Friday, October 10, 2008

Hacking with all basics...........

PPTP VPN MITMA

http://crimemachine.com/Tuts/Flash/pptp-vpn.html

Use "Auditor" Remote Exploit or you could do it on whax but you'll need to down load a few extra bits and peices. Google search "Knoppix Remote Exploit", then download it, It's about 500+ mb....It's a CD live distro and it is probably better than Whax, just about...

[edited]or dwnld here:
http://new.remote-exploit.org/index.php/Main_Page


How to decrypt SSL encrypted traffic using a MITMA
http://www.crimemachine.com/Tuts/Flash/SSLMITM.html



SSL MITM attacks
hxxp://eks0.free.fr/whax-demos/?f=Whoppix-ssl-mitm_config.xml
Another video tut of a different to the decryption one...



UUMmmmm.......................I think it's

ssh tunneling, with use of Nikto and mfscli exploits.. Might be wrong and can't be aresd to check it out though...But it's good...
http://whoppix.hackingdefined.com/Whoppix-ssh-dcom.html



A quick tut on making your trojans completely undetecable by hand, using Ollydbg (the pro way) LOL...good tut and it works....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39032

+
Example code/trojans that he uses to practise on....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39033



Right I've just relised this is in completely the wrong place....Unix-Linuix Systems is not for hacking tutorials.....never mind


128bit WEP cracking

hxxp://www.crimemachine.com/Tuts/Flash/wepcracking.html

Mad how easy it is!!



Basic introduction to the Nessus security scanner using Auditor Security Collection


hxxp://www.irongeek.com/i.php?page=videos/nessus



Basic introduction network mapping using nmap
not expecting many of you to need this..

hxxp://www.irongeek.com/i.php?page=videos/nmap1



Cracking Syskey and the SAM on Windows Using Samdump2 and John

hxxp://www.irongeek.com/i.php?page=videos/samdump2auditor



FTP Bruteforcing and the use of the raptor exploit (I think)


hxxp://eks0.free.fr/whax-demos/?f=raptor_config.xml



Autoscan + Metasploit

hxxp://eks0.free.fr/whax-demos/?f=autoscan-metasploit_config.xml





................
linux_dude
Argh, this reeks of script kiddie-ism :-/

This place isn't a repository for how-to guides, but we'll see what ComSec says, besides, these aren't anything new.

Do you even read what you post?

Example:
For the SSL Man in the Middle Attack, you don't need access to the victims computer. If you did, that wouldn't be very 'in the middle', now would it? You just need access to their network.

Honestly, it's nice, but it's so specific and contrived, that it won't work in most cases. You're issuing an invalid certificate, which some users would notice, and if you just sniff the traffic, you can't crack it easily.


Another thing, the 128bit cracking only works in high traffic areas, otherwise it isn't that easy. (7 GB of traffic on average) :-/

You could forcefully generate the traffic yourself but most routers detect this, and so do the network users when they repeatedly get disassociated with the AP.

0 comments: