Gianluca

Hi guys, On my blog I wrote a post about MitM attack using SSLStrip + arpspoof. It's in Italian so I don't know if u can undestand: http://www.gianlucaghettini.net/intercettazione-traffico-https-e-recupero-dati-sensibili/ Other than the actual attack (which is very well known) I focused on the HSTS policy and how it is useful to prevent such attacks. Do you known any successful attempt to break such security policy? Poisoning the DNS cache of the target host could lead to a scenario in which the target browser goes to a fake domain, receive a forged HTTP header with a max-age value of zero: Strict-Transport-Security: max-age=0; includeSubDomains and then get redirected to the real site. The HSTS RFC says that browser SHOULD ignore the HSTS header when in HTTP mode but maybe this very specific check was not implemented on all browser.

Hi guys, I'd like to use my acer aspire one A110 (the one selled with linpus OS) as a wifi adapter for my Xbox360. I mean, I want to redirect the adsl connection I get from the wifi to the ethernet card of the acer aspire one. The Xbox360 is connected to the aspire one via ethernet cable. I'm pretty sure that this is called bridging mode. Do I need some special utility to do that or it can be done with some iptable trick? How to do that? thanks!!

ARP poisoning redirects hosts in the same network (used most of the time to perform man in the middle attacks), what u mean is dns poisoning

metasploit is a good choice also, check out the pineapple (here). It can trick other computer wifi card to associate to your pineapple instead of the legitimate AP, then you can do whatever you want, some MITM attacks and so on...

LOL it IS definitely pr0n... if not, why so much dedication? :lol: :lol:

if you're targeting a specific user the 70-75% success rate may be not enough (there is a 25-30% chance that it is not enough :P :P :P ) but if you are just collecting random accounts that's very good.

yep, cloning sites means phishing = illegal but creating new services is absolutely legal... as you said, no need to be in the same network and no need to be in front of the computer too! just wait for the passwords to show up in your remote log file...

naaa.. just write the login page of the web service! :lol: and of course, if u try this over 100 people, you get on average 70-75 facebook and email accounts... not bad IMHO. the more users the better because the effort-per-account decreases very fast

add some bias to your brute force search! You MUST have some clue about your password. It was a random 18 key ascii password? I don't think so... or you're another rain man... joke! If you are spanning the entire ascii space you'll not see the end, even with password key length = 8 but... in the meantime, have u changed gf? If so, what's the deal? another tip: I don't know exactly but if the zip file includes the hashed version of the password (to detect quickly the wrong passwords, for example), grab the hash, identify the hash function (from the zip specs) and try some rainbow tables. It's much faster than brute forcing using the zip file api functions because u can use some serious reverter like rainbow-crack or cuda, not thoose shitty zip file recovery programs.

that's weird. Is it really true you can't even remember the resemblance of that password? (some character, the meaning at least). Does it was a completely random password? I think that would have been better to exploit the OS information leaking. I mean, to create a dump of the entire laptop disk drive and brute force the zip password against it (offsetting the candidate password byte by byte and using multiple lengths). In some cases OS paging can help you to recover lost passwords...

this is old ok, but that's my 2 cents: create a completely new web service online (online dating, gambling, fake sms free service, free calls, something NEW) with a username/password login page. Convice him/her to register on that web service (you have already done it ok? you know how cool this service is... :) :) :) ). There is a 70-75% chance (here the study) that the password he/she entered is the same as his/her facebook or email account. You are the admin on that server so you can store the password in clear and get it as it is. not bad, uh? :)

Information leakage is everywere, it's almost impossible to avoid it. The best I can do is to centralize all the confidential data in a very secure host (linux based of course) and use 2 other spare xp PCs for gaming, non-critical web browsing etc etc... (I don't mind if I get viruses on those 2 PCs) Keepassx database stores all the passwords and an encrypted truecrypt volume store the personal data. One single master password unlocks the keepassx db and in turn all the other stuff. Every now and then I print on paper the keepassx password db in base64.

Oh, sorry guys.. maybe I need to sleep :) But I think we didn't understand what Antonio really wants. He wants to discover a WEP key without asking the owner for it and without having phisical access to the computer on that network, so this is a tipical case of WEP cracking :) Maybe in Antonio's point of view the word "crack" just means keygen or other stuff... IHMO

So, this is my solution to the problem: - download backtrack3 and burn it on a cd. - buy a sitecom wl-172. It's a wifi usb stick with the ralink chipset RT73. I have one of these beauties and it works perfectly in monitor mode and with kismet. You can buy it for 25 euro in Europe (I think 20$ in the USA) - throw away the cd that comes with the usb stick. It's full of useless windows-shit :) - boot your pc with backtrack3 - read this tutorial and follow the istructions: http://ryanunderdown.com/2007/02/12/cracki...sing-backtrack/ - send me a gift. NOTE: Be careful when cracking WEP networks... It's ridiculously easy to crack WEP but the conseguences may be not so ridiculous. Think mcfly, think!

the chances of this are very low. It's far more likely to be run over by car in a sunny day :) this holds because (you must have the same ISP of the spammer's one) AND (you must be an hak5 fan) AND (you must log in on the same day) AND (you must be very unlucky :)) However you're right, IP ban is the last resort when fighting spammers. Indeed, I've always logged in forums without any problem.

Yeah, that's true. However, an automatic and istantaneous IP ban forces the spammer to request another address from the ISP, a very annoying feature that slow down the spamming. (IMHO)

Here we need captcha and a blacklist to avoid unwanted words.

Ahahah.. long answer full of quotes means "I don't want to admit you're right. People says the same things but I still don't want to admit it". Microsoft itself admitted that vista is a joke that no one wants (said it in other words of course). Ask google if you don't believe me. I'll not answer you anymore. bye.

Shut up dude, this is the truth. I think u are a windows user, maybe the so common brainless vista users... this is very sad...

Every now and then I use social-engineering in quake3arena, when I play online with other people (especially when I'm bored of the game). When I'm facing an enemy player I switch to gauntlet; He/she can't resist and switchs to gauntlet too, then I suddenly switch back to my weapon fragging him/her (most of the time).

In the late 80s, kevin mitnick social-engineered mostly in bars and pubs. Now I suspect he has some special "feature" inside his t-shirt... :P

xp is far better than vista, there's no doubt about it. But windows users are always forced to move to the newer OS, so they have no choice; if the world around you is using vista you cannot continue to use xp. The only way to avoid this is to change world and become a linux or mac user.

I'd like to point out this: when a vendor doubles the price of a product and at the same time halves it claiming to sell the product with an awesome discount, he's social-engineering you!

Mmmm, try to answer to yourself by reading all the previous posts of this topic... not just the last one of mine

The usb type you refer is the U3 (http://en.wikipedia.org/wiki/U3). U3 compliant usb sticks can appear like cdrom drives so winXP launch the autorun function without any interaction with the user. The sandisk cruzer micro is one of these.