Hack.Org.Za - Digest

Free Internet: The tried and tested method...

Tue, 07 Feb 2012 18:54:26 GMT

Guides and Documentation

Post subject : Free Internet: The tried and tested method... What is this? Did you ever sit at the airport or at a cafe and there was a unencrypted wireless access point nearby, but whenever you wanted to visit a site their website would pop up asking for a fee to use the internet through their AccessPoint (aka. Captive Portal)? That is because if you cannot resolve a host name your browser won't display any site. So these providers usually allow to look up hostnames to then filter whether they are allowed to access the site or not. In the latter case, their pay-to-get-access site pops up. Not acceptable right...? Well OzymanDNS is a set of Perl scripts (open source) written by Dan Kaminsky in 2005. It was written as a sample implementation of a DNS Tunnel for the Blackhat Europe 2005 conference. So there exists only a 0.1 version. However, OzymanDNS is one of the most common programs to tunnel traffic (in this case) traffic -> ssh -> dns Hence free internet.... "For windows users: I believe their is a version for windows but i must apologize in forth for i am not fluent in windows." How does this work? The Idea is to tunnel all outgoing traffic through DNS. The Domain Name System, used to translate human-readable hostnames to numerical IP addresses and vice versa. What do I need? > laptop or pc with wifi card How to setup: Download Dan Kaminsky's OzymanDNS from http://s3.amazonaws.com/dmk/ozymandns_src_0.1.tgz Get a domain that you can control the nameserver of subdomains for. ZoneEdit works very well for this. Pick a subdomain you want to assign to the OzymanDNS server. example: ozyman.freeinternet.com.. In the domain you have control over, Add an NS record for ozyman.freeinternet.com. with data of yourhost.college.edu (replace that with an actual hostname of the machine running the OzymanDNS server). On the server, start: sudo ./nomde.pl -i 127.0.0.1 ozyman.freeinternet.com On the client, run: ssh -C -o ProxyCommand="./droute.pl -v sshdns.ozyman.freeinternet.com" localhost Congratulations, you should now have an SSH connection open to the host that's running OzymanDNS. The best and coolest way to test the set up, is to find a wireless captive portal or a provider charging for wireless Internet. Statistics : 1 Post || 7 Views Post by kybrd

ReeSQLi

Tue, 07 Feb 2012 17:34:00 GMT

Hacking

Post subject : ReeSQLi Hi all! I've been coding an app in C# that can do semi-basic SQL Injection. It is still in a rather early phase, but works pretty well (In my opinion) - And has ALOT of debug info :p I'm considering releasing the (Terrible, Uncommented, Badly Coded) source on Christmas Day (Program.cs - 893 LoC), but don't want the app abused by skiddies. Any suggestions? In the following screenshot, my input was: http://www.drummusic.tv/product.php?id=5 then cp_users at the end. Statistics : 34 Replies || 1610 Views Post by Reelix

Re: ReeSQLi

Tue, 07 Feb 2012 17:34:00 GMT

Hacking

Replies : Post subject : Re: ReeSQLi

Reelix wrote:

StArNeT wrote:

1gn1t0r wrote:

Sweet dude. Keep it up

Havn't worked on it in awhile, but will continue when Telkom decide to install my home line

I see you haven't posted in a while.. Statistics : 34 Replies || 1610 Views Last post by kybrd

rooted by kybrd

Tue, 07 Feb 2012 17:16:02 GMT

Introductions

Post subject : rooted by kybrd Hi all My name is kybrd My specialties are: Certified Ethical Hacker I have my degree now for 3 years and i work as a certified ethical hacker for a company based in south africa. I am glad to see that there is a local site for hacking in SA, Best of luck hack.org.za Regards kybrd Statistics : 1 Post || 7 Views Post by kybrd

Choose your poison - 10 hacking OS's

Tue, 07 Feb 2012 16:59:12 GMT

General/Rant

Post subject : Choose your poison - 10 hacking OS's I started this tread to see what people would think about some of the latest and greatest hacking OS's. 1. BackTrack The newest contender on the block of course is BackTrack. An innovative merge between WHax and Auditor (WHax formely WHoppix). BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc. 2. Operator Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course). Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system. 3. PHLAK PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf. 4. Auditor Auditor although now underway merging with WHax is still an excellent choice. The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier. 5. L.A.S Linux L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB). Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. There are currently 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL. 6. Knoppix-STD Horrible name I know! But it’s not a sexually trasmitted disease, trust me. STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can. 7. Helix Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry. Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. 8. F.I.R.E A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it. FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. 9. nUbuntu nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself. The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience. 10. INSERT Rescue Security Toolkit A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on). INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM. Statistics : 1 Post || 7 Views Post by kybrd

