmitters are unlikely to cause interference. And with with beam-forming (discussed in the next section), even transmitters in the same room cause less interference. So WiGig wins on crowding in multiple ways.
Antenna size:
Antenna size and spacing is proportional to the wavelength of the spectrum being used. This means that 5 GHz antennas would be about an inch long and spaced about an inch apart. At 60 GHz, the antenna size and spacing would be about a tenth of this! So for handsets, multiple antennas are trivial to do at 60 GHz, more challenging at 5 GHz.
What’s so great about having multiple antennas? I mentioned earlier that there are no free lunches in physics, and that maximum bit-rate depends on channel bandwidth and signal to noise ratio. That’s how it used to be. Then in the mid-1990s engineers discovered (invented?) an incredible, wonderful free lunch: MIMO. Two adjacent antennas transmitting different signals on the same frequency normally interfere with each other. But the MIMO discovery was that if in this situation you also have two antennas on the receiver, and if there are enough things in the vicinity for the radio waves to bounce off (like walls, floors, ceilings, furniture and so on), then you can take the jumbled-up signals at the receiver, and with enough mathematical computer horsepower you can disentangle the signals completely, as if you had sent them on two different channels. And there’s no need to stop at two antennas. With four antennas on the transmitter and four on the receiver, you get four times the throughput. With eight, eight times. Multiple antennas receiving, multiple antennas sending. Multiple In, Multiple Out: MIMO. This kind of MIMO is called Spatial Multiplexing, and it is used in 802.11n and 802.11ac.
Another way multiple antennas can be used is “beam-forming.” This is where the same signal is sent from each antenna in an array, but at slightly different times. This causes interference patterns between the signals, which (with a lot of computation) can be arranged in such a way that the signals reinforce each other in a particular direction. This is great for WiGig, because it can easily have as many as 16 of its tiny antennas in a single array, even in a phone, and that many antennas can focus the beam tightly. Even better, shorter wavelengths tend to stay focused. So most of the transmission power can be aimed directly at the receiving device. So for a given power budget the signal can travel a lot further, or for a given distance the transmission power can be greatly reduced.
-
-
9:57
»
Packet Storm Security Recent Files
Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
9:57
»
Packet Storm Security Tools
Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
9:57
»
Packet Storm Security Misc. Files
Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
-
21:48
»
SecDocs
Authors:
Ralf-Philipp Weinmann Tags:
backdoor embedded Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Want to persistently backdoor a laptop? Backdooring the BIOS is out of the question since your target can dump and diff it? Planting hardware is out of the question as well? Shhhhhhh.. I have something for you: Embedded controllers are present in every modern laptop, yet their security impact has been unresearched thus far. An embedded controller has access to the complete stream of keyboard scan codes, can control fans and the battery charging process. Backdooring the embedded controller is a powerful way to plant a persistent firmware keylogger that works in a cross-platform fashion. Since ECs usually also provide battery and temperature sensor readings through ACPI, there also exists a way to funnel out the keystroke data through a low-privilege process later. Some laptops even allow EC controller firmware updates over the LAN! I will present a PoC backdoor for a widespread series of laptops and show you how to defend yourself against this attack by dumping the EC firmware yourself.
-
-
15:24
»
Packet Storm Security Recent Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Tools
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Misc. Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
-
8:01
»
Hack a Day
Ammo crate PCs have been around since Unreal Tournament LAN parties, but this one goes further back than that; [Simon] put an Apple II in an ammo crate. It’s a fitting anachronistic build from the same guy that built the TARDIS MAME cabinet. Thankfully, [Simon] didn’t tear apart an Apple IIc for this build. A [...]
-
-
17:47
»
Packet Storm Security Recent Files
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
-
17:47
»
Packet Storm Security Tools
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
-
17:47
»
Packet Storm Security Misc. Files
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
-
-
9:57
»
Packet Storm Security Recent Files
ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.
-
9:57
»
Packet Storm Security Tools
ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.
