shesellsseaSHELLS

Hi guys just very curious as to how or if there is any tools in the backtrack distro's that allow brute-forcing dictionary attacks on HTTPS forms. Im curious as to how linux would handle the " Human Vericode Verification " after a certain number of failed passwords. If there is any scripts/tools that allow some way for this technique to be acheived please do explain. I guess what made me think of this is a recent story about some of hollywoods e-mail's being cracked with brute-forcing the email passwords, Is this attack possible for example on ymail or gmail or any other generic email providers even when they prompt for a veri-code authentication after a certain amount of wrong passwords.

Yes sorry i used the wrong terminology. It is encrypted you are correct, My further question is, The possibilty of remotely de-crypting the hash through sequel injection. Either that or obtaining admin password and somehow getting remotely client side. Just hypothetical of course !

Hi there guys, Just conducting an assesment recently when i found a hash i've never seen before. Here's the sample " UceWpAaS6iw55I1cwoc75xjsXDk= " Without the quotes. It was from a mysql 2000 server i am wondering if anyone has seen this type of hash before. If so what is the name of it. Any input would be greatly appreciated. Cheers

I think i understand what you mean, But what im saying is if there's two people that have exactly the same 'linksys' wifi router and they both have made a custom password which is the same = password1 the only difference being that 1 user has renamed the SSID to 'mywifi' but the other has left original 'linksys' how would someone know to use the " LINKSYS RAINBOW TABLE " if the ssid was changed to MYWIFI ?

Hey guy's can i ask, How does the SSID relate to the WPA passphrase ? If the user has made a custom passphrase for their wifi network.

I had assumed this to be one method of exploitation (metasploit) However, Metasploit in my past has been VERY unethical for gaining Remote desktop. I use metasploit in a VM instance of Backtrack but i always have technical difficulties, i do find trojan tools alot more simple with client and server (SCRIPT-KIDDIE) i know lol but do you know much on private encryption of exe files ? Because i could then DNS poison all computers on network to a JAVA DRIVE BY DOWNLOAD

Well MSTSC is not really what im looking for because i dont have passwords for the computers on the network. So yeah Exploitation would be my best option, Any ideas on exploitation ?

Okay guys first off to save alot of time-wasting and misunderstandings i will re-create a scenario so you can give the best possible feedback !. SCENARIO STEP 1: Find unsecured WIFI network or crack WEP of secured. STEP 2: Connect to WIFI network STEP 3: Login to Router 10.1.1.1 or any other type 198.162.1.1 doesn't matter STEP 4: Okay here is what i mean by possibilities, Of course my main objective is to establish a remote desktop connection or be able to view files. I was thinking to do something with DNS re-direct so i can redirect all there attempts to a site of my own which would force a malware download, However this seems to be a little unethical due to the fact that creating a java-drive by will need a crypt of the trojan bla bla bla, So if anyone can think of any other methods i would greatly appreciate it. So my final goal is to be able to have remote desktop on the other computers of the network or atleast one of them and/or view the files on there boxes.