Monday, May 31, 2010

Plecost: Wordpress Finger Printer

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.




Plecost retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google.

Download: http://code.google.com/p/plecost

Thursday, May 27, 2010

Clickjacking

Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

Although it has been two years since the concept was first introduced, most websites still have not implemented effective protection against clickjacking. In part, this may be because of the difficulty of visualising how the technique works in practice.

This new browser-based tool allows a user to experiment with clickjacking techniques by using point-and-click to visually select different elements within a webpage to be targeted. The tool also allows several 'next-generation' clickjacking techniques to be used, as introduced in Paul Stone's Blackhat Europe 2010 talk.

Among the features of the new tool are:
Use point-and-click to select the areas of a page to be targeted
Supports the new 'text-field injection' technique
Supports the new 'content extraction' technique
'Visible mode' replay allowing a user to see how the technique works behind the science
'Hidden mode' replay allows the same steps to be replayed in a hidden manner, simulating a real clickjacking attack.
The tool is currently in an early beta stage, and works best in Firefox 3.6. Full support for other browsers will follow shortly. For further information, please see the Readme.txt file in the downloadable tool.


http://www.contextis.co.uk/resources/tools/clickjacking-tool/cjtool.zip

Monday, May 24, 2010

Cracking WPA2 Password Using Pyrit (GPU Cracking)



In this video its shown how to attack Wireless Networks using Pyrit tool. Pyrit is a GPU cracker for attacking WPA/WPA2 PSK protocols. It allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK. Download and other details can be found here.

Thursday, May 20, 2010

Nmap Using TOR Networks

 

A good video showing how to scan networks with Nmap using Tor network to stay anonymous.
An Attacker downloads and configure TorTunnel,TOR bundle and proxychains. After setting up everything, an attacker uses nmap to find out the services running on different IP addresses. The main purpose of this video to stay anonymous while scanning different networks.

Monday, May 17, 2010

Milw0rm Exploits Archive



A live demo on how to use the latest exploits from milw0rm.com on backtrack live distro in detail. In this video, the attacker launches an attack against a Dream FTP Server to crack the administrator 's password running on a windows box.

Thursday, May 13, 2010

Karmetasploit on Backtrack4



This video is about using karma exploit from Metasploit on Backtrack 4. An Attacker will setup his own fake Access Point in monitor mode, DHCP daemon and a web server daemon. Attacker runs Metasploit's karma exploit. The moment an IP address is assigned to the victim's PC, all the activity is logged at the attacker's machine including the URL visited and credentials used for mail and web access.

Monday, May 10, 2010

Sniffing And HTML Injection



This video explains various examples of network sniffing and HTML injection with Ettercap-NG tool on BackTrack-4 on a Local Area Network. It shows how an attacker can change text of chat messages within LiveMessanger using ettercap filters and also using Ettercap plugin, Filters, filterf_modify, file-inject. An Attacker can even find who else is ARP poisoning on LAN using search_poisoning ettercap plugin.

Wednesday, May 5, 2010

Wireless Key Grabber



This video shows how to use Wireless Key Grabber. It requires lighttpd and it runs a fake wireless access point to grab wireless keys. Whenever a user tries to connect to any website after connecting to this fake access point, his browser is forwarded to a customized URL. Metasploit DLL injection is used to grab wireless key.

Download link is here : http://www.megaupload.com/?d=Z1TZEFDG
Script information is here : http://pastebin.com/f29b60836

Monday, May 3, 2010

DNS Spoofing And Browser Spying Part 2



In this video an attacker sniffs network traffic from a remote machine using ARP and DNS Spoofing with Ettercap.Uses Driftnet program to listens to network traffic and sniff out images from TCP streams on the network.And finally uses remote_browser plugin of ettercap which sends visited URLs of the victim to attackers browser.Like this an attacker's browser follows what ever the victim is browsing.
Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security