-
9:57
»
Packet Storm Security Misc. Files
ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.
-
-
11:01
»
Hack a Day
For years, [Rasmus] has left his computer connected directly to the mains power so that he can turn it on via Wake on Lan. While powered down, it would still continuously consume about 6W of electricity, but now that he didn’t need it to be on standby so often, he wanted to make it more [...]
-
-
20:07
»
Packet Storm Security Advisories
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
20:07
»
Packet Storm Security Recent Files
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
20:07
»
Packet Storm Security Misc. Files
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
-
-
10:17
»
Packet Storm Security Recent Files
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Tools
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Tools
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
10:17
»
Packet Storm Security Misc. Files
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
-
-
4:01
»
SecDocs
Authors:
Craig Heffner Tags:
router Event:
Black Hat USA 2010 Abstract: This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.
-
-
13:35
»
Hack a Day
[Micha’s] washing machine is equipped with a rather inaccurate timer, so it is always difficult to estimate when the load will be finished. Since it is located in his basement, he hated having to check on the machine continually to know when his clothes were done. Instead of hauling up and down the stairs over [...]
-
-
10:44
»
Packet Storm Security Recent Files
This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
-
10:44
»
Packet Storm Security Misc. Files
This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
-
-
7:01
»
Hack a Day
The Broadband Internet Service BenchMARK is an open source initiative to put tools in the hands of the common Internet user that will make measurement and analyzation of home network traffic easier. It targets LAN and WAN network utilization by measuring latency, packet loss, jitter, upstream throughput, and downstream throughput. Of course gathering data isn’t [...]
-
-
18:19
»
Packet Storm Security Advisories
Aruba Networks Security Advisory - A persistent cross site scripting vulnerability was discovered where an attacker could plant an AP with a maliciously crafted SSID in the general vicinity of the wireless LAN and might be able to trigger a XSS vulnerability in the reporting sections of the ArubaOS and AirWave Administration WebUIs.
-
18:19
»
Packet Storm Security Recent Files
Aruba Networks Security Advisory - A persistent cross site scripting vulnerability was discovered where an attacker could plant an AP with a maliciously crafted SSID in the general vicinity of the wireless LAN and might be able to trigger a XSS vulnerability in the reporting sections of the ArubaOS and AirWave Administration WebUIs.
-
18:19
»
Packet Storm Security Misc. Files
Aruba Networks Security Advisory - A persistent cross site scripting vulnerability was discovered where an attacker could plant an AP with a maliciously crafted SSID in the general vicinity of the wireless LAN and might be able to trigger a XSS vulnerability in the reporting sections of the ArubaOS and AirWave Administration WebUIs.
-
-
6:35
»
Hack a Day
After [Luke] built a suitcase mini-ITX rig for LAN parties he was left with one problem: he didn’t have any speakers and he didn’t want to use headphones. Not wanting to do something boring like a USB-powered speaker setup, he built a PVC Boombox. Built around 3 inch PVC pipe, the boombox houses an off [...]
-
-
10:22
»
Packet Storm Security Recent Files
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
-
10:22
»
Packet Storm Security Misc. Files
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
-
-
13:12
»
Packet Storm Security Recent Files
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
13:12
»
Packet Storm Security Tools
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
13:12
»
Packet Storm Security Misc. Files
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
-
4:54
»
Hack a Day
One of the most fun aspects of a LAN party was exploring the shared files of all the other users on the network. There were people that would show up, solely for the file swapping. That is exactly what this project is about. From the projects wiki, the Pirate box is a mobile p2p sharing [...]
-
-
13:34
»
Wirevolution
I will be moderating this panel at IT Expo in Miami on February 2nd at 10:00 am.
Voice over WLAN has been deployed in enterprise applications for years, but has yet to reach mainstream adoption (beyond vertical markets). With technologies like mobile UC, 802.11n, fixed-mobile convergence and VoIP for smartphones raising awareness/demand, there are a number of vendors poised to address market needs by introducing new and innovative devices. This session will look at what industries have already adopted VoWLAN and why – and what benefits they have achieved, as well as the technology trends that make VoWLAN possible.
