the RST packet attack is basically when a client initiates a connection (3 way handshake) and an attacker spoofs the identity of the server and get the correct sequence number and ACK no and sends a...

on updating Metasploit 3.3dev in ubuntu i get 320 exploits and it reports it is at revision 7131 but on BT4 it updates and show 413 exploits and 266 payloads..

why is there a difference the?
...

try PEscramble

im on a network where all the traffic passes thru a squid proxy out to the network , i.e all out going traffic is thru port 3128 and the proxy is setup in such a way that no interlan communication is...

alright will check De-ICE out.. and why wouldn't i give credit?? its not like i am getting money for completing the challenge im just taking the challenges before hand to let the organizers know how...

will you please share your scripts.

no it isnt... i just confirmed that its a single file and instead of using a password to secure the file the event organizers chose scramble it so that no password cracking tools could be used.. the...

Done! :D

did a arp poison looked for interesting GET request that ended with .exe and then did a 301 redirect http injection and deployed a binary meterpreter file and rooted the box..

and way...

well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request it is still in the priliminary stages and work on broadcast...

dont worry it isnt... the network topology i am referring to here is my college network. we are trying to get our principal to pump in some funds in developing our infosec classes & labs, so...

well here is the situation,, i have a zip file and along with it is the password but when i try to open the file it says the file is not identified or may be corrupt,, im guessing the file has been...

well from what i have seen the setup is more or less like this.

all the computers are given a static C-class address no gateway is configured the web browser is configure to use the ip...

im on a network which has all traffic forwarded to the internet via a squid proxy i.e port 3128 i tried running sslstrip but it fails raising several errors.. so has anyone every got sslstrip to work...

the problem was the 301 response had to end with a \r\n which was missing, therefore the problem occured now its working but there is another problem the race conditon is effectively being exploited...

alright i have acheived some progress but im stuck again

when a get request is being made say

GET /~sgtatham/putty/latest/x86/putty.exe HTTP/1.1
Host: the.earth.li

i am repling back with a...

Thanks a lot,,, it looks like HTTP 301 response is the best thing to do i have even seen an ettercap filter doing the same... will try to implement this using scapy on a wifi network,,, now must sit...

does anyone have any knowledge regarding replacing .exe file request on a broadcast network by exploiting a race condition... from what i understand at the moment one can sniff network traffic and on...

well i figured it out.. scapy decrypts things automatically once the wepkey is entered in the correct format,, philippe was kind enough to point that out... but now i need to figure out a way to...

conf.iface='mon0'
conf.wepkey='\x19\xdd\x32\x72\x7c'
pkt=sniff(count=0, prn=lambda x:x.summary())
^C
pkt[321].unwep() # where pkt[321] is a packet containing Dot11WEP layer


i get an error...

this isnt on the fly we are reading a .pcap file which is already present in the disk... i came across this example before making a post on the forum.. i need packets to be sniffed and decoded in...

i have been playing around with scapy for quite sometime now... works great for sniffing wireless traffic without even associating to any AP, but i havent figured out how to sniff on data protected...

i've been reading up on caffe latte and hirte attacks, was able to perform the hirte attack with out any problem against my iphone but in a real case scenario how do you detemine the nature of the...

well it is a "here's a question, what would you do" scenario.

and i think there is a way to work around it and no need of an exploit to perform a previledge escalation attack.Still thinking, in...

it is totally a hypothetical situation part of some online cracking challenge.the question goes like this

A Linux server has two user accounts. One of them is the root's account and the other is...

with a shadowed file only with executable permission how would it be possible to proceed with a escalation of previledge attack?