Easy Wireless Honey-Pots using Win7 and Metasploit

I found myself inspired by Vivek Ramachandran’s videos,
I thought I would take the honor in creating the simple meterpreter
script that basically does what you see in the third installation of the
Swse Addendum videos.

When I watched the third video I thought to myself, “This shouldn’t
be too difficult to do”. From my perception, I think that Vivek was kind
of hinting that he might

Android App - Network Spoofer

Network Spoofer lets you mess with the internet on other people's computers.
Network
Spoofer lets you mess with websites on other people's computers - flip
pictures, change Google searches, redirect websites and many more
features to come.
DISCLAIMER: The developer(s) of this application
are not in any way responsible for it's use or misuse; only use it for
demonstration purposes on networks

วิเคราะห์การโจมตีและผลกระทบต่อการโดนโจมตีของเว็บไซด์ Me by TMB

วิเคราะห์การโจมตีและผลกระทบต่อการโดนโจมตีของเว็บไซด์
Me
by TMB





บทนำ

          ช่วงเช้าของวันที่
28 มกราคม 2555 ก็เป็นอีกวันหนึ่งที่ผมนั่งอ่านข่าวเรื่อง
Computer Security ไปเรื่อยๆตามปกติ
แต่มีข่าวหนึ่งที่ทำให้ผมถึงกับสะดุ้งและสนใจในการค้นหาข้อมูลต่อตอนประมาณ 11:30  ก็คือกรณีการโดนเปลี่ยนหน้าเว็บเพจธนาคารรูปแบบใหม่จากธนาคารทหารไทย(TMB)ซึ่งใช้ชื่อว่า
Me By TMB และใช้สโลแกนว่า "กล้าไหม?

File Thingi: Deface and Shell Upload Vulnerability

This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Google Dork : inurl:ft2.php intext:upload

After the searching the above dork, you will get websites vulnerable to this. Select any website, upload your deface or shell there. To view your deface or shell, just click on your file name after its uploaded.

IP Spoofing Attack Tool List

If you want to see full detail of IP Spoofing, please go to the Source.



Services vulnerable to IP spoofing



Configurations and services that are vulnerable to IP spoofing:


RPC (Remote Procedure Call services)
Any service that uses IP address authentication
The X Window System
The R services suite



Most popular tools used to modify packet headers:


Tools – For Windows


Engage Packet

Hash Identifier Tool

Software to identify the different types of hashes used to encrypt data and especially passwords.

Encryption formats supported:

ADLER-32
CRC-32
CRC-32B
CRC-16
CRC-16-CCITT
DES(Unix)
FCS-16
GHash-32-3
GHash-32-5
GOST R 34.11-94
Haval-160
Haval-192 110080 ,Haval-224 114080 ,Haval-256
Lineage II C4
Domain Cached Credentials
XOR-32
MD5(Half)
MD5(Middle)
MySQL
MD5(phpBB3)
MD5(

Symlink:Video Tutorials

Following is a set a of 3 video tutorials on Symlinking. Watch each video one by one to know exactly how to hack with Symlink. The following video on this post is by http://avisuni.blogspot.com.


Video v.1


Watch online here:
http://vimeo.com/34171692
Video Download Link:
http://www.mediafire.com/?x98jxadgadx9adw
Tool used in the video:
http://www.mediafire.com/?h6aauafvd8d4woc





Video v.2


Watch online:
http://vimeo.com/34248939
Tool used in the video:
http://www.mediafire.com/?xhuk7df00ccod8l
Password:- avisuni.blogspot.com




Video v.3


Video+Script: http://www.mediafire.com/?3d6rbd0da8pbetv
Only Script:
http://www.mediafire.com/?lzcq8fwykh3oq72


##################################
http://www.avisuni.blogspot.com
##################################

Howto: Use WeBaCoo - Web Backdoor Cookie Script-Kit

1. Get the WeBaCoo
- git clone https://github.com/anestisb/WeBaCoo webacoo
- cd webacoo
- ./webacoo.pl -h

Usage: webacoo.pl [options]Options:  -g        Generate backdoor code (-o is required)  -f FUNCTION    PHP System function to use    FUNCTION        1: system     (default)        2: shell_exec        3: exec        4: passthru        5: popen  -o OUTPUT    Generated backdoor output filename

SQL Injection Cheat Sheet By NT Object Inc.

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Howto: Install Metasploit on your Ipad2(iOS5.0.1)

1. SSH to your ipad for easy typing

2. Install all packet that must use for Metasploit
- apt-get install adv-cmds apt basic-cmds bootstrap-cmds bzip2 class-dump coreutils developer-cmds diskdev-cmds file-cmds gawk gdb git gzip iokittools less more nano network-cmds ldid openssh rsync shell-cmds system-cmds com.ericasadun.utilities top uikittools findutils inetutils diffutils lsof subversion vim

NetBIOS spoofing for attacks on browser

This post is from Digital Security Research Group with very interesting content, please visit the source.



NetBIOS spoofing for attacks on browser







Sometime ago during pentest NetBIOS protocol got my attention. Especially, NetBIOS naming and its co-work with DNS.NetBIOS
is an old protocol, distributed world-wide, but it doesn’t have many
security mechanisms. And I think that many

Bypass Captcha using Python and Tesseract OCR engine

A
CAPTCHA is a type of challenge-response test used in computing as an attempt to
ensure that the response is generated by a person. The process usually involves one computer (a server) asking
a user to complete a simple test which the computer is able to generate and
grade.The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel
Blum, Nicholas J. Hopper, and John Langford (all of Carnegie

Hack Tips: Blackberry Enterprise Server Exploitation