Monday, November 22, 2010

The Art Of Social Engineering

I doing some website stumbling and ran across this : http://www.spoofcard.com/
wow can this lend it self to exploitation of it has not already.

Sunday, November 14, 2010

Honeypot Project Coming Soon

Flytrap and Flyanalysis Project


Working on setting up a network of Honeypots for testing different variations of present malicious web activity. There will be two portions of the project one that consist of the actual honeypots and the other a reporting server which will poll from all the honeypots and report the malicious activity the honeypot caught. Also will open a donation page for anyone who would like to support the project. please refer to the new link for more details.

Friday, November 5, 2010

Kismac with an HWUG1 Wireless-G USB Adaptor

(mac only)

Recently purchased(from amazon) a Hawking Technology G adaptor to test with Kismac. Using this youtube video tutorial:
http://www.youtube.com/watch?v=lBGN5OGCPgI

What I learned from this exercise is that the only way to crack WPA and WPA2 is via bruteforce/wordlist. I have gather some over the internet and I believe that you can produce some with Cain and Able, more details coming in the next post.

Here are some basic word list:
http://rapidshare.com/files/429043935/500_most_used_pswd.txt.zip
http://rapidshare.com/files/429045186/Rockyou_list_original_.txt.zip
more from kismac: http://trac.kismac-ng.org/wiki/wordlists

Cracking WEP is much more easier specially with the HWUG1 card which can perform injection. You acn successfully retrive the key with these easy steps:
1. Select the RT73 device driver in preference, remove the airport drivers.
2. Scan/sniff the network
3. Then under preference select the channel which the SSID in interest sits on,
4. Click on reinject packets and wait until ~130,000 packets have been gathered.
5. After 130,000 or so have been gathered click on network-->crack-->Weak Scheduling Attack-->Both
6. The Key should be cracked in a matter of minutes (works for me if stuck email me)

Hope this quick guide helps, working on one for the WPA encryption.

dumb disclamer: This is not a toy dont break/crack networks that are not yours, im not responsible for anything done with this tutorial/tools