aeturnus
-
Posts
65 -
Joined
-
Last visited
Posts posted by aeturnus
-
-
You are already MitM, why do you need to use ettercap? Just sniff the traffic with ferret, tcpdump, wireshark, network miner.
How about to perform filtering actions on the traffic?
Does Kamikaze have something to do something like ettercap's filtering?
-
If you've got a permanent web connection you may as well just stream it all out and then capture it with tcpdump or wireshark on the other side.
I suppose capturing it and sending it out in packets would reduce the wifi noise as you could set it up to only connect periodically, maybe when it is running out of disk space.
This is essentially what I did for my client when this device was requested. I just set up shfs and had tcpdump save the output at a remote location. My client wasn't too concerned with network egress monitoring, and he didn't want everything, just a specific protocol from a single target.
-
Offensivecomputing.net has a rather large selection of malware.
-
I'm not sure what 'RSA certificates' refers to.
A passive attacker (that is some one who is listening) cannot decipher the key generated by a (properly implemented) DHE despite seeing all communication. So, if you where communication with a medium that could be listen to but not intercepted (the Internet does not meet this criteria) you could reliably use DHE for generating a session key. For example, if you had a long distance radio communication system, any one could listen to it but it would be very difficult to intercept.
I apologize if English is not your first language; it's not mine either. But it's very difficult to understand what you're trying to say with improper words being used and terrible grammar.
Again though, I think we're on the same page, generally, we just disagree over the terms.
How about I combine it with java applet?Can it secure my website?
Sure. That would be a similar case. It would be easier to do this via HTTPS, but if you're gung-ho for Java* solutions: go for it, it's possible.
-
This is vulnerable to been intercepted, the attacker pretending to be the client to the server, then turning around and pretending to be the server to the client. Only a passive attacker would not be able to intercept this.
Well sure, you can intercept it, that's why no one uses DHE by itself, but follows it up with RSA certificates. I'm not quite sure how a passive attacker could not intercept this sort of traffic, but that's neither here nor there. I'm sure it depends on how you define passive and across what medium the exchange takes place.
Nonetheless, if you're interested in this topic, I'd really recommend the books I listed earlier ( Applied Cryptography, Handbook of Applied Cryptography ) as they both cover the topic pretty well ( I have my biases and reservations for both, but either should suffice). Or the O'Reilly book called...something like, "Network Security with OpenSSL", covers the topics rather briefly but has useful code examples if you're wanting to roll your own SSL solution.
-
If using Javascript to encrypt it before sending, and someone is sniffing the data capturing the encrypted payload plus the javascript itself that encrypted it, wouldn't it be easy to script a decrypt from the payload and original encrypt script?
I have this odd feeling that you've never read the details of how a DHE exchange works.
And Sparda,
That's true, you'd have to distribute the certificate to every user that you'd want to use the site. The OP didn't make any mention of how many users he expected. I know that for my work, the "trusted" CA's aren't trusted enough, and we have to use a method of distribution similar to what is described here (although, we don't play around with doing it in Javascript and PHP, we use industry standards for the negotiation of the protocol).
-
You can't reimplement SSL without been a valid CA. You can absolutely create a SSL certificate your self, just no ones browser will recognise it as been a valid one without it been signed by a CA that the browser recognises. A self signed SSL certificate connection is as vulnerable to MITM attacks as a plaintext http connection.
Your post is basically unintelligible. But I can try to surmise what you're trying to say, so please correct me if I'm wrong. Without the client being able to cryptographically validate the server's certificate, the connection can be MITM'd by someone presenting an invalid certificate.
Right, that's essentially how that sort of thing works. You can, however, create your own certificates and install it as a trusted root on the client machine through some other secure method. Given the OP's original constraints, this seems reasonable.
-
I think this somewhat mirrors what someone else said earlier, but really language is irrelevant for the most part. If you're going to write software, the design is much more important, the language comes secondary. So in your case, it really just comes down to what you want to do or what you want to learn.
