Search:

Type: Posts; User: Cryptid; Keyword(s):

Page 1 of 2 1 2

Search: Search took 0.00 seconds.

  1. Replies
    1
    Views
    4,453

    RST packet attack from Client

    the RST packet attack is basically when a client initiates a connection (3 way handshake) and an attacker spoofs the identity of the server and get the correct sequence number and ACK no and sends a...
  2. Replies
    1
    Views
    1,191

    Metasploit Updates on BT4 and Ubuntu differ..

    on updating Metasploit 3.3dev in ubuntu i get 320 exploits and it reports it is at revision 7131 but on BT4 it updates and show 413 exploits and 266 payloads..

    why is there a difference the?
    ...
  3. Replies
    3
    Views
    1,547

    try PEscramble

    try PEscramble
  4. Replies
    1
    Views
    1,097

    ReRouting Meterpreter session

    im on a network where all the traffic passes thru a squid proxy out to the network , i.e all out going traffic is thru port 3128 and the proxy is setup in such a way that no interlan communication is...
  5. Replies
    8
    Views
    9,022

    alright will check De-ICE out.. and why wouldn't...

    alright will check De-ICE out.. and why wouldn't i give credit?? its not like i am getting money for completing the challenge im just taking the challenges before hand to let the organizers know how...
  6. Replies
    11
    Views
    1,888

    will you please share your scripts.

    will you please share your scripts.
  7. Replies
    8
    Views
    9,022

    no it isnt... i just confirmed that its a single...

    no it isnt... i just confirmed that its a single file and instead of using a password to secure the file the event organizers chose scramble it so that no password cracking tools could be used.. the...
  8. Replies
    11
    Views
    1,888

    Done! :D did a arp poison looked for...

    Done! :D

    did a arp poison looked for interesting GET request that ended with .exe and then did a 301 redirect http injection and deployed a binary meterpreter file and rooted the box..

    and way...
  9. Discussioni: Blind TCP Hijacking

    by Cryptid
    Replies
    3
    Views
    5,480

    well i wrote a small program which calculates the...

    well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request it is still in the priliminary stages and work on broadcast...
  10. Replies
    11
    Views
    1,888

    dont worry it isnt... the network topology i am...

    dont worry it isnt... the network topology i am referring to here is my college network. we are trying to get our principal to pump in some funds in developing our infosec classes & labs, so...
  11. Replies
    8
    Views
    9,022

    Determining the encryption type of a file

    well here is the situation,, i have a zip file and along with it is the password but when i try to open the file it says the file is not identified or may be corrupt,, im guessing the file has been...
  12. Replies
    11
    Views
    1,888

    well from what i have seen the setup is more or...

    well from what i have seen the setup is more or less like this.

    all the computers are given a static C-class address no gateway is configured the web browser is configure to use the ip...
  13. Replies
    11
    Views
    1,888

    sslstrip on proxied network

    im on a network which has all traffic forwarded to the internet via a squid proxy i.e port 3128 i tried running sslstrip but it fails raising several errors.. so has anyone every got sslstrip to work...
  14. Replies
    6
    Views
    1,907

    the problem was the 301 response had to end with...

    the problem was the 301 response had to end with a \r\n which was missing, therefore the problem occured now its working but there is another problem the race conditon is effectively being exploited...
  15. Replies
    6
    Views
    1,907

    alright i have acheived some progress but im...

    alright i have acheived some progress but im stuck again

    when a get request is being made say

    GET /~sgtatham/putty/latest/x86/putty.exe HTTP/1.1
    Host: the.earth.li

    i am repling back with a...
  16. Replies
    6
    Views
    1,907

    Thanks a lot,,, it looks like HTTP 301 response...

    Thanks a lot,,, it looks like HTTP 301 response is the best thing to do i have even seen an ettercap filter doing the same... will try to implement this using scapy on a wifi network,,, now must sit...
  17. Replies
    6
    Views
    1,907

    replacing .exe on a broadcast network

    does anyone have any knowledge regarding replacing .exe file request on a broadcast network by exploiting a race condition... from what i understand at the moment one can sniff network traffic and on...
  18. Replies
    5
    Views
    2,909

    well i figured it out.. scapy decrypts things...

    well i figured it out.. scapy decrypts things automatically once the wepkey is entered in the correct format,, philippe was kind enough to point that out... but now i need to figure out a way to...
  19. Replies
    5
    Views
    2,909

    conf.iface='mon0'...

    conf.iface='mon0'
    conf.wepkey='\x19\xdd\x32\x72\x7c'
    pkt=sniff(count=0, prn=lambda x:x.summary())
    ^C
    pkt[321].unwep() # where pkt[321] is a packet containing Dot11WEP layer


    i get an error...
  20. Replies
    5
    Views
    2,909

    this isnt on the fly we are reading a .pcap file...

    this isnt on the fly we are reading a .pcap file which is already present in the disk... i came across this example before making a post on the forum.. i need packets to be sniffed and decoded in...
  21. Replies
    5
    Views
    2,909

    On the Fly WEP data sniffing using scapy

    i have been playing around with scapy for quite sometime now... works great for sniffing wireless traffic without even associating to any AP, but i havent figured out how to sniff on data protected...
  22. how to Determining Nature of a Probe in client attacks

    i've been reading up on caffe latte and hirte attacks, was able to perform the hirte attack with out any problem against my iphone but in a real case scenario how do you detemine the nature of the...
  23. Replies
    14
    Views
    6,499

    well it is a "here's a question, what would you...

    well it is a "here's a question, what would you do" scenario.

    and i think there is a way to work around it and no need of an exploit to perform a previledge escalation attack.Still thinking, in...
  24. Replies
    14
    Views
    6,499

    it is totally a hypothetical situation part of...

    it is totally a hypothetical situation part of some online cracking challenge.the question goes like this

    A Linux server has two user accounts. One of them is the root's account and the other is...
  25. Replies
    14
    Views
    6,499

    with a shadowed file only with executable...

    with a shadowed file only with executable permission how would it be possible to proceed with a escalation of previledge attack?
Results 1 to 25 of 35
Page 1 of 2 1 2