The panelists are:
- Russell Knister, Sr. Director, Business Development & Product Marketing, Motorola Solutions
- Ben Guderian, VP Applications and Ecosystem, Polycom
- Carlos Torales, Cisco Systems, Inc.
All three of these companies have a venerable history in enterprise Wi-Fi phones; the two original pioneers of enterprise Voice over Wireless LAN were Symbol and Spectralink, which Motorola and Polycom acquired respectively in 2006 and 2007. Cisco announced a Wi-Fi handset (the 7920) to complement their Cisco CallManager in 2003. But the category has obstinately remained a niche for almost a decade.
It has been clear from the outset that cell phones would get Wi-Fi, and it would be redundant to have dedicated Wi-Fi phones. And of course, now that has come to pass. The advent of the iPhone with Wi-Fi in 2007 subdued the objections of the wireless carriers to Wi-Fi and knocked the phone OEMs off the fence. By 2010 you couldn’t really call a phone without Wi-Fi a smartphone, and feature phones aren’t far behind.
So this session will be very interesting, answering questions about why enterprise voice over Wi-Fi has been so confined, and why that will no longer be the case.
-
-
11:31
»
remote-exploit & backtrack
Could anyone tell me where Can I found drivers for LAN to my Sony ? I was install BT4 on SOny Vaio but LAN didnt work. I search but I couldnt found drivers for LAN and WIFI card.
Please help me.
-
-
18:16
»
Packet Storm Security Tools
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
-
18:16
»
Packet Storm Security Recent Files
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
-
-
10:14
»
remote-exploit & backtrack
Hi everyone,
I've been evaluating ettercap's features in my LAN and now I got a problem that I just can't solve. After 2 days trying to find out what's going on, I finally gave up. So, here I am, asking for a few clarification words. :) Maybe I've missed something. Heh.
My main distro is not BT, but Debian squeeze. I would try ettercap's forum for this issue, but it seems to be "dead". As I believe it's not directly Debian related, the place containing people with enough knowledge on the subject would be here. Hope it's not a problem (and this is the right forum to do so).
I'm running ettercap NG-0.7.3 in Debian squeeze, kernel 2.6.33-amd64.
So, here we go: ettercap's built-in dissectors don't work at all, as it seems to receive corrupt/malformed packets from the network. SSL dissector, which uses iptables for redirection does works though. Strangely enough, if I fire wireshark and start capturing, I can see the packets correctly (and a lot of out-of-order or duplicated ACKs, which I believe is normal.. sort of). Since I used official packages from Debian repo, I tried to compile ettercap myself, with --enable-debug and see if there was any clues about what's going on in its logs. Unfortunately, no. Dissectors aren't fired, never (except for the SSL), and no relevant log entry.
I booted BT4 Final to give it a try. To my surprise, it does works! ettercap sees all packets correctly, dissector works perfectly. Even dissector-dependent plugins (for URL sniffing), like remote_browser works.
Tried the same ettercap parameters with 2 different wifi cards: Intel 4965AGN and a external RTL8187L. Same results, Debian = corrupt packets, BT = 100%. Here is the command line I've used in the tests:
Code:
ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.7/ (.1 = GW / .7 = Target)
Here is a sample packet dump from both distros, with target visiting yahoo (trimmed the log, just the initial packets are enough, as the same behavior occurs in the other packets):
Debian
Code:
Sat Apr 3 00:27:44 2010
UDP 192.168.1.7:38563 --> 192.168.1.1:53 |
.)...........ww w .yahoo. com.....
Sat Apr 3 00:27:44 2010
UDP 192.168.1.1:53 --> 192.168.1.7:38563 |
.)...........ww w .yahoo. com..................fp.wg1.b...+.......:......