Website Copier

Tue, 07 Feb 2012 16:51:50 GMT

Hacking

Post subject : Website Copier Hello All. Could someone tell me what program can I use to copy a website out of the web root. I have access to the back-end of a website, but when I try and save the files from there, for some reason beyond my comprehension it converts the php files to HTML files. Question: The php file as indicated on the attached jpg, would it contain the mySql - DB redirection and information regarding the user name for the DB ect? Statistics : 2 Post || 7 Views Post by BabyEyes

Re: Website Copier

Tue, 07 Feb 2012 16:51:50 GMT

Hacking

Replies : Post subject : Re: Website Copier

BabyEyes wrote:

Hello All. Could someone tell me what program can I use to copy a website out of the web root. I have access to the back-end of a website, but when I try and save the files from there, for some reason beyond my comprehension it converts the php files to HTML files. Question: The php file as indicated on the attached jpg, would it contain the mySql - DB redirection and information regarding the user name for the DB ect?

my my...! Why do you wana copy the files when you could root the whole system. Apache 1.3 is ancient commodore tech... Statistics : 2 Post || 7 Views Last post by kybrd

Hi Im New and im an Addict

Tue, 07 Feb 2012 09:28:39 GMT

Introductions

Post subject : Hi Im New and im an Addict Hiya All, Guess by now its clear that I'm New here, Also into Software dev c#/Delphi/Java/SQL ..... name it and i've propably done it. As they say, if been around the block a few times. Anyway , i also have an interest in linux/unix and network security / computer security etc, even a little Computer forensics. Im looking forward to my time here. Glad there is a local community now PS. ok the C++ people can now start to mock the non c++ dev,although a venture in c++ now and again , when i have free time See you all around iAmNr0n3 Statistics : 1 Post || 5 Views Post by iAmNr0N3

sniffing 101

Mon, 06 Feb 2012 01:00:46 GMT

Web

Post subject : sniffing 101 greetings all after being lost in slave camp for the past few months as well as saturnalia including new year and my birthday ... to many social events keeping me from being me. Now that it's all said and done i return to the digital world and pick up where i left off ... the last thing i was working on was sniffing sites. i thought i'd ask what it means if i get no results. My sniffer has been running for 1 hour 30 minutes and still no results . thanks in advance Statistics : 5 Replies || 62 Views Post by twinbladex2

Re: sniffing 101

Mon, 06 Feb 2012 01:00:46 GMT

Web

Replies : Post subject : Re: sniffing 101

Quote:

StarFish wrote: A sniffer only captures packets that was sent to your device.

The moment you connect "any device" a sniffer will pick you up. Even when you call dhcp ip address you have been marked.

Quote:

Linx wrote: Setting the card in promiscuous mode will only capture broadcast packets (and multicast i think).

In non-promiscuous mode, when a NIC receives a frame, it normally drops it unless the frame is addressed to that NIC's MAC address or is a broadcast or multicast frame. In promiscuous mode, the sniffer allows all frames through, thus allowing the computer to read frames intended for other machines or network devices.

Quote:

Linx wrote: To get a truly good sniff you should use arp poisoning on the target device so all network packets are filtered through your device.

Yeah kinda true...but this technique is mainly used for sniffing those passwords we all like so much from your device to a gateway.... Be careful when sniffing thou... If a device is sniffing and another device detects your sniffing activity... And he creates and sends a malformed packet he could root your system...!!! Statistics : 5 Replies || 62 Views Last post by kybrd

Pyrit the future of hacking wifi

Mon, 06 Feb 2012 00:38:43 GMT

Software

Post subject : Pyrit the future of hacking wifi Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Attacking WPA/WPA2 by brute-force boils down to computing Pairwise Master Keys as fast as possible. Every Pairwise Master Key is 'worth' exactly one megabyte of data getting pushed through PBKDF2-HMAC-SHA1. In turn, computing 10.000 PMKs per second is equivalent to hashing 9,8 gigabyte of data with SHA1 in one second. http://code.google.com/p/pyrit/ Statistics : 3 Replies || 675 Views Post by kybrd

Re: Pyrit the future of hacking wifi

Mon, 06 Feb 2012 00:38:43 GMT

Software

Replies : Post subject : Re: Pyrit the future of hacking wifi

Reelix wrote:

Quote:

I don't care about Windows; drop me a line (read: patch) if you make Pyrit work without copying half of GNU ...

I'll pass - Windows user here

When i have time again i shall make a movie of pyrit in action.... Statistics : 3 Replies || 675 Views Last post by kybrd

why its to quite in this forum nobody got tricks

Mon, 06 Feb 2012 00:24:57 GMT

Phreaking and Wireless

Post subject : why its to quite in this forum nobody got tricks why its to quite in this forum nobody got tricks anyways who got freenet to give or share some tricks Statistics : 22 Replies || 355 Views Post by dean101

Re: why its to quite in this forum nobody got tricks

Mon, 06 Feb 2012 00:24:57 GMT

Phreaking and Wireless

Replies : Post subject : Re: why its to quite in this forum nobody got tricks

Linx wrote:

I have an omni directional war driving antenna (has a magnetic to stick on the roof of the car) that I dont use anymore, but I never thought about putting a wok on it for extra range..... genius.

