Rifts
-
Posts
23 -
Joined
-
Last visited
Posts posted by Rifts
-
-
Ok, SSL Certs in browsers are verified via a 3rd Party. Usually Verisign. The only way to make a cert come up green and valid is to also spoof the verification of the SSL cert. But here inlies the problem. The public keys for those sites are installed in browsers by default and will not accept any false verification site. So, to make this a complete hack, you have to:
1. Replace the public cert that is installed on the targets browser with your fake verification cert
2. Set up a fake verification server
3. Generate your key so that the fake verification server will validate the request.
Oh yeah, and not all sites certify through Verisign. Possible, definitely. Worth the effort?, maybe. Difficult and extremely targeted, absolutely.
I don't mean to scare you away from this project, it is actually one that taught me a lot when I had the same question. I suggest VMware and a weekend dedicated to the project.
Good luck.
hummm so would i even start to do this
-
Hey dumb noobs (if you dont even know what noob means just leave) before posting on here and asking stupid questions about loading pocketknife to your USB or asking why VNC asks for a password please start at PAGE 1 and read ALL of the forum. I guarantee you will find the answer you are looking for (even though you don't deserve this well created program.)
Peace
www.how2stalk.com
Maybe I don't feel like reading though 21 pages to find one answer? 21 pages x 20 posts per page = 420 posts
anyone can someone explain why pocketknife is suppose to set up a password but then when i try to vncvewi into it it says no password can not connect
-
that didnt really help
-
well okay, so you cracked your WEP. whats next? well ill tell you what i would do.
if you're like me, you probably want more than just the internet.
so i open up a command and type in ipconfig, if on windows,
or ifconfig if on linux. there you will find the gateway, or router location, and the net mask)
most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask
so i head on over and open up Firefox and type 192.168.1.1 in the URL
here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet.
thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc.
Next I would open up ettercap's GUI if on windows or linux
(in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)...
next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are)
next i would open up a terminal, or if on windows the nmap GUI (zenmap).
id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts.
(if on linux id type nmap -sS -vv -O 192.168.1.1/24)
you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are.
heres an example of what it should look like (or similar to):
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) Interesting ports on 192.168.1.3: PORT STATE SERVICE VERSION 21/tcp open ftp 25/tcp open smtp 80/tcp open http microsoft IE 445/tcp open microsoft-ds 1025/tcp open microsoft windows RPC
great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services.
I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover.
Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background.
Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present.
Hey thanks so much this helped a lot, im glad to see that I have been going in the right direction. I've messed around with ettercap and ARP poisoning its pretty cool, I have also tested out netdiscover
I tried using metaspolit but it doesnt work cuz none of the attacked worked i guess everything i try is patched
i dont really know
but thanks again for the amazing post
-
Can someone help me out with my problem? It's occurring with two sandisk 2gb u3 flashdrives.
thanks
its because there is no go.vbs file in the system folder. also this has nothing to do with auto run
-
wtf, it's probably because you are using a vm? or maybe you overcloak your pc? That happened to me too, and i just undercloaked or made my pc normal
well after 3 hours of trial and error and lots of guessing i finally got everything working! yay except VNC haha
-
Keylogging feature is currently broken this version.
aww dam alright what about VNC
-
alright well i finally got everything running
the only problem is with VNC, when its silently installing two boxes pop up about default password which makes it not so silent
also then when i go back to my other computer and try to get on i input the IP and click connect and it says "unable to connect there is no password" but pocketknife says there should be?
and lastly after how long or what size file does the keylogger start to send files? cuz I havnt recieved any in my email
and yes i set it up
-
can someone help me
i dont understand what just flash and go means
i jsut got a new U3 USB cruzer and im trying to install this can someone please explain thanks
-
well i figured out how to get the files that wouldnt write on
but now it does auto run shit and i have run the LPInstaller 2 times
-
after i run LPInstaller for my usb and try to put on the payload most of the exes wont copy i dont understand why, the error says
access denied:
make sure the disk is not full or wirte protected or in use
it is no of these
what the heck is preventing this from copying
-
dont bother
? why not
-
i just opened my brand new scandisk cruzer micro
i tried to install switchblade but all the files are hidden even if i change my folder options to see them i can not.
anyway im having problems install/setting this up.
do i need to remove the folders/files that came with my flash drive or no?
and can someone give me or link detailed instructions to installing pocketknife or switchblade
thank you very much
-
I just got my SanDisk 4gig Cruzer Micro and I want to test out a usb hack specifically switchblade
anyway my question is this:
Can i just extract the payload to it or do I have to do some weird stuff with formating it or something?
thanks
-
i recommend using the console end of metasploit instead of the GUI. and I also recommend learning how exploits work/what each exploits do as well. just to broaden knowledge rather than
click type root
hope you have a good learning experience!
Thanks for the tips feel free to throw out any more tips im just trying to learn as much as i can
-
yah ettercap is pretty cool ive been messing with that, ill check out metasploit today =]
-
yes
steal the real one
?
-
O.K. bare with me. This is kind of an in depth question, and i'm going to try and ask it so it follows the rules here =]
I cant go into much detail without breaking any rules but if you think you know what i'm talking about feel free to PM me.
Here it goes:
After successfully cracking my WEP key I booted up ettercap (not going into anymore detail about that) except I successfully "poisoned" my shitty old laptop. Now when i'm on the "poisoned" laptop and try to log into any site (we will use facebook as an example) a security certification warning comes up. This is obviously suspicious, if i click accept and/or continue, etc. then the username/password is send to me like it should. but having that security certification is a problem.
so my question is: is there anyway to "spoof" or do something to trick the computer to think its the real site and not send a security certification.
I hope this makes sense.
Thanks
-
Try cain and able.. I will have to research some tools for linux, but i know that others on this forum will have that information.
edit im a moron C&A is for windows not linux
-
Now you get Nmap or some other sec software and play around. Iron geek has a script to try and brute force windows passwords over a network, LINK. I started playing with damn vulnerable linux and i must say it is a challenged but it is worth it.
There are other things as well. Say, hypothetically, you crack a department stores WEP. Now you have access to their intranet where many store documents are located.
i cant figure out how to get the local-name when using smbrute
-
So after a lot of reading I finally cracked my first WEP key. So I guess my next question is what is next? Whats the point besides using the internet? Yeah there is my other computer on the network with a password so even if I try to go into My Network places> view work group computers I can not see anything since it asks for a user name/password.
so whats the point? I cant even get the IP of my other computer
what do you guys do
-
nvm found answer please delete
USB Pocket-Knife Development
in USB Hacks
Posted
can you please get the keylogger working