Sat Apr 3 00:27:44 2010
TCP 192.168.1.7:39979 --> 200.152.168.178:80 | S
Sat Apr 3 00:27:44 2010
TCP 200.152.168.178:80 --> 192.168.1.7:39979 | SA
Sat Apr 3 00:27:44 2010
TCP 192.168.1.7:39979 --> 200.152.168.178:80 | A
Sat Apr 3 00:27:44 2010
TCP 192.168.1.7:39979 --> 200.152.168.178:80 | AP
LYwArdhObVDnZEZeRFdFiwDvwxmM_j7RiEiWs-; GZ=Z=0.
.
.pt>(function(){
var b,d,e,f;function g(a,c){if(a.removeEventListener){a.removeEventListener("load",c,false);a.removeEventListener("error",c,false)}else{a.detachEvent("onload",c);a.detachEvent("onerror",c)}}function h(a){f=(new Date).getTime();++d;a=a||window.event;var c=a.target||a.srcElement;g(c,h)}var i=document.getElementsByTagName("img");b=i.length;d=0;for(var j=0,k;j<b;++j){k=i[j];g(k,h);if(k.complete||typeof k.src!="string"||!k.src)++d;else if(k.addEventLi
Sat Apr 3 00:27:44 2010
TCP 200.152.168.178:80 --> 192.168.1.7:39979 | A
BT
Code:
Sat Apr 3 00:42:50 2010
UDP 192.168.1.7:52383 --> 192.168.1.1:53 |
Q............ww w .yahoo. com.....
Sat Apr 3 00:42:50 2010
UDP 192.168.1.1:53 --> 192.168.1.7:52383 |
Q............ww w .yahoo. com..................fp.wg1.b...+......."......
Sat Apr 3 00:42:50 2010
TCP 192.168.1.7:40942 --> 200.152.168.178:80 | S
Sat Apr 3 00:42:50 2010
TCP 200.152.168.178:80 --> 192.168.1.7:40942 | SA
Sat Apr 3 00:42:50 2010
TCP 192.168.1.7:40942 --> 200.152.168.178:80 | A
Sat Apr 3 00:42:50 2010
TCP 192.168.1.7:40942 --> 200.152.168.178:80 | AP
GET / HTTP/1.1.
Host: ww w. yahoo. com.
User-Agent: Mozilla/5.0 (X11; U; Linux armv6l; en-us; rv:1.8.1) Gecko/20061010 Firefox/2.0 Midori/0.2.2.
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5.
Accept-Encoding: identity.
Cookie: B=f7kbq9p5qcvg2&b=3&s=nl; fpc=d=ylesXqt4UbE9H..wHoKnfp4gka.8zmm.FUjsr5LvHV3peW86CTzUoQrP6IaBskkW8qSEEpYzUjODh9BWYlo9w5IXHsLfg7sldIc1Yb42bMrXzsLBuLyg0v5oURAaIqKksQP.t_HXCK2N1pZ1RrihsnCsJLy244.qSc0_EZsoj43RSQOeSEJD_Jojekhlg1Qwm7Z2n.M-&v=2.
.
Sat Apr 3 00:42:50 2010
TCP 200.152.168.178:80 --> 192.168.1.7:40942 | A
As you can see in Debian, the packets are likely incomplete or with some "offset", so the dissectors, nor plugins, can correctly parse useful data from it. ARP poisoning is working perfectly, as shown by chk_poison and wireshark.
The first DNS resolution packets (UDP) seems to be OK in both distros, but not TCP ones.
I have no idea on where to look now. Maybe something is trashing the packets before it arrives in ettercap.
If someone have one (or many) ideas to share, I'll be very grateful. :) If more info are needed, please tell me, I'll promptly reply.
Best regards.
