Monday, July 27, 2009
This video is showing how to use Wireless Key Grabber. It requires lighttpd and it runs a fake wireless access point to grab wireless keys.whenever a user tries to connect to any website after connecting to this fake access point his browser is forwarded to a customised URL.Metasploit DLL injection is used to grab wireless key.Download link is available here.
Saturday, July 18, 2009
In this video an attacker sniffs network traffic from a remote machine using ARP and DNS Spoofing with Ettercap.Uses Driftnet program to listens to network traffic and sniff out images from TCP streams on the network.And finally uses remote_browser plugin of ettercap which sends visited URLs of the victim to attackers browser.Like this an attacker's browser follows what ever the victim is browsing. Just watch this.....
Friday, July 10, 2009
A Video demonstrating how a Attacker can sniff wireless networks using veriety of different tools like arpspoof for ARP Spoofing so that victim's computer routes all internet traffic via attacker's network interface.DNSSpoof is used to send the IP of an infected machine which is setup by an attacker.And finally WebMitm tool is used to send a spoofed certificate.When ever a user opens up any SSL encrypted web site,WebMitm issues a fake certificate.once the user accepts that certificate,Attacker can then sniff complete network traffic using wireshark.When attacker collect enough data,he can use SSLDump to decrypt everything using the certificate issued by WebMitm.Like this attacker can have complete details about user's credentials.
Thursday, July 9, 2009
A Small video showing how easy it is to intercept HTTPS traffic from switched local network by spoofing the SSL certificate using man in the middle attack with Ettercap. The attacker uses one way ARP poisoning on victim and issues a fake spoofed SSL certificates on a switched Ethernet network.
Wednesday, July 1, 2009
This video is live demonstration of hacking a cell phone using Bluetooth hacking tool called Super Bluetooth hack.This Java based tool allows to remotely make calls, view messages,remotely do any thing as if attacker is using the phone himself.