Wednesday 22 April 2009

Based on the demo from last Monday:

[Wikipedia] Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether (known as a denial of service attack). The attack can only be used on networks that actually make use of ARP and not another method of address resolution.

The principle of ARP spoofing is to send fake, or "spoofed", ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.

ARP spoofing attacks can be run from a compromised host, or from an attacker's machine that is connected directly to the target Ethernet segment.



Extracted from:
http://www.oxid.it/downloads/apr-intro.swf

Monday 30 March 2009

Cracking Telnet in 4 minutes with WireShark



What alternatives would you suggest to enhance the security of your network from this type of attack? and why?.

Cracking your own wireless access point in 10 minutes (WEP)

Wireless Cards Air-crack Compatibility

If you decide to crack a wireless access point as part of your coursework you may want to use a live-CD with a distribution that contains aircrack. Hence, a laptop with a CD-drive and a compatible wireless card is required. A common question that people ask is “I have model ABC wireless card, is it compatible with Aircrack-ng?” or “What card should I buy?” or “Can my card do injection?” and so on. This tutorial address these questions.





First off, answering these questions involves some work on your part. Please continue reading on:

Extracted from: http://www.aircrack-ng.org/doku.php?id=compatible_cards

VMWARE Problems

If you experience any problem related to previous posts, please post a comment on the relevant thread and subscribe to it so that you can receive an e-mail as soon as there is an update on it. If any other problem or suggestion, please comment in this thread. Thanks

Wednesday 25 March 2009

Network Hacking (OS Fingerprinting)

-: Network Hacking (OS Fingerprinting) :-


OS Fingerprinting :- OS Fingerprinting refers to detection of target computer's operating system.
Since, different operating system responds differently to the same kind of ICMP message, it is very important for an attacker to determine the exact operating system running on target system.
Also attacker can carry out attacks by taking over the vulnerabilities/bugs found in that particular operating system.
There are four areas that we will look at to determine the operating system (however there are other signatures that can be used). These signatures are:

1) TTL - What the operating system sets the Time To Live on the outbound packet.
2) Window Size - What the operating system sets the Window Size at.
3) DF - Does the operating system set the Don't Fragment bit.
4) TOS - Does the operating system set the Type of Service, and if so, at what.

There are two different types of OS Fingerprinting technique -

1) Active OS Fingerprinting :- Remote active operating system fingerprinting is the process of actively determining a targeted network node’s underlying operating system by probing the
targeted system with several packets and examining the response(s), or lack thereof, received? The traditional approach is to examine the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a targeted network element when probed with several legitimate and/or malformed packets.

Recommended Tools
Nmap http://insecure.org/nmap


2) Passive OS Fingerprinting :-Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is
based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host.

Recommended Tools
P0f http://lcamtuf.coredump.cx/p0f.shtml
Ettercap http://ettercap.sourceforge.net

How to install Backtrack 3 on VMware Workstation

Introduction to Nmap