Friday, June 26, 2009
This video is showing how to spoof DHCP IP assignment using Ettercap. When a new PC is added on the network which is configured to have IP address dynamically from a DHCP address. An attcker can spoof this IP assignment process and provide his own IPs, like a gateway which has been configured to sniff their usernames and passwords.
Tuesday, June 23, 2009
A good demo of sniffing network traffic remotely via setting up IP tunnel interface on remote router using WHAX live distro. Attackers makes configuration changes on router to start a tunnel interface and route all of the network traffic from that tunnel interface. Later they can sniff the traffic when ever they wants.
Wednesday, June 17, 2009
Tuesday, June 16, 2009
A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws
A3 - Malicious File Execution
A4 - Insecure Direct Object Reference
A5 - Cross Site Request Forgery (CSRF)
A6 - Information Leakage and Improper Error Handling
A7 - Broken Authentication and Session Management
A8 - Insecure Cryptographic Storage
A9 - Insecure Communications
A10 - Failure to Restrict URL Access
Monday, June 8, 2009
A live demonstration of obtaining admin access on a Windows XP SP3 Machine. Exploits a flaw in Windows Server Message Block (SMB) which provides shared access to files and folders on network. Hacker utilizes Metasploits Framework to run the exploit.It works by relaying a SMB authentication request to another host which provides Metasploit with a authenticated SMB session, and if the user is an administrator, Metasploits will be able to execute code on the target computer and can even get a reverse shell.Hacker forces the target computer to perform a SMB authentication attempt by using a Ettercap Filter.For authentication target computer is forwarded to Metasploit.
Friday, June 5, 2009
Thursday, June 4, 2009
Honeypots are the machines used for intrusion detection.It's basically a trap for hackers and seems to contain wealth of information in which hackers are interested in.
These computors are configured with lots of monitoring tools which keeps an eye on each and every step of hackers which helps in studying their mind set later on. Softwares installed on these computers are dual purpose.At first glance they are inviting in nature, intruders gets attracted to them and on the other hand it helps in intelligence gathering.Once the hacker breaks into the system,later studies of these machines by security administrators helps in finding the ways which attacker used to break into these systems and helps in blocking those intrusion techniques.
More details on Honey Pots can be found here