-
-
14:18
»
remote-exploit & backtrack
I cant access bt4 final iam stuck in startx my lan n wireless works, i tried using bt3 i cant start a lan or wireless i tried using /etc/init.d/......, unless theres away around this please guide me thanks
-
-
6:10
»
Hack a Day
[Viktor], one of our favorite avid hackers, has been playing around with 1-wire systems all this month. What started out as a MicroLAN Fonera has turned into an iButton interface, to a 1-wire powered hub, and finally a 1-wire character driven LCD. Anyone looking at 1-wire systems or OWFS could surely benefit from his testing.
However, [...]
-
-
6:04
»
remote-exploit & backtrack
Buon giorno a tutti
Avrei gentilemnte bisogno di una mano per l'uso del programma in oggetto.
Sto usando Bt3 in Vmware, e la rete su cui vorrei utilizzarlo è un LAN ed ha una NetMask 255.0.0.0. Quando imposto il parametro e vado alla ricerca degli HOST, inizia la ricerca e dopo qualche secodo il programma si spegne. come mai?
Senza fare la ricerca automatica degli HOST, posso inserire io a mano l'ip della vittima? Ho provato a cercare tra le opzioni e ad inserire il Target ma non succede nulla.
Vi ringrazio anticipatamente per l'aiuto :)
Saluti
Serp
-
14:14
»
remote-exploit & backtrack
hey guys....
i wanna try this setup:
4 pcs connected to getter in LAN
all are pcs victims
and i wanna try to do mitm with ethercap to catch msn,or facebook password (i got permission to do that)
i need help from you guys to do that what exactly should i do ? with all recpect for moderators..and members
-
-
3:25
»
remote-exploit & backtrack
:mad:
Hi Guys ,
I have Windows Vista as my base operating system , then I loaded VMware and then downloaded the BT4 Final release.
My Lan card is a Intel(R) 82567LM Gigabit Network Connection. Then VMware has created 2 VMware Network Adapters.
I have tried the following to get the LAN working in BT4
1.I have tried setting the card to NAT , using the VMWARE program settings
2. Also tried using the custom settings choosing the vmware adapters.
3.tried using the ifconfig commands to assign an ipadress to the card manually.
Surely this shouldnt be that complicated ? What am I doing wrong here, can someone assist me please.
Thank you
-
-
8:53
»
remote-exploit & backtrack
Salve a tutti,
volevo chiedervi una cosa... in pratica sono con 4 coinquilini e abbiamo solo 3 ip fastweb...
quindi quello che vorrei fare ogni tanto è giocare un piccolo scherzo facendo cadere la connessione a uno dei 3 e infilarmi io ^^
é una cosa possibile? purtroppo il router fastweb non è configurabile altrimenti saprei come fare ecco perchè chiedo a voi...
Spero di essere stato abbastanza chiaro... grazie
-
-
22:19
»
remote-exploit & backtrack
I have been out of the loop for about a year now. About 20min ago I installed BT4 on VM player 3.0.1 Everything seems to work fine. Sadly I have been damned to Windows 7 as a host OS at work. I would like to use the LAN eth0 for surfing on the host OS (Windows 7) while I am using BT4 final in the VM using my Alfa AWUS036H 500mW to connect to another AP. For some reason BT inherits the host IP. I take it this has something to do with NAT. Anybody know how this is fixed?
-
-
0:48
»
remote-exploit & backtrack
sslstrip is failing when used in a proxy environment. For example, all the clients on LAN use someserver:8080 as their web proxy. I'm starting sslstrip with the following commands:
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 8080 -j REDIRECT --to-port 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
echo "1" > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 [gateway ip]
sslstrip -w debug.log -k -p -l 10000
Clients hang when trying to use SSL websites. The debug log contains repetitions of:
Quote:
2010-02-04 14:55:47,663 Sending request via HTTP...
2010-02-04 14:55:47,670 Server connection failed.
2010-02-04 14:55:47,670 Retrying via SSL
2010-02-04 14:55:47,674 Server connection failed.
2010-02-04 14:55:47,678 Sending request via HTTP...
