Results 1 to 5 of 5

Thread: Forcing A User To Login

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Forcing A User To Login

    Hey guys,

    I just got my Alfa AWUS036H adapter in the mail and went Backtrack crazy on my network all day :P I'm very interested in networks, though a bit novice in my approach.

    I was showing a family member today that I was able to capture mylogin username and password to Yahoo once I had poisoned mycomputer. Our network is WEP, I changed the key and I hacked it, then logged in and ARP poisoned my computer (at least, I believe this is all the correct terminology).

    He raised a good question though. What if I the user had already logged in before I poisoned Myself? For example, I signed into Facebook probably at least a week ago and has remained logged in all of this time through constant usage, and stated that unless I could force the user to sign out, I could be wasting alot of time in "recon".

    I then started thinking about possible ways to deauthenticate a myself with a website (or, hopefully, every website) and require MEto login again. My only thoughts were to be either with Middler (I saw a podcast today where an iframe was injected into the top of the page, and Javascript could be inserted and executed from the iframe. The javascript could perhaps destroy the cookies) or, to be complicated, change the IP of the victim's PC during the ARP poisoning.

    I'd appreciate some feedback, I know I'm not the greatest and there's probably a far easier approach to the problem but I always seem to take the long way around :P

    Thankyou for your time,
    Kalibur
    Last edited by Archangel-Amael; 02-23-2010 at 03:49 PM.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Forcing A User To Login

    @ OP You will notice that everything in bold is something that I changed for you. Let's get one thing clear. I allowed this post because frankly I think there can be some good dialogue to come out of it. However most of what you are asking is already covered in various and sundry parts of the internet. Furthermore Let me also make it very clear that we do not tolerate or condone illegal activities of any sort. So I helped guide you a bit with the above.
    Last edited by Archangel-Amael; 02-23-2010 at 03:49 PM.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Re: Forcing A User To Login

    Archangel.Amael,

    I understand where this site, it's members and the the community behind Backtrack stand on illegal activities, and their opinions pertaining to those who use the software to do such.

    I should shed some backlight on myself, perhaps? I'm a 3rd year Information Technology student attempting 3 majors (instead of the usual 1) in Software Design & Development, Online Systems and my favourite, Networking.

    I do this stuff purely as a hobby, and have never (and will never) attempt it on an unsuspecting victim or network. I'm merely interested about alot of things that I come across and often put myself on forums to ask the experts for answers.

    I'm not trying to gather information for attacking others, and I consider myself an ethical hacker (by self definition, attacking my own network and setting up challenges on my own computers for me to hack around). Unfortunately I'm in the beginning and you'll have to give me a chance to show you that I'm here to stay and learn more, not for a quick fix to learn enough to hack into some random's MSN, steal their conversations and then black mail them.

    I hope I've made my intentions quite clear. I cannot stand those who use their power of IT knowledge to bully others. I only wish to learn more and hell, if I could learn something that I use as experience in an examination for one of my exams then I'd be ecstatic. But for now, it's simply a hobby.

    Thankyou,
    Kalibur

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Forcing A User To Login

    Even when a browsing session saves a tracking cookie which contains log on information it is still transmitted to the host site at log on time. If you are in control of the gateway causing a event which would force reconnection would be trivial. Other ways include tampering with the data the user sends to cause a error and ultimately reconnect. If you are interested in browser stuff you should look into burp suite, tamper data and beEf for some more amplification.

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Re: Forcing A User To Login

    Thankyou pure!

    I'm very interested in the web interface, since I'm doing majors in both networking and online systems. I've heard of beEF but havn't looked into it yet. Will research more.

    Again, thanks
    Kalibur

Similar Threads

  1. Whats the correct answer for user name?
    By Catalyst Elite in forum Beginners Forum
    Replies: 10
    Last Post: 02-17-2010, 07:58 PM
  2. Making a user that has the root appearance BT4
    By Soultaker666 in forum Beginners Forum
    Replies: 13
    Last Post: 02-10-2010, 02:22 AM
  3. Can't find the User Interface
    By Cbeppe in forum Beginners Forum
    Replies: 3
    Last Post: 02-06-2010, 10:16 PM
  4. How to stop John The Ripper from encrypting User
    By newbie in forum Beginners Forum
    Replies: 1
    Last Post: 01-16-2010, 05:27 PM
  5. (Ask)User cannot browse
    By deftoners in forum Beginners Forum
    Replies: 4
    Last Post: 01-15-2010, 05:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •