Infiltrator

I found something you might want to give a shot at. http://www.backtrack-linux.org/forums/showthread.php?t=47385

I know TOR is very slow, but you could use a chain of VPN servers, instead of a DNS server. It offers encryption and would increase your anonymity on the web too, but you would have to be careful with browser add-ons or plugins, as they can reveal your real IP address. Just a thought.

That's an interesting research, that you don't see everyday. Why don't they just install the APs overhead? Wouldn't the signals spread more efficiently, rather than at the seats level. Or did I overlooked something here?

As Mr-Protocol stated, plug it in, then issue the command lsusb. It should display the name of your USB wireless adapter Alfa bla bla. If it does, the next thing you do, is type airmon-ng at the terminal. That will display your adapter chipset, interface name (eg wlan0) and your monitor interface (eg Mon0).

Try disabling your built-in WIFI adapter first, then disconnect and re-connect your USB adapter. Then do an Lsusb [/CODE] Again does it recognize your USB adapter?

I would use the Firefox, "Network.proxy.socks remote dns" built in option. What it does is, it uses the remote DNS server, instead of your local ISP DNS servers to do the DNS queries or look ups. Now you can use your VPS DNS servers to handle all the DNS work.

Really? I would suggest to give your friend a fire arm!

I agree with you 100% and I do that too, that was just a suggestion though.

You can only run your WIndows copy, unlicensed for 30 days. After the 30 days grace period is over, you must activate your Windows copy in order to continue using it. In addition, to avoid buying licenses, you can make several copies of your first virtual machine and run them, as if they were installed individually. That's what I did in the past, and was able to run them without any problems. Furthermore, you will need to change the hostname on each of the VMs, or you will get conflicting error messages, sayng that there is already another host on the network with this same name.

Bravo Digip. Follow these steps and I am sure they will have a hard time finding you.

if you are going to hack a singe wieless router, you can already set the channel to your adapter, by issuing this command. ifconfig wlan0 down iwconfig wlan0 channel 1 ifconfig wlan0 up. [/CODE]

Here's a couple of old threads to help you out.

Yep, that's exactly what i had to do the other day, to reset my Backtrack password. That article Digip suggested, has all the steps outlined in it. Just follow them you can't go wrong. The other option, would be booting a Live CD, mounting the partitions and then chrooting into it, to change the password, this would be the easiest one. http://www.howtogeek.com/howto/linux/reset-your-ubuntu-password-easily-from-the-live-cd/

Be it Vmware or Virtualbox, you must always install the additional tools, if you want to adjust screen resolution or whatever.

I could be wrong, but I don't believe Httrack can download multiple sites at once. I had gone through the Httrack documentation, and I am fraid but it doesn't mention much about downloading multiple websites. http://www.httrack.com/html/fcguide.html

Check out this link, http://maestro-sec.com/blogs/2008/10/top-15-sql-injection-scanner/

I don't mind Metasploit on Windows, but on Backtrack, I find it more convenient.

Roger brother, thank you for clearing that up. One way to eavesdrop on a SSL connection is using SSLstrip, part of the Backtrack OS. I would suggest reading up on that, if you are not familiar with the utility. Other methods, would be infecting the client side with a malware to intercept the SSL connection and then decrypt the messages. Here are some interesting articles for you to read. http://thehackernews.com/2012/04/90-ssl-sites-vulnerable-to-beast-ssl.html#sthash.cAHE3DbD.dpbs http://nbnl.globalwhelming.com/2011/09/20/researchers-cracked-ssl-internet-safe-https/ http://www.marktaw.com/technology/HowlongdoesittaketocrackS.html

I found something related to your problem, I don't know if you have seen it or not, but here's the URL. http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash

I personally like Cryptohaze a lot, but have found it to be slower than HashCat. CryptoHaze uses Nvidia, which is a lot slower than ATI in this respect, so I would recommend Hashcat instead. Hashcat also support distributed networking, which can push the performance envelop to the extreme.

It could be that the vulnerability is already patched.

Well, if you want to secure your database system against SQL Injection attacks, I would recommend using open source tools, such as SQLMap to attack your web application. If the tool is successful in pentrating your database, you will need to write better code, to address the security problem. The reason why websites are so vulnerable to these web based attacks, is because they are never 100% tested against these attacks in the first place. If they were, we wouldn't be seeing such an alarming rate of websites being exploited in this matter.

You can still practice, all of what you learned in the LAB from your own PC. Of course, having all those Cisco gear gives you that hands on experience, but you can accomplish the same with Packet Tracer or GNS3. They are virtual network software, that allows you to create your own network environment and practice, as if you were doing with the real stuff. Once you have, all the nodes, routers and switches configured, you can then use them to simulate a real network. You can also configure the routers and switches via a terminal, just like how you would with a real Cisco router or switch. The only difference is that, you don't use a serial cable to connect your PC to the router or switch, it's all done via the console. In case you are wondering, I've also done my CCNA but it's been a while, I am planning on doing Network+, once I finish studying for my security+.

Just use the normal ping command. For example, Ping google.com [/CODE]

If those USB dongles have a SIM card in them, I would recommend removing them before selling, besides that, I don't think the dongles itself would store any sensitive information. Unless you used them for storing data, while accessing internet.