2010-02-04 14:55:47,723 Server connection failed.
2010-02-04 14:55:47,723 Retrying via SSL
2010-02-04 14:55:47,729 Server connection failed.
2010-02-04 14:55:47,732 Sending request via HTTP...
2010-02-04 14:55:47,735 Server connection failed.
2010-02-04 14:55:47,735 Retrying via SSL
2010-02-04 14:55:47,814 Sending request via HTTP...
2010-02-04 14:55:47,899 Sending request via HTTP...
2010-02-04 14:55:47,955 Sending request via HTTP...
2010-02-04 14:55:47,964 Sending request via HTTP...
2010-02-04 14:55:47,974 Sending request via HTTP...
2010-02-04 14:55:48,047 Sending request via HTTP...
2010-02-04 14:55:48,059 Sending request via HTTP...
2010-02-04 14:55:48,062 Server connection failed.
2010-02-04 14:55:48,062 Retrying via SSL
2010-02-04 14:55:50,218 Sending request via HTTP...
|
Any ideas what might solve this issue?
-
-
17:17
»
remote-exploit & backtrack
Ciao a tutti,
sono da pochissimo entrato nel mondo Linux installando Ubuntu 9.10 su un vecchio PC (va bene anche se non è una scheggia). Dopo aver passato diverse notti a curiosare e leggere documentazione e "googolare" per soddisfare le mie mille curiosità ho deciso di scaricare BT4 e la uso al momento come LiveDVD. Avrei mille e una domande da farvi, ma per adesso preferisco documentarmi, leggere tutto ciò che trovo a riguardo e fare un milione di prove. Ho già guardato quasi tutti i video suggeriti nella sezione "Tutorial How To" e devo dire che fremo dalla voglia di mettere in pratica tutto. Preciso che il mio unico obiettivo è soddisfare la mia curiosità... a casa ho un mini studio con un portatile aziendale (XP Professional), un portatile personale (XP Professional / BT4 Live CD) ed un PC Desktop (Ubuntu 9.10) collegati tramite router Thomson Speedtouch + un portatile di mia moglie collegato in WiFi tramite router Wireles Alice Vela "moddato". Il danno più grosso che potrei provocare a qualcuno nella mia LAN è dunque scoprire la password dell'email di mia moglie... che le ho attivato io :)
A presto...e questa è una minaccia :)
-
-
8:52
»
remote-exploit & backtrack
Hi Fellaz,
I've successfully exploited various win xp machines on my lan in lab environment using SET and aurora exploit but that is locally, how can these exploitz be used against other side of router on MY remote office pcs (ie.) want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan. if not how can it be acheived?
Pentest office : attack machine ip 192.168.0.8 public ip 96.xx.xx.xx
Remote office different lan: victim ip 192.168.1.9 public ip 92.xx.xx.xx
MY OWN btw victim machine both owned my myself.
both ip addresses differ 92.xx.xx.xx and 96.xx.xx.xx so how to metasploit past my remote router into the lan side.
As stated I own both networks but not Pwnd yet.
Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?
Kind Regardz DEE
-
-
9:16
»
remote-exploit & backtrack
I'm trying to check out some pages to spoof on a LAN and have one little problem:
I've checked in /var/www/ and cannot find the index.html file. LOL...big problem.
Okay, so I have three folders in this location: base, squid-reports, and unicornscan. There are two .php files in these folders named index but no html files.
Please fellas, comment and help me find it!
-
-
9:22
»
remote-exploit & backtrack
Hey,
i bought a Asus WL-167g wlan stick today ! I bought just for the use in Backtrack and i bought it because its in the list of compatible USB sticks for BackTrack. When i start BackTrack3 and go to the "Network Monitor" it doesn't show a network, instead it says "Radio of your wireless card seems to be turned off using an external switch on your computer.