If you want to make easy GUI's and not worry about platform, try Java. If you only want Windows stuff, the .NET languages are great. If you want to be more low-level or work in the kernel, you'll use C and assembly. And whoever suggested MIPS to you probably doesn't know what they're talking about. Your system probably runs x86, unless you're planning on working with embedded devices, then by all means check out MIPS, it's a lot easier to play with. And the byte-code is easier to remember and disassemble in your head. But that's beside the point.
Web apps are full of great languages that are all pretty much the same.
If you decide on a language you want to try out, tell us-- I'm sure providing tutorials will be easier that way.
-
I don't really see what the argument is though...PHP is not encrypting anything other than what it stores on its side as a satled hash or file, whatever. Its not that it can't encrypt files, its that in order to do that, you have to send the plain data to the server first, and if that communication isn't encrypted via SSl or such, its open to any one sniffing the line.
The answer has been given several times now by Sparda. Unless the communication is on a secure channel, like SSL,TLS, etc, then all information is transmitted is in the open and anyone sniffing the communications can capture it and resend it, replay a captured packet later on. Even if the server encrypts the data, you still have to be able to send it to the server before it can encrypt it, and that info will be sent in the clear. If using SSL or a variant there in, all your traffic is sent securlty between you and the server, encrypted from prying eyes. There is also Internet Key Exchange (IKE or IKEv2) communications between two networks but I think that requires a special setup on the web server itself and I'm not sure if that encrypts it more than it is just an authorization service.
No one's arguing against your ability to sniff cleartext, digip. I believe the suggestion was to use Javascript to encrypt the data before sending it to the server.
Sparda,
The method for the determining if the certificate is valid or not would be the same regardless of whether or not you use the SSL libraries. Your operating system has the trusted CA cache, why can't your home-brew method verify against them?
I don't mean to insult anyone's intelligence, but I think the problem is that there's some confusion between implementing a protocol and that protocol "being encryption". SSL is a set of protocols. You can re-implement those protocols in another language without using pre-made libraries and they will act just the same. You don't suddenly lose the ability to verify RSA certificates by using your systems trusted roots just because you choose to not use mod_ssl.
-
So if its not the case then, would you like to show us the research?
Because when they announced this research it was pretty big stuff, so much so that we weren't even told what the talk was about until about an hour before, all we knew before was it was about attacking a piece of critical internet infrastructure and that Jacob said that it would be at the end of his presentation on the Cold-Boot attack.
The attack you're talking about was one way, and it relied on a lot of tech. I'm suggesting that there are possible other ways to fake a trusted CA, maybe not involving lots of tech. Perhaps breaking into the building where the information is stored. Or perhaps there's a publicly unknown break in SHA-1 that people are currently using to keep themselves afloat in a struggling economy.
Although unlikely, those avenues are still possible methods of pursuit-- and before the MD5 break a few years ago, I'd probably say they were all equally likely.
So you're saying there's no possible way to MITM an SSL stream? Yeah, that sounds reasonable, sure. [/sarcasm]
It isn't possible without setting up an entirely new version of SSL that incorporates approved CA's. ... and useless information...Sure, I'm saying the OP could do the math himself. After all, we're all big boys and girls here and we can all read Applied Cryptography, the Handbook of Applied Cryptography, or hey, maybe even the OpenSSL source code.
-
People really shouldn't chuck that around, because unless the rogue Cert was created before Jacob gave his talk its not going to happen now, it was be a statistical fluke bigger than the winning the lottery.
Well, you're assuming that the only way to create a rogue CA is to use a bunch of PS3's playing with MD5 and hoping you get the right information from the CA.
And that's simply not the case.
That is sort of off-topic, though.
If the OP really wants to do this all in PHP and Javascript, I don't think we should tell him it's not possible. He could perform a DHE exchange that way and incorporate RSA certs, effectively doing the SSL without using the SSL libraries. Or use a salted PSK, or many other ways. I think we've all clearly suggested that using SSL is the superior plan of attack, but if he really doesn't want to do it, shouldn't we be suggesting options that fit his requirements?
-
SSL is all about stopping MITM attacks. At the point the user is presented with a "cannot verify certificate authority" error it becomes a case of user unawareness. JavaScript can not offer the security SSL does.
