PPTP VPN MITMA
http://crimemachine.com/Tuts/Flash/pptp-vpn.html
Use "Auditor" Remote Exploit or you could do it on whax but you'll need to down load a few extra bits and peices. Google search "Knoppix Remote Exploit", then download it, It's about 500+ mb....It's a CD live distro and it is probably better than Whax, just about...
[edited]or dwnld here:
http://new.remote-exploit.org/index.php/Main_Page
How to decrypt SSL encrypted traffic using a MITMA
http://www.crimemachine.com/Tuts/Flash/SSLMITM.html
SSL MITM attacks
hxxp://eks0.free.fr/whax-demos/?f=Whoppix-ssl-mitm_config.xml
Another video tut of a different to the decryption one...
UUMmmmm.......................I think it's
ssh tunneling, with use of Nikto and mfscli exploits.. Might be wrong and can't be aresd to check it out though...But it's good...
http://whoppix.hackingdefined.com/Whoppix-ssh-dcom.html
A quick tut on making your trojans completely undetecable by hand, using Ollydbg (the pro way) LOL...good tut and it works....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39032
+
Example code/trojans that he uses to practise on....
hxxp://www.h2kclan.com/forum/index.php?action=dlattach;topic=30238.0;attach=39033
Right I've just relised this is in completely the wrong place....Unix-Linuix Systems is not for hacking tutorials.....never mind
128bit WEP cracking
hxxp://www.crimemachine.com/Tuts/Flash/wepcracking.html
Mad how easy it is!!
Basic introduction to the Nessus security scanner using Auditor Security Collection
hxxp://www.irongeek.com/i.php?page=videos/nessus
Basic introduction network mapping using nmap
not expecting many of you to need this..
hxxp://www.irongeek.com/i.php?page=videos/nmap1
Cracking Syskey and the SAM on Windows Using Samdump2 and John
hxxp://www.irongeek.com/i.php?page=videos/samdump2auditor
FTP Bruteforcing and the use of the raptor exploit (I think)
hxxp://eks0.free.fr/whax-demos/?f=raptor_config.xml
Autoscan + Metasploit
hxxp://eks0.free.fr/whax-demos/?f=autoscan-metasploit_config.xml
................
linux_dude
Jul 19 2005, 04:23 AM
Argh, this reeks of script kiddie-ism :-/
This place isn't a repository for how-to guides, but we'll see what ComSec says, besides, these aren't anything new.
Do you even read what you post?
Example:
For the SSL Man in the Middle Attack, you don't need access to the victims computer. If you did, that wouldn't be very 'in the middle', now would it? You just need access to their network.
Honestly, it's nice, but it's so specific and contrived, that it won't work in most cases. You're issuing an invalid certificate, which some users would notice, and if you just sniff the traffic, you can't crack it easily.
Another thing, the 128bit cracking only works in high traffic areas, otherwise it isn't that easy. (7 GB of traffic on average) :-/
You could forcefully generate the traffic yourself but most routers detect this, and so do the network users when they repeatedly get disassociated with the AP.
Posted by crazy_netz at 10:39 PM 0 comments