Thursday, September 29, 2011

combine drifnet and ettercap

  what you see?? because it was too dizzy to learn, I decided to play around for a moment. in linux backtrack, there is a very exciting tool. the name of the tool is driftnet. with a driftnet, we could see the activity of our friends are just busy skating in the virtual world.
   
  let's do it. :P
first time, i open and edit etter.dns, don't forget to change your ip in there. after finished to edit etter.dns, let's get out our guns. :D


in linux backtrack, driftnet quandary di privilege escalation. but don't forget to enable ettercap. in terminal we can type "ettercap -T -q -M arp -i wlan0 -P dns_spoof //" (if you connect the network with LAN, wlan0 can change with eth0).
ok, let's go to attack.. :D

type "driftnet -i wlan0 -v" to active a drifnet. waiting for a minutes, and taratatataaaaaaaaaa....

-=CMIIW=-

Wednesday, September 28, 2011

"beef" social engineering tools

mendengar kata beef, yang langsung terpikir di benak adalah daging sapi (hm..enak :D).. tapi beef yang ini sangat berbeda, karena beef yang ini untuk exploit browser kita. kita bisa tahu apa yang target buka.
langsung kita mulai saja :


di dalam menu backtrack kita bisa temukan di exploitation tools ==> social engineering tools ==> beef XSS frame work ==> beef.


disitu kita akan mendapat script yang bisa kita taruh di web kita :).  saya memasang ini di sebuah hostingan untuk pembelajaran, setelah saya masukan ke index.html, kemudian saya membuka http://127.0.1.1:3000/ui/panel (bisa di ganti alamat ip kita/di sesuaikan). berikut ini kita tampilan beef :


-=CMIIW=-



Saturday, September 24, 2011

snort alert for system

for this part, we will learn about snort. if using backtrack 5 r1, we can find snort in menu backtrack => services => snort services.

first, start snort. after start snort, open terminal, and type "pico /etc/snort/snort.conf "



now, we can edit like this :

edit var HOME_NET any, to be like this var HOME_NET "your ip".
to finish, press "ctrl+x", "y" and press "enter".

now we can run snort.
in terminal we can type "snort -i eth0 -q -c /etc/snort/snort.conf -A console" if we use wireless, we can change "eth0" with "wlan0".

our alarm ready to "ring".
the respond if there is an attacker :

-=CMIIW=-