That's of course assuming that the attacker didn't create a rogue CA, or recover the private key of a trusted CA. I agree with you and stringwray that a Javascript solution does not provide the same level of security as a full, properly configured, SSL session. But, at the same time, the OP doesn't seem to be too concerned with security and it would fit his requirements.
PSK fails to work with multiple users and the requirement that good passwords means passwords are regularly changed.It doesn't fail, it just becomes more difficult since the admin has to do more than just set a domain policy and wait for angry users to call. But of course, you could implement the policy features yourself, server-side, that checks for the requirements you're looking for.
-
No it isn't. You can capture the md5 and send it again.
Well, the OP could create a shared-secret using a PSK and Javascript to create the level of security I think he's looking for.
-
If it's still working it's not a DoS attack.
Well, it's possibly a failed attack, especially since the OP said that each packet is a few seconds apart.
Are you getting more than the SYN? It's likely something more than someone playing with spoofing his IP if you're getting more than the SYN. If it's bothering you, you could always report it to the ISP.
-
Thank you for your generous replies =).
I'm sure I can't speak for everyone, but from me: Np, glad to help :)
-
I know usually you don't like to answer these questions but this is nothing malicious I just want to know the easiest was to obtain the password for a router because moved into an apartment building that has wifi included but would like to open a port so I can use torrents. so if anyone can help me does this I would appreciate it.
I'm sure this has been answered somewhere else on the forums previously. But, it really depends on the router and how they have it configured. Just as a starting point, what ports does it have open? For instance, can you configure it through SSH or telnet? Or if you know what kind of router it is, that might be helpful too.
-
hey everyone! recently i have been working on some U3 hacks. i have completed a test one and i am having trouble getting it on the U3. I have googled it, but i cant find anything that has worked. my comp is messed up:-( Any suggestions or ideas?
cheers,
IC3
I'm not sure what the test one is, are you talking about the USB Hacksaw or whatever?
If so, which part are you having trouble with, actually flashing your image onto the CD-ROM partition? Did you modify the installer so it would work like you want it to?
-
I know a lot about the subject I am speaking of and already have developed several viruses (none released of course) and that was back in the DOS days. I decided to re-visit this area in order to learn a thing or two about The Win32 architecture and some other select things.
It doesn't seem like you do, and that might be the source of your problem finding help here. Also, are you looking to learn about the Win32 architecture or the Win32 API? You might be better served by the OSR pages if you're looking for architecture help.
An overwriter is a virus that does not perform any delta offset calculation and does not attempt to hide itself in any way. The virus simply opens a file and writes itself into the file and then closes the file. Pretty simple to understand from the name. And yes, if you google it (which someone very kindly suggested earlier) then you would find it. Here, I'll make things easy on you and include the URL of a TUT I found (TUT means tutorial for those interested).Seems pretty useless by today's standards. I guess that kind of thing was helpful back when you knew something about computers, eh?
Listen people. I don't know where you got your manners from but I have been very polite with you and asked a very simple question.No you haven't. And I think you essentially got the same sort of courtesy you gave.
I wanted to know about WINAPI functions.Then you got your answer from whoever suggested the MSDN. It really is the best resource for how to use the WinAPI, including function prototypes, articles, examples, etc.
Also, you'll excuse me for asking a quick question at 1 in the morning after studying for exams all day and doing a ton of research on the subject myself.Boo hoo. You did some research and were all tuckered out. Cry me a river.
I'd rather not be flamed by people I'm just getting to know.Then maybe don't start a topic you know will get you flamed? Regardless of how you feel about the topic, you know how others feel about it, and should have expected responses like those from H@L0_F00 (it doesn't appear to me that anyone before him was openly hostile). Maybe you were a bit too quick to retaliate?
-
Okay, I'm going to be completely honest. I've taken up virus writing. I know, it's wrong but I don't care ;) lol but seriously I have a question about winapi calls and 32 bit assembler.
