PPTP VPN MITMA

hxxp://crimemachine.com/Tuts/Flash/pptp-vpn.html

Use "Auditor" Remote Exploit or you could do it on whax but you'll need to down load a few extra bits and peices. Google search "Knoppix Remote Exploit", then download it, It's about 500+ mb....It's a CD live distro and it is probably better than Whax, just about...

[edited]or dwnld here:
http://new.remote-exploit.org/index.php/Main_Page


How to decrypt SSL encrypted traffic using a MITMA
http://www.crimemachine.com/Tuts/Flash/SSLMITM.html



SSL MITM attacks
hxxp://eks0.free.fr/whax-demos/?f=Whoppix-ssl-mitm_config.xml
Another video tut of a different to the decryption one...



UUMmmmm.......................I think it's

ssh tunneling, with use of Nikto and mfscli exploits.. Might be wrong and can't be aresd to check it out though...But it's good...
http://whoppix.hackingdefined.com/Whoppix-ssh-dcom.html



A quick tut on making your trojans completely undetecable by hand, using Ollydbg (the pro way) LOL...good tut and it works....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39032

+
Example code/trojans that he uses to practise on....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39033



Right I've just relised this is in completely the wrong place....Unix-Linuix Systems is not for hacking tutorials.....never mind


128bit WEP cracking
hxxp://www.crimemachine.com/Tuts/Flash/wepcracking.html

Mad how easy it is!!



Basic introduction to the Nessus security scanner using Auditor Security Collection

hxxp://www.irongeek.com/i.php?page=videos/nessus



Basic introduction network mapping using nmap
not expecting many of you to need this..

hxxp://www.irongeek.com/i.php?page=videos/nmap1



Cracking Syskey and the SAM on Windows Using Samdump2 and John

hxxp://www.irongeek.com/i.php?page=videos/samdump2auditor



FTP Bruteforcing and the use of the raptor exploit (I think)

hxxp://eks0.free.fr/whax-demos/?f=raptor_config.xml



Autoscan + Metasploit

hxxp://eks0.free.fr/whax-demos/?f=autoscan-metasploit_config.xml





................

Argh, this reeks of script kiddie-ism :-/

This place isn't a repository for how-to guides, but we'll see what ComSec says, besides, these aren't anything new.

Do you even read what you post?

Example:
For the SSL Man in the Middle Attack, you don't need access to the victims computer. If you did, that wouldn't be very 'in the middle', now would it? You just need access to their network.

Honestly, it's nice, but it's so specific and contrived, that it won't work in most cases. You're issuing an invalid certificate, which some users would notice, and if you just sniff the traffic, you can't crack it easily.


Another thing, the 128bit cracking only works in high traffic areas, otherwise it isn't that easy. (7 GB of traffic on average) :-/

You could forcefully generate the traffic yourself but most routers detect this, and so do the network users when they repeatedly get disassociated with the AP.

Not really, some of the newer tools can do it with far less traffic.

Depends if you force the traffic, which is detectable, or passively sniff it.

Forcing the traffic needs alot less, but passively sniffing leads to alot of time between IV packets, so trust me, 7 GB is about the right amount.

Forcing the packets is never a good idea, most users aren't that dumb to sit there while their APs disassociate for 20 minutes straight.

Just cause it's not a repository for how-to guides doesn't mean that network administrators like myself don't want to know about how malicious users will attack our networks. The original poster isn't promoting script kiddie-ism, he just posting tutorials.

Sorry if you're that ill informed about 2+ year old exploits and strategies, better look through the archives then or buy yourself some network security guides.


I recommend this as a primer: Amazon


Let's try to keep it to new tactics used by blackhats, like maybe new WPA cracking algos? Okay?

linux_dude,

Sorry if you're that ill informed about 2+ year old forum rules and strategies surrounding how to respond to posts, better look through the rules then or buy yourself your own security forum, cuz if you keep spouting off, you'll be history here.

Opinions are fine unless you start slashing, which you did. Just tone it down a bit. Not everyone is at the same knowledge level here. Besides, you don't appear to know Yorn at all, cuz if you did

Yorn, handle this with code 3...

Look linux_dude you obviously have issues and are dying to prove how much you may know, personally I couldn't give a crap how much you do or don't know (hell I didn't know what a Bash shell was till about 2 weeks ago ). For a start I'm not claiming to be some hacker or security expert. I came across these and found them quite interesting so I assumed others might. I admit some of the techniques may be "script kiddy" like. But who cares? Only you it seems......This is a sight aimed at computer security is it not? So what's your problem...?

So the question remains shall I stop posting because you know everything? LOL I think not...

Go and have a good cry about it all, and let it all out, and see you back here in the future...

Hah. I'm not as quick as to lay down justice as you, beardednose. I think he was probably just concerned a bit about people's reactions.

I have to admit, I have never seen an arp spoof in practice. It was funny seeing how simple it was and how quickly the job was over. Scary too.

Ohh, Craz3 is getting pissy at me.

Listen, they're interesting, but they've been discussed here before. I like fresh news, not some blackhat tactics from when I joined here, and a nice how-to for script kiddies to exploit.

And yah, I don't know Yorn, I've been gone for a while from the forum, but this isn't new. Sorry Yorn, didn't mean to pick on you.

Just getting annoyed to see this great place flooded with script kiddie requests for compiled hacks, and how-to's, this seemed along those lines, but answering their questions instead of asking them.

just a minor clarification craz3, that knoppix remote exploit live cd you posted about is actually "auditor"...

cheers...

Yeah sorry, I burnt 5 CD lives the other day and didn't mark which ones which so it's all got a bit confusing. I'm pretty sure it's knoppix based though?????Or slax.......???


Its ironic because for 80% of the people who frequent this site its not posts like this that make it sh!te its people like you, and your inability to be in anyway constructive with your made obvious knowledge.

Oh yeah and "65" posts, I think you should keep your compents to yourself until you've earnt the right to complain, as there's no rules against this kind of post.

Just stop with the personal attacks Craz3 there buddy, and look over my posts and yours before you tell me what I can't criticize.

Trust me, even the mods/owners complained about the trial member script kiddies, so I'm not wrong here, the thread quality has declined rapidly. Stay a bit, hopefully you'll become a full member, and you'll see what quality threads look like. Besides, I posted when I joined, then moved away from the community, now I've come back.

That arp spoof seems overly done too, the IP would have sufficed, no need to spoof the DNS to, then you don't wind up with an invalid cert which wouldn't occur if the victim thought you were gmail's IP. :-D

Do some time travel, remove those previous useless posts you've made and maybe you'll get a promotion to Specialists ... Unlikely, but then you'll see even more quality posts.

Anyway, thanks for the video tutorials, i've worked on most of those methods before, but it's always great to see different methods and other ways others do it... Although, thanks linux_dude, didnt know that cracking 128bit WEP was over two years old, and didnt know users would use their connection 24x7 and always be monitoring the IDS logs so disassociating for 20 minutes must really be obvious at 3am...

I use tutorials like that, and altered skiddie apps aswell, to work on IDS rules, seeings most amatuer hackers simply use exactly the same methods, the packets end up having a very unique signature...

I think that we can safely come to the conclusion that no one is in the "wrong" here. What is obviously in question is your conduct, and the way in which you present your greavances. If the mod/owners have a problem with this post i'd much rather hear it from them in a pm, than yourself in a desperate attempt to appear knowledgable.....

So in the future if you do have any burning issues with a post, I surgest you contact a mod and let them deside whether it's inappropriate or not.

Peace