Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: The Basics

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Question The Basics

    Hi,
    I have just started to get in to network security and am having a good time with it (I like brain teasers and tech)
    I have started a project and could use some guidance It goes as follows:
    3 old PC's on a privite network (no Internet) connected by a wireless/wired router
    the fist PC is Ubuntu (wireless)
    the second XP Pro (wired)
    the third Vista Home Pre (wireless)

    XP and vista are using Name brand antivirus and firewall and are password protected (easy dictionay + one number passwords)

    For the wireless securiety I am starting with WEP

    Now Using back track (running off the cd) I cracked the WEP key and gained accesses to the net work. The Next thing I want to check is how hard it is to crack the OS passwords and router Password and this is were I am Stuck I am not sure how to go about this.
    I am a Noob with linux(i use Ubuntu but nothing "hard core") and network security.
    Up until just recently I was primarily a windows user (multimedia and gaming)

    Any suggestions would be great or even if their is a good tutorial on the net some were I could read like a 101 or something because even when I cracked the wep is more of a monkey see monkey do experience. Then going back and finding out why it was done like that and what each command is for and how to use them properly

    What I hope to accomplish : Making my network more secure , Knowledge , and FUN

    Thanks

  2. #2
    Member
    Join Date
    Aug 2006
    Posts
    100

    Default

    For your router, try researching a program called Hydra. In fact I think there is a recently posted How-To video on this...correct me if im getting videos mixed up...

    For your computers, think more exploiting and then downloading the SAM/LM hashes and getting the passwords that way. (look up Metasploit)

  3. #3
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Default

    Thanks for the info will most defo look into those two

  4. #4
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Quote Originally Posted by masteroc View Post
    For your router, try researching a program called Hydra. In fact I think there is a recently posted How-To video on this...correct me if im getting videos mixed up...
    If anyone knows the link for this, it would be greatly appreciated.
    "You're only smoke and mirrors..."

  5. #5
    Member
    Join Date
    Aug 2006
    Posts
    100

    Default

    Quote Originally Posted by SephStorm View Post
    If anyone knows the link for this, it would be greatly appreciated.
    http://forums.remote-exploit.org/spe...ttp-hydra.html

    It says HTTP, but (as explained in the post) it cracks the http interface to the router.

    Edit: All credit to the original poster/maker of this btw!

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    If anyone knows the link for this, it would be greatly appreciated.
    If you mean a link for hydra try
    #!/bin/the hacker's choice - THC
    Once there chose the freeworld site.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Question

    hi,
    I changed my wireless security type to WPA2 with an easy pass (dictionary + number) and want to try cowpatty on it.
    I found a list of rainbow tables (i think thats what they are called) at
    offensive-security.com/wpa-tables/

    but looks like they are broken up in to AP types do i need to know what type manufacture the AP is to use these tables and if so how do you find out the manufacture of the AP?

  8. #8
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default

    If I remember corretly, those tables are precomputed tables for default router names. Its so you don't have to create a batch job and your bruteforce goes a heck of a lot quicker. Thats all I will say about this one cause You should KNOW YOUR Router's name and company cause it says so on your setup page.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Maxpowers View Post
    hi,
    but looks like they are broken up in to AP types do i need to know what type manufacture the AP is to use these tables and if so how do you find out the manufacture of the AP?
    Might be a good idea to re-read the rules because this post makes you look suspect. As for rainbow tables there is a whole page on it at wikipedia at a minimum you should start reading with it.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Member
    Join Date
    May 2009
    Posts
    102

    Default

    Quote Originally Posted by masteroc View Post
    For your router, try researching a program called Hydra. In fact I think there is a recently posted How-To video on this...correct me if im getting videos mixed up...

    For your computers, think more exploiting and then downloading the SAM/LM hashes and getting the passwords that way. (look up Metasploit)
    How about bypassing the router web interface login completely? I tried it with one brand, and was successful. Most routers do not have much security on their web interface login by default. Some only use basic redirection for login authentication, while others use ntlm. Some even have the routers web admin interface accessible from the WAN interface by default, and so eventually people came up with stealthy worms that target home dsl routers. It would be nice if manufacturers would create random administrator username and password for each device coming out of their factory. They just have to write it in a sticker attached to the device. This way, hackers won't find much use of the phenoelite-us.org default password list.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •