Hacking & Stuff

19.DNS POISIONING TUTORIAL This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It's purely educational, so I'm not responsible for how you use the information in it. You're free do redistribute this tutorial wherever you like, but please keep it in its original form and credit me. To start, you'll need     * A computer running Linux (Ubuntu in my case)     * A basic understanding of how the Domain Name System (DNS) works Note that this is a more advanced topic; don't try this if you don't know what you're doing. Why DNS? The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that th

18.Automated Padding Oracle Attacks with PadBuster      There’s been a lot of buzz recently about Padding Oracle Attacks, an attack vector demonstrated by Juliano Rizzo and Thai Duong during their presentation at BlackHat Europe earlier this summer. While padding oracles are relatively easy to exploit, the act of exploiting them can be time consuming if you don’t have a good way of automating the attack. The lack of good tools for identifying and exploiting padding oracles led us to develop our own internal padding oracle exploit script, PadBuster, which we’ve decided to share with the community . The tool can be downloaded here , here I’ll spend a little bit of time discussing how the tool works and the various use cases it supports. Some Background : Before we discuss using PadBuster, let’s briefly discuss the fundamentals of a classic padding oracle attack. As the term implies, a critical concept behind a padding oracle attack is the notion of cryptographic

17.CAFFE LATTE ATTACK:     In the Honeypot attacks , we notice that clients will continuously probe for SSIDs they have connected to previously. If the client had connected to an access point using WEP, operati ng systems such as Windows, cache and store the WEP key. The next ti me the client connects to the same access point, the Windows wireless confi gurati on manager automati cally uses the stored key.                                                   The Caffe Latte attack is a WEP att ack which allows a hacker to retrieve the WEP key of the authorized network, using just the client. The attack does not require the client to be anywhere close to the authorized WEP network. It can crack the WEP key using just the isolated client.           In this  exercise, we will retreive the WEP key of a network from a client using the Caffe Latte attack. CONDUCTING THE CAFFE LATTE ATTACK:  Follow these instructi ons to get started: STEP 1:            Let us fi rst set up our legiti

16.HOW TO MAKE UR OWN CRYPTER: What you will need: Visual Basic 6 or Visual Basic 6 Portable A RC4 module A brain The RC4 module and Visual Basic 6 Portable will have the download links at the end of this tutorial. TABLE OF CONTENTS: 1. Introduction 2. Building your crypter 3. Conclusion 1. Introduction RC4 : In cryptography , RC4 (also known as ARCFOUR or ARC4 meaning Alleged RC4, see below) is the most widely used stream cipher and is used in protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). Stub : A method stub or simply stub in software development is a piece of code used to stand in for some other programming functionality. A stub may simulate the behavior of existing code (such as a procedure on a remote machine) or be a temporary substitute for yet-to-be-developed code. Stubs are therefore most useful in porting, distributed computing as well as general software developm