Infiltrator

Hey bro, can I recommend you to buy a wireless card from Alfa Networks, you won't have much problems. Or better yet, go to the Hak5 shop and buy one from there.

What problems are you having?

Yeah, sounds like DNS issue. Make sure your dns service is running and there are no errors in your log files. I would also suggest, checking out that link I provided you earlier on. Also when performing the nslookup query make sure the host where you issuing it from knows about your DNS server. If you do an Ifconfig it should tell you what DNS server its using for doing the DNS look ups.

Do an Nslookup against you webserver IP address to determine if BIND is resolving the IP address and the hostname correctly. If it's not working, see this article for more details on configuring BIND. http://news.softpedia.com/news/How-to-Host-Your-Own-Domain-With-Bind9-on-Ubuntu-49585.shtml

Hey bro, Can I suggest you this video, and if you could watch the first video, there's a part that demonstrates how to use Auxiliary modules. http://www.grmn00bs.com/

For the DNS part what are you using, Windows Server or Linux BIND?

Make sure your laptop has an updated antivirus and its not infected. Secondly, does your school laptop have a service pack installed?

Download the Hiren's Boot CD and use the Windows diskpart utility to make a bootable USB or HDD. This article will walk you through the process of making a bootable media. http://maketecheasier.com/boot-and-install-windows-7-from-usb-flash-drive/2009/01/23 Need any help let me know.

1) I have to agree that it is pointless generating massive amounts of rainbow tables, for cracking password that are greater than 8 characters long. On the other hand, if you have a rig that has 4 or 6 GPUs you will be able to crack passwords a lot more efficiently. 2) Those websites can be quite ineffective sometimes, but one has to bear in mind that they are performing dictionary attacks against your hash, which isn't always going to have your clear-text password.

I saw the images posted in those forums and frankly speaking some of those guys have a really hardcore set up.

AP Isolation does rely on Mac address, and in order to work the router maintains a table containing all the MAC addresses of all devices it knows. However by changing your MAC address to the router's MAC address, it won't make any difference it will more than likely cause the router to drop all the packets, since it won't know to which device to send it to because of the duplicated MAC addresses. But its an interesting theory and worth testing it out to really find out.

I don't think there has been much changes in the computer security. Most of the attacks we see nowadays, are exploitation, malware infection, phishing attacks which is part of social engineering and Distributed Dos Attacks. But the big culprit for all these, is the human link.

If you are on wireless network there is a security feature called "AP Isolation", which basically isolates yourself from any other wireless client. So in this case you won't be able to see any wireless client but yourself and the router.

If this is not your network, I can certainly say that whoever is the network administrator of it, he must have have tighten the security pretty darn good. Cisco switches in particular, comes with a security feature that prevents arp poisoning from taking place. So in this circumstance you won't be able to arp spoof the network. How are you connected to the network via wireless or wired connection? Also have you checked Kismet documentation for more details? http://www.kismetwireless.net/documentation.shtml

msf > load db_mysql Is this how you are loading the mysql database command? Also make sure your metasploit has the latest updates. http://en.wikibooks.org/wiki/Metasploit/UsingMetasploit

Well then, are you able to provide a more current list?

See this article for more details. http://www.makeuseof.com/tag/how-to-spy-on-your-spouse-with-your-computer/

I know with VNC you can remotely install it and stealthily watch the PC. Check out the Hak5 wiki, there is a nice tutorial on how to do that.

Once the victim has connected to your AD Hoc, arp-spoof him and use DNS poisoning to redirect him to a webserver that is hosting your 'hub page'.

Differences between the two are that, Blackbuntu has some features that Backtrack doesn't have. See for yourself the list below. http://en.wikipedia.org/wiki/BackTrack and http://www.blackbuntu.com/tools-list

Not necessarily, but that can also be done with Trojan horses or viruses by infecting the system.

It always comes down to money and its one of the reasons why many companies and organizations fall behind in the IT security, they don't want to invest or spend money.

Interesting..... I normally fly out to remote communities to fix up government computers and networks and if memory serves me well, the last time I went on a site, I was experiencing some issues with an application holding its server settings, so I phone this guy and he remotely connected to this PC I was having issues with, and in matter of seconds he took complete control over this PC, through Dameware. Now what really freaked me out was that no message popped up on the screen requesting my approval. So I'm guessing it can also be configured not to request the end user to approve the connection.

"Although TLS 1.1 has been available since 2006 and isn't susceptible to BEAST's chosen plaintext attack, virtually all SSL connections rely on the vulnerable TLS 1.0, according to a recent research from security firm Qualys that analyzed the SSL offerings of the top 1 million internet addresses." So by using the latest version of the TLS protocol Beast won't be a threat, since it only works with TLS version 1.0. When will organizations learn to keep their IT security up to date.

I agree and didn't say your video was useless, was just trying to show him other options to help him out too.