Skip to main content


Showing posts from April, 2013

Wireless Hacking Part-1

What is Wifi? It is wireless Internet connection through a wireless router which is transmitting data in specific high frequency radio signal.
Evolution of 802.11 1:802.11 legacy 2:802.11a – 5.4GHz,1999,orthogonal frequency Multiplexing 3:802.11b—2.4GHz ,CSMA/CA,11mbps 4:802.11g—2003,backward compatible,54mbps 5:802.11n – MIMO,150mbps,2.4-5GHZ 6:802.11ac – underdevelopment,6.9Gbps,8-MIMO streams etc…

Modes There are 6 modes of wifi : 1. Monitor 2. Master 3. Managed 4. Ad-hoc 5. Mesh 6. Repeater 7.Promoscuios 
To know the wireless mode that you are running can be checked by following command :
iw phy phy1 info 
1. Master : It is Access Point or Base Station, it€™s an embedded device with a proprietary OS or slim down Linux installation setup to provide network access to clients. 2. Managed : Infrastructure Mode, are considered clients or stations and are the devices connected to an access point. Your laptop, Nintendo, iPhone, etc.. To connect in managed Mode: iwconfig wlan0 mode managed iwconfig wlan0 essid H…

Install Lorcon2 In Backtrack

msfwifi_dir="/opt/metasploit/msf3/modules/auxiliary/dos/wifi/"  rubylorcon_dir="/opt/metasploit/msf3/external/ruby-lorcon2"  msfuzz_dir="/opt/metasploit/msf3/modules/auxiliary/fuzzers/wifi"  apt-get install libnl-dev  clear  svn co lorcon2  cp -r ./lorcon2/ $rubylorcon_dir   sed -i 's/+ channel.chr/+ datastore['\''CHANNEL'\''].to_i.chr/g' $msfwifi_dir /ssidlist_beacon.rb  sed -i 's/+ channel.chr/+ datastore['\''CHANNEL'\''].to_i.chr/g' $msfwifi_dir/netgear_*  sed -i 's/+ channel.chr/+ datastore['\''CHANNEL'\''].to_i.chr/g' $msfuzz_dir/*.rb  sed -i 's/Lorcon/Lorcon2/g' $msfwifi_dir/ssidlist_beacon.rb  sed -i 's/STR2CSTR/StringValuePtr/g' $rubylorcon_dir/Lorcon2.c  cd $rubylorcon_dir/lorcon2  ./configure --prefix=/usr/  make  make install  cd ..  ruby ./extconf.rb   make  make install  clear  cp $rubylorco…

SNMP Basics

SNMP stands for Simple Network Management Protocol. It was created in 1988. The purpose of its creation was to manage a growing number of network elements in a computer network. Slowly, this protocol started becoming popular and it forms the basis of network management today.

Through snmp one can retrieve information about network devices like routers, printers, hubs or even normal computers. The information that can be retrieved through snmp is endless. Some examples of the type of information that can be retrieved through snmp are :

System up timeCPU usage levelDisk usage levelNetwork settings etc.
Not only information can be retrieved but also these network devices can be configured with new values through snmp. Despite being simple in its design and approach, its the sheer power of this protocol that makes its popular network management protocol today.

SNMP system design

A computer network system that uses SNMP for network management consists of the three fundamental components :


PathPing is a network utility supplied in Windows NT and beyond that combines the functionality of ping with that of tracert.
It provides details of the path between two hosts and Ping-like statistics for each node in the path based on samples taken over a time period, depending on how many nodes are between the start and end host.
The advantages of PathPing over ping and traceroute are that each node is pinged as the result of a single command, and that the behavior of nodes is studied over an extended time period, rather than the default ping sample of four messages or default traceroute single route trace.

Create A Digital Certificate

Here is the way to - HOWTO - create a Digital Certificate using OpenSSL software. First of all install OpenSSL on you PC. 

Create your Own CA 
Then create some directory to be your CA directory (let's call it demoCA) 
Now create the following 3 directories in demoCA (requests, certs, and keys) and create the following to files (database.txt, and serial.txt) and open serial.txt and write 01 in it. Also don't forget to copy the file openssl.conf there too. 
Now you need to create your CA key: 
openssl genrsa -des3 -out keys/ca.key 1024
Create a master certificate based on this key, to use when signing other certificates: 
openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer

Create the Digital Certificate
Generate private key for the certificate: 
openssl genrsa -des3 -out keys/foo-key.pem 2048
Create a certificate request: 
openssl req -new -key keys/foo-key.pem -out requests/foo-req.csr
Sign the certificate by the CA: 
openssl ca -policy policy_anything -…

Null Byte Injection

Null Byte Injection is an active exploitation technique used to bypass sanity checking filters in web infrastructure by adding URL-encoded null byte characters (i.e. , or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow malicious adversary to get unauthorized access to the system files.
Most web applications today are developed using higher-level languages such as, PHP, ASP, Perl, and Java. However, these web applications at some point require processing of high-level code at system level and this process is usually accomplished by using ‘C/C++’ functions. The diverse nature of these dependent technologies has resulted in an attack class called ‘Null Byte Injection’ or ‘Null Byte Poisoning’ attack. In C/C++, a null byte represents the string termination point or delimiter character which means to stop processing the string immediately. Bytes following the delimiter will be ignored. If the string loses its null char…

Email Injection

There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() function generates emails containing headers with the originating IP of the server it's running on. Therefore the mailform acts as a SMTP proxy. The input fields of the form may vary, but it is common to specify a mailform that gives you control over the subject, the message, and the sender's email address.


In this context, the target is to be able to send anonymous emails to other recipients. There are numerous additional fields that can be specified in the mail headers (see [ RFC 822 ]). For example 'Cc' (Carbon Copy), which sends a copy of the message to the email addresses given as arguments. A better choice is to use the 'Bcc' (Blind Carbon Copy) which sends a carbon copy of t…