Tag: attack

Hacking, Penetration Testing

Kill chain attacks with Kali

The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.[1] Conversely, the idea of “breaking” an opponent’s kill chain is a method of defense or …

Brute-force, Cracking, Network, Wireless

WPA PSK attack

WPA PSK attack with aircrack-ng suite. Place your wireless card into Monitor Mode airmon-ng start wlan0airmon-ng start wlan0 Detect all available wireless AP’s and clients airodump-ng mon0airodump-ng mon0 Setting adapter channel iwconfig mon0 channel <channel_number>iwconfig mon0 channel <channel_number> Capturing the four-way handshake airodump-ng –channel <channel_number> –bssid <bssid> –write capture mon0airodump-ng –channel <channel_number> –bssid <bssid> –write …

Cracking, Network, Wireless

WEP Fake Authentication Attack

Wep Fake Authentication attack with aircrack-ng suite. Place your wireless card into Monitor Mode airmon-ng start wlan0airmon-ng start wlan0 Detect all available wireless AP’s and clients airodump-ng mon0airodump-ng mon0 Setting adapter channel iwconfig mon0 channel <channel_number>iwconfig mon0 channel <channel_number> Capturing airodump-ng –channel <channel_number> –bssid <bssid> –write capture mon0airodump-ng –channel <channel_number> –bssid <bssid> –write capture mon0 …

Cracking, Wireless

WEP De-athentication attack

Wep de-authentication attack with aircrack-ng suite. Place your wireless card into Monitor Mode airmon-ng start wlan0airmon-ng start wlan0 Detect all available wireless AP’s and clients airodump-ng mon0airodump-ng mon0 Setting adapter channel iwconfig mon0 channel <channel_number>iwconfig mon0 channel <channel_number> De-authentication attack aireplay-ng –deauth 3 -a <BSSID> -c <client_mac> mon0aireplay-ng –deauth 3 -a <BSSID> -c <client_mac> mon0 …

Brute-force, News

Global WordPress brute force attack

The last few days there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.  This attack is well organized and distributed. http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/ http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br To protect your blog, remove default admin account and create a new one with a different username change your administrator password install a captcha …

Metasploit, MSSQL

Detecting a Microsoft SQL Server

Microsoft SQL Server (MSSQL) is a relational database management system (RDMS) used to store, retrieve and manage information. As with many Microsoft’s products, SQL Server has many security weaknesses. Let’s start by identifying running SQL servers on the network.   Discover open MSSQL ports MSSQL is running by default on port 1433. To discover SQL …

MITM, Tools

Detect arp spoofing

ArpON is a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: …

DoS, Metasploit

Denial Of Service attacks with Metasploit

A denial-of-service attack (DoS) is an attempt to make a machine or network resource unavailable to its intended users. Apache HTTP Server Apache httpd has been the most popular web server on the Internet since April 1996. It consists of thousand of lines of code and a vast variety of modules and extensions. Therefore, vulnerabilities …

Microsoft Windows

Monitor the changes made to OS by the installation of new software

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. Allows: – Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform – …