stanni

As I said I'm running Ubuntu 10.04 64bit as my host OS and I seem to have fixed my problem. Turning on AMD-Virtualization in my hosts BIOS settings seems to have done the trick. Thanks for the input you both gave.

For the ease of use basically. It's much easier to boot BackTrack in your main OS than having to reboot into each other every time you want to switch.

Hi guys, I'm running Ubuntu 10.04 64bit on my host machine. I've installed BackTrack 4 within VirtualBox and it boots and runs suspiciously slow. The boot time is roughly 3 minutes. The specification of the host machine is 2.1GHz dual core AMD 64 processor, 3 gigs of ram and Nvidia GTS 250 GPU. I've assigned 1 gig of ram to BackTrack which should be enough. I've tried numerous Google searches to find other people with the same or similar problem but to no avail. Would the problem be that I'm using a 32 bit guest on a 64 bit host maybe? I've ran BackTrack with VirtualBox before inside Windows 7 and it has run much better. If you need more information about my set-up just ask :)

Thanks man :)

Hey, I’m quite new to Linux and I need to know how I get to a different drive on Linux in the command shell. For example, if I want to run a file and specify a file for it to use that is on the sda1 drive, how do I do that? Thanks, Stanni

Hey, yet again, I am experimenting with the air-crack-NG suite, love it. I have started to learn about airbase but I am finding it difficult to get much helpful info about using it. So far I know how to setup a fake AP on my wireless card but that is about it. Here are a few things I am stuck on... Firstly, I understanding I have to connect to a legitimate AP to provide internet access to the fake AP but I don't know how to do this and do I need to use a second wireless card to do this or can I do it on the same card that has the fake AP running on it? Secondly, when the above is all setup do I just send out an de-authentication attack with aireplay and the target client(s) will just reconnect to my fake AP? Thanks, Stanni

Yes, I did some Google-ing about the episode and yes they did get legal advice on whether it was OK, lots of people have said it is still illegal what they did though. But as you stated, I don't think they will get in trouble for it, they are a massive company after all, they will have great lawyers LOL.

Hey, Just watched a BBC program about hacking and security and the main topic was about bot-nets. I thought at first it would be pretty crap but they actually went and bought a bot-net themselves which contained 21,000 bots. They also showed 2 examples of what it can do, firstly by making all the bots send spam to an e-mail account they setup and secondly doing an DOS attack against a website and shutting it down. At the end though, they changed background images on the computers of all the effected owners to an image telling them what has happened and how to protect themselves against it and then destroyed the bot-net by sending a message to all the bots to remove the Trojan of the PC. If you want to watch it here is the link: http://www.bbc.co.uk/iplayer/episode/b00jc...ick_14_03_2009/

Nice one, thanks :)

Ok guys forget my first question, I think I just figured it out. It looks to me like when a computer has been to a website before it remembers the IP and so it doesn't need to send a request to a DNS server asking it anymore. Well that sucks, first of all is this true and secondly is there a way around this? Thanks, Stanni

Hey, Has anyone noticed that when you are doing an MITM attack with Cain and you use APR-DNS to redirect targets to different websites it is very buggy. I say this because it doesn’t always work. I create a redirect for both "example.com" AND "www.example.com" to go to "www.another_website.com" but most of the time it doesn’t do anything and other times it just displays "website could not be found". Does anyone know if I should be doing something differently? Thanks, Stanni

I have my card in monitor mode and I am using BT3 so I assumed it came with scapy. Also I believe it is because I am trying to get it to work on an encrypted networks. It works OK on open networks but for airodump to sniff encrypted networks it has to be in monitor mode and I can't connect to encrypted networks when I'm in monitor mode. Also can I ask what this bit of code does (whats the info in wifi-01.cap it is using)? airodump --write wifi mon0 python wifizoo.py -c wifi-01.cap Thanks, Stanni

Ok, Wireshark sees traffic that is going to and from the computer it is running on but when I view a web page on another computer it doesnt see anything. I take it we found the problem?

Erm no I just connected to the network, I thought that was enough. I can see I am going to look stupid in a minute :s

Hey, I've wanted to have a play with wifizoo for a while and I have just got around to doing so, but I’m having some problems. All I have done is connect to the network and fired up wifizoo with this command: ./wifizoo.py -i eth1 It then "initialises" and I can then view the local webpage for it at "127.0.0.1:8000". But the problem is it won’t capture anything. In the web browser it always says "No information was captured yet" and on the shell window it is not displaying any information either. Have I missed something? Thanks, Stanni