be careful when designing the antenna. Remember that the deeper the "wok" the less interference you will have but the less gain you will also have. Statistics : 22 Replies || 355 Views Last post by kybrd

hacking mxit

Sun, 05 Feb 2012 21:10:35 GMT

Hacking

Post subject : hacking mxit hi there i know very little about hacking and coding and i am still busy learning about it,but i need some help with hacking mxit password. . . because i lost my mxit pin and i don't got the sim and vodacom doesn't want to give me a sim swap. . . so is there any who can help me hack mxit or give me a link to learn on how to hack mxit,i would very much appreciate it thanx Statistics : 33 Replies || 8196 Views Post by ebster

Re: hacking mxit

Sun, 05 Feb 2012 21:10:35 GMT

Hacking

Replies : Post subject : Re: hacking mxit

kybrd wrote:

Marry your computer.... She will always be faithfull....

Then she gets raped, and belongs to someone else :< Statistics : 33 Replies || 8196 Views Last post by Reelix

Changing MAC Address for Belkin N+ USB Adapter

Sun, 05 Feb 2012 21:09:43 GMT

Hardware

Post subject : Changing MAC Address for Belkin N+ USB Adapter Hey guys, I'm trying to change the MAC address on a USB adapter I bought a few days ago but it's giving me grief. After pulling the interface down, I can set the MAC Address (and ifconfig confirms that it has actually changed) but putting the interface back up again rests the MAC address to it's default value. Model: Belkin N+ USB Adapter Chipset: AR9271 OS: BT5 The Process: ifconfig wlan0 down macchanger -r wlan0 (ifconfig confirms change) ifconfig wlan0 up (back to old MAC) Any ideas as to what I'm doing wrong? I didn't have any issues with my old adapter (which died in a horrible accident in the boot of my car. RIP) Statistics : 3 Replies || 457 Views Post by s0cks

Re: Changing MAC Address for Belkin N+ USB Adapter

Sun, 05 Feb 2012 21:09:43 GMT

Hardware

Replies : Post subject : Re: Changing MAC Address for Belkin N+ USB Adapter why dont you post your lsusb and lspci and dmesg for us so we can be of more help. Statistics : 3 Replies || 457 Views Last post by kybrd

Brute Force

Sun, 05 Feb 2012 20:06:28 GMT

Newbie Corner

Post subject : Brute Force Whats the Best brute force tool to use for web based apps? Or is the "best" always a custom made script? Statistics : 3 Replies || 867 Views Post by leeLulz

Re: Brute Force

Sun, 05 Feb 2012 20:06:28 GMT

Newbie Corner

Replies : Post subject : Re: Brute Force I say look into hydra or medusa. you can even customize the error return.. Statistics : 3 Replies || 867 Views Last post by kybrd

Greetings HoZ'ers

Sat, 04 Feb 2012 10:11:52 GMT

Introductions

Post subject : Greetings HoZ'ers Greetings HoZ'ers I've been around computers all my life starting on the trusty c64 when i was about 8.I only saw the thing as a gaming station until i found an old book on c64 programming and was quite excited that i was instructing the pc on what to do, even if it was only adding and subtracting(I was 8 for gods sake;>). Fast foward to now and im a c# ,SQL developer and have been for 5 years. Im here to learn, as security is something that has always interested me..how to make it, break it and circumvent it I've been testing out mt SQli recently and I find it quite easy on sites with vulnerabilities,getting access to tables, but I'm stuck there Anyways, looking forward to being a part of the community.. so whats my initiation? Statistics : 3 Replies || 477 Views Post by Batista

Re: Greetings HoZ'ers

Sat, 04 Feb 2012 10:11:52 GMT

Introductions

Replies : Post subject : Re: Greetings HoZ'ers

Reelix wrote:

Deface http://www.darpa.mil/ before the end of the day else you're perma-banned

Classic Statistics : 3 Replies || 477 Views Last post by Digital Kryptonite

VPN network

Sat, 04 Feb 2012 06:32:59 GMT

Newbie Corner

Post subject : VPN network I am a small business owner trying to do some research on the benefits and cost of a WAN and VPN network. I currently have a main office along with branch office in another city about 500 miles away. I want to set it up so any employee can log onto our server and access information or upload information as long as they have an internet connection. Which one would be better, what are the cost related to this type of project? Statistics : 1 Post || 927 Views Post by dwolliex

Polldaddy

Fri, 03 Feb 2012 06:45:36 GMT

Newbie Corner

Post subject : Polldaddy Greetings Everyone, I'm pretty new to hacking, but I really need some help. I've been wondering, are there any working polldaddy hacks? I haven't seen a working one in ages now. I have the poll's ID, and the answer ID, but I don't know how to hack the poll. I have less then 24 hours before the poll closes and we really need to win. Thanks in advance for your replies! Have a good day! Statistics : 1 Post || 9 Views Post by GSR_Girl