Jump to content

arcane

Active Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by arcane

  1. You could do a simple ping scan: nmap -sP 198.168.XX.X/24
  2. You could also try: nmap -A 192.168.56.103 Sometimes it will hint what OS it is under service info. I think it queries mdns to get information unlike a regular OS scan which requires ports to be open in order for it to work. If there is no information on the service info line, it is probably Windows.
  3. I do this exact same thing to remote into servers. I have always used local port forwarding for my vnc and remote desktop connections. So you may be able to do it with remote forwarding, but I have never tried it. You have: ssh -L 5900:localhost:5555 ubuntu@ec2serveraddress.com I think the ports should be reversed and destination is not localhost but your server. So, it should look this: ssh -L 5555:ec2serveraddress:5900 ubuntu@ec2serveraddress.com Since we locally forward port 5555, we can access vnc using: 127.0.0.1:5555 in the vnc client As an fyi, ubuntu@ec2serveraddress.com does not have to be on the same server, but needs to be able to access the server you are trying remote into As an other side note, ubuntu server does not have a gui installed be default
  4. The NDP poisoning is something I did not know about and now have something to experiment with :) I am surpised there is not a lot of ways to perform this attack.
  5. I was wondering if there are more different ways to perform a man-in-the-middle attack besides arpspoofing, arp flooding, dhcp exhaustion, fake access point, dhcp server and a physical bridge?
  6. I recommend what Infiltrator said. But for curiosity sake there are two tools that can do exactly what you were your describing. They are TSgrinder and TScrack. You would have better luck exploiting remote desktop then bruteforcing a password with these tools.
  7. Make sure ip forwarding is enabled echo 1 > /proc/sys/net/ipv4/ip_forwarding
  8. The most critical things to encrypt is your home folder and the swap partition. Whole disk encryption with truecrypt on the Linux platform would be perfect, but it is not supported. You might be able to move /boot to a separate partition and encrypt everything else. It may work but I have not tried it. I would also make sure the computer locks out automatically.
  9. Dsniff, Urlsnarf(part of Dsniff suite), Driftnet. There is also Xplico.
  10. I get the same thing when I try to sniff packets with wifi. Home routers act more like a switch then a hub. Try arp spoofing and see if that works :)
  11. You can run netcat behind a NAT and connect to it using metaspoit from the outside world. You can get someones ip address from email headers or IM, but that is there public ip address. Getting someones private ip address from the internet (WAN) is a bit tricky through.
×
×
  • Create New...