DNS Spoofing

DNS Spoofing


DNS  - Domain name server

When you are accessing a Web site, your computer uses a DNS server to look up the domain name you are trying to access. The proper term for this process is DNS name resolution, and you would say that the DNS server resolves the domain name to the IP address. For example, when you enter "http://www.google.com" in your browser, part of the network connection includes resolving the domain name "Google.com" into an IP address, like 74.125.236.32, for Google' Web servers.


What we will do is,we will spoof DNS in a network ... for example

we will put Google's IP in front of Facebook.com(domain name), what will happen is when some one try's to open Facebook.com he will be redirected to Google.com

or view the video at..
http://www.securitytube.net/video/8409

Subterfuge:Harvesting User Login Credential in a Network of Web Services

Hello Guys ,today we will learn how to harvest user credentials in a network of web Services like Facbook.com,Live.com...etc.


Download Subterfuge at:-
https://code.google.com/p/subterfuge/downloads/list


Click the link to watch it if you can't see it clearly :-

http://www.youtube.com/watch?v=ZxRv7w-KsUA

http://www.securitytube.net/video/8367

Deploying Honeypot using Pentbox

                                  Hello guys ,,,today we will learn how to deploy Honeypot using Pentbox.
download link:
http://sourceforge.net/projects/pentbox/
Note:- if you are getting problem in viewing it so you can also view it from our YouTube link
http://www.youtube.com/watch?v=1kdaB_xwNAQ&feature=youtu.be
or
http://www.securitytube.net/video/8306 

Make Your Computer Speaks Your name at Startup

Copy the following script & paste in your notepad & name it as xyz.vbs

(Note: extension should be always .vbs)

                        Dim speaks, speech

                       speaks="Welcome to your PC Username"

                      Set speech=CreateObject("sapi.spvoice")

                      speech.Speak speaks

    

             (in place of Username  type your name)

         Now paste the xyz.vbs to the following path

         “C:\Documents and Settings\All Users\Start     Menu\Programs\Startup  (in Windows XP)

                                      

                                                                       &  

         C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup                     (in Windows 7 and Windows Vista)  ( if C: is your System drive).

Find out Friend's System IP Address

HELLO Everyone.....Today  we will learn how to find out the IP address of your friend's computer while chatting on Social Networking websites

I will be using GMAIL to demonstrate...

First let’s clear some concepts. When we do direct chatting with our friend via chat box, our message 1^st goes to Gmail server then it is forwarded to us or to our friend who is on chat. But when we do Video or Call then we get connected directly to the Friends computer. Now, when we do chatting simply ,hereby our system get connected to Gmail server, thus if we try to find out the ip then we will get Gmail sever IP,& when we do Video or Call chatting then as our system is directly connected to friend's computer, so we will get our Friend's computer IP Address.

Now let’s do it practically,

Fire up your BACKTRACK machine.

Download googletalk plugin from google & you will get a package by name ”google-talkplugin_current_i386.deb”

Execute this file by the following command:-

dpkg  –i  google-talkplugin_current_i386.deb

Now, goto your Terminal & type “”etherape””(without quotes)

goto CAPTURE ....& over there select your interface(network card)

Login into your Gmail account & start your video or call chatting & switch on to etherape window to check out the IP of your friend...(& if you are simply chatting then you will see Gmail sever IP address)

Sending Fake Beacons in th Air

Hi guys lets have something funny by sending out beacons which will show a fake Access Point

Fire up your BACKTRACK MACHINE .I will be using backtrack 5R2 to demonstrate it.

The tool name is mdk3

Start  the terminal

Start  monitor mode by

          # airmon-ng  start wlan0    //(here monitor modes gets enabled)//

 Now  type

        # mdk3  --help      //(for help & to know more)//

Type the command as underbelow for fake Access Point

         #  mdk3   mon0  b  –n  H4ck3d

& hit enter.

To check  it start your wireshark (goto terminal,type wireshark) ,select the interface (i.e on mon0),& see the packets over there.You will see the packet flowing of our Fake Access Point by name “H4ck3d”

Changing MAC Address in Backtrack

Hello guys ...today we will see how to change MAC address in backtrack.

First let’s see what is MAC address-- -, or we can say it as a Hardware address or Physical Address of a particular machine ,also it is globally unique address  which is burnt in the network card itself.MAC comes in play when a computer wants to receive or send data to proper destination.MAC addresses are 12-digit hexadecimal numbers (48 bits in length). MAC addresses are usually written in the under below format:

AA:BB:CC:DD:EE:FF

Now fire-up your backtrack machine.

Go to terminal & type:-
#ifconfig  eth0 down  (//The above command is used for disabling the eth0 interface//)

#macchanger –help  (//you will see list of available options)

You will see how to use it,& its basic usage is

Macchanger (options) device

Now for ex. If you want to see your present mac address simply type..

#macchanger –s eth0 (eth0 is mine interface)

Now in mac address the first three octet are given by manufactured,,our present MAC is AA.BB.CC.DD.EE.FF..

So here AA:BB:CC is given by the vendor & suppose if you don’t want to change..for doing it type..

#macchanger  -e eth0
#ifconfig  eth0 up

After ,hitting enter you will see your previous & fake mac address.

Now for changing your MAC randomly,type:-
again disable the eth0 interface by(ifconfig eth0 down)

#macchanger –r eth0 (then after bring the eth0 up again)

You will again see previous,& fake MAC address..

creating wordlist,crunch,generating passwordlist

Hello guys....i think everyone must be surfing the entire web in search of password list to be used in Dictionary attack,hmm for Ex. as per me much needed for cracking WPA & WPA2 authentication in WiFi  hacking!!!Right???
So in this tutorial we will create our own word-list by using the tool called "crunch" in backtrack.
Crunch is a tool used for creating password list & also it can be used to compress the output file in various formats.
So now...what??
Let's start....
Fire up your BACKTRACK machine ,goto bash & type:-

cd /pentest/exploits/password/crunch

If not there you can download it from
www.sourceforge.net/projects/crunch-wordlist/
to install it..hit the under below commands:-

1. tar -zxf crunch-3.2.tgz (3.2 is the version of crunch,it might be changed if updated)

2./crunch-3.2

3.make install
Now if it get installed successfully ,then type the commands in the bash to generate the list:-

cd /pentest/exploits/password/crunch
First let's see the syntax of crunch:-
 ./crunch [min.Length] [max. Length] [character set] -o /root/Desktop/wordlist.txt

It will create a file on Desktop by name wordlist.txt .In  example below we will see basic usage of crunch:-

./crunch 1 2 1234567890 - o /root/Desktop/wordlist.txt

it will create a word-list of min. 1 & max 2 number digit & save the output file on Desktop

Now we will be creating the password list of mobile numbers which starts with "9" .ex 9838222454(its not my gf number)
here we go:-

crunch # ./crunch 10 10 -f charset.lst numeric -t 9%%%%%%%%% -o wordlist.txt


It will create all the numbers starting with "9"(you might know that min & max digit of mobile is 10 without country-code).

You can also add special symbols too & explore it  to know how to compress the output file we are getting.