Hmm, I’m not sure you quite read it correctly, there are 3 web sites on total, firstly the link takes the user to my website which quickly redirects him to the "something interesting" website when the php script sees the page viewer has come from the website we are attacking. Then when the user clicks the back button he comes back to our website but instead of being redirected again to the website he just came from the php code she’s he come from the "something interesting" website and does nothing so then the next thing is the iframe loads. Ok so how does the password get captured? because the iframe sent him to the logout page of the website we are attacking he has to log back in. (ok this might look a bit suspicious that he got logged out, buy oh well it will work on most numptys). So he guys to the top of the page and types in his credentials and clicks login. What happens now is that his credentials are taken to the login page within the iframe with the method "post". so we put some php code in out page to capture that, like so. ***** $password = $_GET['password']; $username = $_GET['username']; ***** then we save these variables to a sql database. Simples :)

Hey guys, I just thought of a neat way to capture passwords of people from websites here is how it goes... Ok so in this example we will get passwords of people on a forum. First off register a domain that is similar of that of the website you won’t to attack. Create a post on the website we won’t to attack telling people to go to "www.something-interesting.com" Then create a page to go onto your website you just registered that is an iFrame at 100% x 100% with a little bit of php code that does this: ****************** If the user is coming from the domain "www.website-we-are-attacking.com" then send them to www.something-interesting.com OR If the user is coming from www.something-interesting.com do nothing and let the iFrame load. ****************** Ok so here is how it works: 1. The user clicks the link to your website and it redirects them to the other website with something of interest on it. 2. The user then clicks the back button thinking they will get sent back to the forum website. 3. The user is now on our website, also what we do is make them logout by making the iFrame load www.website-we-are-attacking.com/logout.php" or whatever it is for that particular website. 4. This is the clever part. What we need to do it capture their password when they log back in. First off find out what the password input box's name is most probably "password" then capture it with a bit of php and store it in a sql database, also you will won’t to capture the username as well so you know who the password belongs too :P Please give your feedback on this, I hope it hasn’t been thought of before or I’m going to look stupid lol. P.S. I have a perfect website in mind also that this would work on as links don’t open up in a new page and to logout on their website its www.their-domain.com/logout.php

Hey, I recently got into python and have found it an awesome language to work with. I want to start to make GUI's for my programs so I did some google-ing and decided that Glade would be my best option. I know have Python GTK+ and glade all installed and running. I have started to build my GUI and it is coming along nicely. Whats really bothering me though is "compiling" my program. I presume I have to combine the .glade file and the python file which tells it what to do with the user input from the GUI together and make an .EXE file? I can't find any information on how to do this in Windows, some help would be awesome. Thnx

Hey, Just got myself a hardware key logger of ebay, there great, not sure how i'm going to use it yet though :/ Has anyone else got one of these and where do you use it?

Here ya go: http://wiki.hak5.org/wiki/Internet_Connect...mit_Der_Jasager

http://www.heise-online.co.uk/networks/A-n...s--/news/111714 In his blog, Fon founder Martin Varsavski has announced the newest version of the "La Fonera" mini router. Distribution of this new model is being restricted to developers for the time being. Dubbed the "Liberator", it now comes with a USB 2.0 interface allowing the device to make peripherals such as webcams, scanners and printers available across the network. The main objective, however, is to connect USB storage devices. File sharing is already working in beta via Finder for Fonera 2.0 for Windows and Mac. The developers are already working on other applications such as a backup client, a modified version of the Azureus BitTorrent client, and on support for external UMTS modems. The new functions are still far from production-ready. The Fon wiki contains a long list of to-dos that have to be completed before the firmware, which is based on the open-source distribution OpenWRT, is considered mature enough for end-users. It doesn't take much to push the hardware to its limits, either. It seems that the USB interface cannot supply enough current to power some devices. Fon therefore recommends plugging it into a USB hub with a separate power supply. The next step will be to design a faster WLAN interface and to make it draft-N capable - but that will take a while, says Varsavsky. The first 1,000 units of the Fonera 2.0 have been reserved for developers at a cost of just under €40 each, plus delivery. It remains to be seen when the Liberator will be available to the general public via the Fon Shop. The business model being pursued by Spanish company Fon is based on building a global network of WLAN access points operated by private individuals. The key to this model is the special hardware. Fon users can connect the compact router to their DSL or other modem at home and so provide internet access to others via their system. In return, these "Foneros" receive free access via systems operated by other members of the community. The company claims that there are now already 1.1 million registered members, operating more than 400,000 access points. Unofficial statistics from Germany put the number of operational Fon routers there at over 26,000. Update Since this story was written, Fon has stated that the new router still uses the same single-chip device as its predecessor, the Atheros AR2315, running at 180MHz with 8MB of Flash. (Thorsten Kleinz)

Ahh, ok

This interested me also, i'd like to have a go. Btw, it has been posted already http://hak5.org/forums/index.php?showtopic=10372

How does the ISP e-mail you? Do they monitor you internet usage to see what e-mail service you use then send you through that? Also what if you don't have an e-mail address?

This really makes me mad, the problem is that the police 99% of the time, have no idea what there on about or have any intemediate knowledge of computers. Also I think DarkBlueBox' idea is good.