You need turn it on to be able to use wireless networks." i have now other lan device plugged to my pc ! What can i do ??
donfellone
PS: I use D-Lan for surfing, but i disconnect the cable before starting the live cd !
-
-
5:52
»
remote-exploit & backtrack
Hi all,
I know that we could setup web server using metsploit, But I cant access it over internet, its accessable inside LAN but not over the net.. Wondering why...
any help would be appreciated.
-
-
1:08
»
remote-exploit & backtrack
Ok,
I have recently signed up with a new ISP [Sky] and they do not allow 3rd party routers. This would not be an issue if the router they supplied had a greater range than just one room :(.
My proposal is to create my wireless network using my existing hardware connect the old router to the new router via LAN.
New router has the following settings:
ip = 192.168.0.1
DNS = 208.67.222.222 [OpenDNS seems more reliable than their Supplied DNS]
Plan is to have old router on same ip subset. eg make it be 192.168.0.10 with a gateway of the new router.
This setup works.
Now i have disabled DHCP so that each PC/Device has to be manually configured.
My question is this:
If i shifted the new routers ip to 192.168.0.[anything but 1] and setup old router and my devices with this gateway. How long would it take to discover on average the gateway? I know wireshark has a gateway detection tool, is there anything else i need to be wary of?
I know this is my home network and i am probably over thinking here, but if i can hide the gateway from detection easily then surely thats another reason to deter unwanted guests on my network.
For info i am still finding my feet with BT4Final so if the tool is included i may need pointing to it.
I have posted this inthe newbie thread as i am sure that this will have you guys slapping forehead and shouting thats easy - do this.
Thanks in advance
-
-
18:01
»
remote-exploit & backtrack
Hello,
I was wondering if you could possibly help me, ive been reading for hours each day about deiver,chipsets,wireless lan cards etc ive done a search on the forum but to no avail, here goes..
I have an
INPROCONN IPN2220 wireless lan card.
And a
Realtek rtl8139/810 family fast ethernet NIC.
and pcmia adapter is
Texas instruments PCI-1410 cardbus controller.
Inside a toshiba L10 pro satellite.
Ive downloaded vmware workstation 7, backtrack 4 vmware image and aircrack. what i want to know is does my wireless lan support packet injection and monitor mode in windows? If not, does vmware support my wireless lan so i can inject packets in linux?
Thanks in advance!:):)
-
14:12
»
remote-exploit & backtrack
Hello this is a great thread. Probably one of the best i have seen so far. I am looking for a notbook to install backtrack 4 and all the other software that i will need. wireshark, cain and able and all the others if there are any. I have been watching
youtube videos to learn all what i need to do. Im now learning some basic linux books and what not. I am plaining on going to backtrack 4 Security Training. I want to be a ethical hacker. Im not going to cause problems and steal information. My goal
is to just see if i can do it. Have fun with this software.
I dont wanna to use VM and i dont want to use a cd to run backtrack. I would like to just install backtrack 4 to my laptop.
So i am looking for a notebook thats powerful enough to run these tools..I like the Acer line. Aspire® One 751h - 11.6"
here are the specs.
AO751h-1196 Genuine Windows® XP Professional ; Intel® Atom Processor Z520; 2GB DDR2 667 SDRAM; 250GB hard drive, multi-in-one card reader; 11.6" WXGA (1366 x 768) TFT display, Acer® CrystalBrite Technology; Intel® Graphics Media Accelerator 500; 802.11b/g WLAN, Bluetooth®, 10/100 LAN, webcam; sapphire blue chassis; six-cell battery; one-year limited warranty
What i have been reading so far is that i need xp not vista or 7. Is that correct? XP is the way to go for ethical hacking?
also can you tell me if this notebook work with backtrack4? I notice that some people on here say i need a nvidia graphic card? Is this correct? I hope not because that means i will have to look for another notebook
could you help a noob like me out so i can get started
thanks
I think there should be a sticky for noobs just starting out on what type of gear they should use instead of how to..just my two sence :)
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant