Jump to content

bowler

Active Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by bowler

  1. When I set up the tunnel socat and then set nmap to use localhost and my port selection, nmap quickly returns with a result that port is open (which it is) and unknown. What I would like nmap to do is to tunnel thru the port and not actually scan the port itself. Possible?
  2. Hi, Recently on a show, Darren highlighted a security suit for smartphones. I am trying to remember which one it was. Can someone remind me? It may have been a sponsor. Thanks.
  3. bowler

    Mailvelope

    Hi all. On the last episode Mubix showed how he can retrieve a persons private key as it was stored in a sqlite db in the clear. I think it is usually the case that private keys are password protected (or should be). Now in the case that the private key is protected with a lenghty complex password (basically a password generated by a generator) would the private key be of any use to anyone without the associated password that protects it? Thanks.
  4. Hi all, When exactly is the next Challange. In the last episode Snubs says its on Sunday May 21 2011, the screen just says May 21 2011, but Sunday is not May 21st it is May 22nd. Whats the deal. Thanks.
  5. Hi, in episode 902 of hak5, snubs does a walkthru of the CCC challange for Feb 27. One of the tools used was networkminer. She was able to extract a file from a pcap file called kerberos.jpg using networkminer. The file came out perfectly fine. I have not tried networkminer myself but am sure that I would get the same results. However I tried using linux tools such as foremost, tcpxtract, dsniff suit to carry out the same funtion. But when I look at the kerberos.jpg file for example its corrupted. See the attached pic to see what I mean. My question is are there any reliable linux tools for parsing a pcap file and dumping any files found. Foremost and tcpxtract seem to do a good job of the parsing bit, but as from seen here somehow the pics are corrupted.
  6. If i have this command, ettercap -T -q -o -i wlan0 -M arp:remote -P repoison_arp /192.168.1.105/ /192.168.1.1/ and I also want to run the reply_arp plugin, how would I add this to the above command. Thanks.
  7. So i just got a pm in my forum account that goes... Hello, friend. There are viruses' activities from your computer in last few days. Strongly recommend you to scan your computer. You can find a report about your computer's security and solve every problem with it here: <LINK REMOVED> Thank you. Forum member. I am in a frenzy what to do what to do... :) Any ideas? WHOIS information for total-scan.net : Domain ID: Domain Name: total-scan.net Created On: 08-Feb-2010 00:00:00 Expiration Date: 08-Feb-2011 00:00:00 Sponsoring Registrar: 'Check Whois' (UK2 GROUP LTD.) (UK2 GROUP LTD.) Status: client_transfer_prohibited Name Server: ns1.freedns.ws Name Server: ns2.freedns.ws Registrant ID: Unknown Registrant Name: Unknown Registrant Organization: Unknown Registrant Street1: Unknown Registrant Street2: Unknown Registrant Street3: Unknown Registrant City: Unknown Registrant State/Province: Unknown Registrant Postal Code: Unknown Registrant Country: Unknown Registrant Phone: Unknown Registrant Fax: Unknown Registrant Email: Unknown Admin ID: Unknown Admin Name: Unknown Admin Organization: Unknown Admin Street1: Unknown Admin Street2: Unknown Admin Street3: Unknown Admin City: Unknown Admin State: Unknown Admin Postal Code: Unknown Admin Country: Unknown Admin Phone: Unknown Admin Fax: Unknown Admin Email: Unknown
  8. You probably could but from reading there is a specific way using airmon-ng that is used with the this Card and the RTL8187/RT8187 drivers. And I believe it is what Psychosis has said.
  9. I figured out what was causing me so much problems. I had the ubuntu firewall enabled (ufw). Once I disabled this firewall before I begin to do anything, ettercap/arpspoof works as is expected. No more lost internet on the target. sudo ufw status sudo ufw disable
  10. Hi. What are the terminal commands to put the AWUS036H into monitor mode on Ubuntu 9.04. I assume I can do it using airmon-ng. Can someone post the full set of commands. including putting it into and taking it out of monitor mode. Do I have to issue a stop to it first and then a start etc. Tried to find it here on the forums and google but came up empty. Thanks.
  11. That made me laugh, because it's true. Hmmm I think what i will do is put it very high in a cupboard above me and away from me attach to a long usb cable. Just in case...or send it thru the window and let it be outside attach to the wall.
  12. How safe are these teh 500mW especially with regards to cancer and RF burns or other health issues? Are they safe to operate in the same room as you? Mine has arrived and now I am afraid to turn it on because I just thought about that.
  13. Your solution may also lay in reverse proxying.... http://ubuntuforums.org/showthread.php?t=1335677
  14. bowler

    arp poisoning

    If you do an nmap scan (replace xxx.xxx.xxx with the address or your network) nmap -T4 -F xxx.xxx.xxx.0/24 Does that show your router only as well?
  15. My usual setup is to have 2 usb wireless adapters, one for the host machine and guest bridging. The second is usually attached directly to the vm (attacker) so that the vm (attacker) can access it as a usb wireless device. That works for me. But I did not have one at the moment so I was trying this until a new one arrives. But now that I think of it. I wonder if I add a third adapter to the host (wired) where the host can use the wired for internet. I can use the host wireless adapter as the bridge for the vm's. I will try that and see what the results are.
  16. In a bridged set up each vm do have their "own mac addresses sort of. When I look into the arp table of the host (no spoofing going) the mac address of all vm's are the same as the host. So yes in that you are correct. Each vm though see's each other with distinct mac addresses. It's just that the host sees all vm's with the same mac address. That of it's own, and probably uses some wizardry to route traffic to the various vm's. I was wondering if it is because of this that the spoofing will not work as expected.
  17. Yes I have turned on forwarding on the attacker. attaker# echo 1 > /proc/sys/net/ipv4/ip_forward
  18. Hi all, I need an explanation of why I can't get arpspoofing to work. I think it is because of the particular setup but you can tell me. --=Particulars=-- Host: Ubuntu 9.10 with 1 wireless adapter Guest #1 (Attacker): Ubuntu 9.04 bridged Guest #2 (Victim): Ubuntu 9.10 bridged Vmware Workstation v7 Now when I begin arpsoofing the victim I check its arp table and see that it's cache is being poisoned correctly. I have turned on forwarding on the Attacker. I have used both ettercap and arpspoof but the results are the same. The Victim looses internet connectivity. Usually how I would set up is like this but I am replacing a physical wireless adapter with one on order --=Particulars=-- Host: Ubuntu 9.10 with 1 wireless adapter Guest #1 (Attacker): Ubuntu 9.04 (physical wireless adapter) Guest #2 (Victim): Ubuntu 9.10 bridged Vmware Workstation v7 Is it because both guest are bridged to the same host that the victim looses connectivity to the net when the arp poisoning begins? Thanks.
  19. http://www.amazon.com/Adapter-Wardriving-E...3134&sr=8-2 But when I see it on hak 5 the antenna always looks bigger. Is that a custom antenna on that thing or the small one that comes by default on the above device.
×
×
  • Create New...