22.Tutorial On Exploiting Openssl's HeartBleed Vulnerability Well Yeah You Heared It Right.In This Tutorial Am going to write about Exploiting The Recent Boom vulnerability called "HeartBleed" on one of the most widely implemented OpenSSL. What is HeartBleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the ac
Posts
- Get link
- X
- Other Apps
21.Hacking With Armitage I think that Kali or Backtrack Users may came to hear the name of ARMITAGE. Yeah it's a cool Attack Kit included in both kali and backtrack.To be quick It's a Simple Attack Management Interface for Metasploit and it's more ease of use for newbies.Today I'll cover a Step by Step tutorial on attacking live host machine. Requirements: 1.Backtrack or Kali Linux Distributions 2.Armitage Step 1:(Opening armitage) Step 2:(Connecting through Armitage) Step 3:(Making a Quick Scan to OS detect Hosts) Here i just used Quick Scan(OS Detect) method of nmap scan.But You can too Use all other methods for your Convinience. Step 4:(Enter The Host IP address) Here Enter the Host IP Address or IP address range for nmap to Scan Step 5:(OS Detection Finished) This is how it looks when Armitage Finds out OS of The Target host. Step 6:(Scanning the machine) once the OS Detection has
- Get link
- X
- Other Apps
20.Hacking Smart Phones with Backtrack Actually this tutorial is based on the smartphone-penetration-framework that was included in backtrack(Linux Distribution) by default.You can Have quick intro of it through a little googling cause am gonna jump for tutorial right away..:) Requirements: 1.Backtrack 5 R3 or Kali 2. xampp for Linux 3.A smartphone(i used a android phone here) 4.*If you are doing it outside of your network you need to port forward your router Step 1:(Installing Xampp on Linux) Open up a terminal window and type "wget http://www.apachefriends.org/download.html?xampp-linux-1.7.3a.tar.gz" Once xampp has finished downloading, go to your home directory and you should have a file called "download.php?xampp-linux-1.7.3a.tar.gz" rename it to something like "xampp.tar.gz". In your terminal window run tar xvfz xampp.tar.gz -C /opt Everything should be installed and you can find xampp in /opt/lampp/ directory Step 2
- Get link
- X
- Other Apps
19.DNS POISIONING TUTORIAL This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It's purely educational, so I'm not responsible for how you use the information in it. You're free do redistribute this tutorial wherever you like, but please keep it in its original form and credit me. To start, you'll need * A computer running Linux (Ubuntu in my case) * A basic understanding of how the Domain Name System (DNS) works Note that this is a more advanced topic; don't try this if you don't know what you're doing. Why DNS? The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that th
- Get link
- X
- Other Apps
18.Automated Padding Oracle Attacks with PadBuster There’s been a lot of buzz recently about Padding Oracle Attacks, an attack vector demonstrated by Juliano Rizzo and Thai Duong during their presentation at BlackHat Europe earlier this summer. While padding oracles are relatively easy to exploit, the act of exploiting them can be time consuming if you don’t have a good way of automating the attack. The lack of good tools for identifying and exploiting padding oracles led us to develop our own internal padding oracle exploit script, PadBuster, which we’ve decided to share with the community . The tool can be downloaded here , here I’ll spend a little bit of time discussing how the tool works and the various use cases it supports. Some Background : Before we discuss using PadBuster, let’s briefly discuss the fundamentals of a classic padding oracle attack. As the term implies, a critical concept behind a padding oracle attack is the notion of cryptographic
- Get link
- X
- Other Apps
17.CAFFE LATTE ATTACK: In the Honeypot attacks , we notice that clients will continuously probe for SSIDs they have connected to previously. If the client had connected to an access point using WEP, operati ng systems such as Windows, cache and store the WEP key. The next ti me the client connects to the same access point, the Windows wireless confi gurati on manager automati cally uses the stored key. The Caffe Latte attack is a WEP att ack which allows a hacker to retrieve the WEP key of the authorized network, using just the client. The attack does not require the client to be anywhere close to the authorized WEP network. It can crack the WEP key using just the isolated client. In this exercise, we will retreive the WEP key of a network from a client using the Caffe Latte attack. CONDUCTING THE CAFFE LATTE ATTACK: Follow these instructi ons to get started: STEP 1: Let us fi rst set up our legiti