Most of the tutorials I have come across only deal with the coding of 16 bit DOS viruses. I'm looking to begin the coding of a 32 bit windows virus. So far, I've only been able to code a simple over-writer and that's hardly cool at all. My main questions are as follows:
1. Is there any way to open a file in 32bit assembler without using WINAPI function calls?
2. How do I change the current working directory using either WINAPI function call or some other method in 32bit assembler? (I could probably do a quick search but it's 1 in the morning and exams are tomorrow)
3. Assuming I have used WINAPI function calls to open a file and I have stored the file handle in a variable called hFile, how exactly do I go about overwriting certain parts of the file as opposed to just the beginning?
4. Is there still a disk transfer address in 32bit windows?
Any help would be greatly appreciated.
I'll begin by saying that I didn't really read your post, or the subject. I did read your questions however, and I think it's awesome that you have the audacity to ask for help on something you openly admit that you could figure out yourself but you're simply too lazy (see number 2). So keeping with the spirit of this topic that you've all ready set up, here are my answers, in no particular order (Sure, I could probably number them accordingly, but really, it's 10:30PM and I don't have anything to do tomorrow). And what is an over-writer? I think, in general, you tend to use phrases and terms you don't really understand. You should probably avoid doing that.
A. Assume functions like fseek don't exist, you can just do what you know. Read the buffer, then write it out modding the area you want.
B. Not sure what you're looking for here.
C. The API call will be the same no matter the language you use. Including statements like "is there an API I can use in assembly" is silly.
D. Sure, but it really depends on where you cut off the WinAPI.
-
I came across a file which contains a hash code at end of file.
if you change any thing from file the file becomes useless i.e invalid file.
e.g one of the hash code is 29AD6395CEE1111266CA0F53526FF06C8EAC8D0575888685A0AC7EBD7BC4D232A1F6EFFC262DCE6E
can anyone help to decrypt this hash code.
Have you considered that there isn't anything to "decrypt" from this hash? That is, it sounds like the hash is just a digest of the rest of the file used for an integrity check. But again, it'd be easier to tell if we had more information.
-
I just enter it into the password field when trying to connect using the default Windows software. It just works.
-
Well it is bridged, and I'm not sure why my internet was on the loopback interface, but if it is already spoofing it in a way, then it should work. BTW, it is wired.
"Should work" only if they're planning on blacklisting the physical MAC address on your card. If they employ some other technique, spoofing the MAC address may not be the optimal solution.
-
So here is what I did.
I put a VM in VMware running Ubuntu Server 8.10. I put squid on it. It is using a bridged connection, and has it's own IP and MAC.
So my question is, if my parents blocked my computer at the router, could I still get my internet from my VM? I checked wireshark, and it showed packets from the VM coming from eth0. Wireshark also shows packets on the loopback interface too. Those lo packets happen to be my internet.
It all hinges on how they "block" your computer; let's assume MAC address filtering for this discussion. As an aside, you should probably learn what the loopback interface is for.
With a bridged connection, IIRC, your physical device is essentially spoofing the VMs source MAC anyway for those packets. If that is the case, you're really just wasting an extra system's worth of resources to get the same effect as a simple execution of ifconfig.
But like I said, it all depends on how they're going to remove your access.
-
it really depends on what you are developing for... if i was developing an app for windows id just use the native windows api but if i wanted something cross platform i might use gtk honestly i dont use gui's hardly at all in my programming... i prefer the cli
As far as tutorials i always find it easiest to pick apart the examples that the dev kits usually come with in order to figure it out.
Off-topic: I wasn't aware of the Native API exporting functions for GUI creation. Isn't user32 the GUI DLL?
On-topic: Tcl/Tk
IP Chnager
in Applications & Coding
Posted
I was legitimately looking for reviews of this, in hopes of understanding in what capacity it could be more useful than a script, and all I found was this
CNet review. To quote, in case it goes down:
"DOES NOT WORK"
by kdryan2 on July 4, 2009
Pros: No redeeming qualities
Cons: Not only did the product not work, it screwed up my settings so I could connect until I manually went in and repaired the damage.
Summary: Once again, it does not work
-- Just out of curiosity, any ideas what went wrong with that guy's usage?
good day.