Archive for the ‘pentesting’ Category

    howto do a man-in-the middle attack with APR on RDP using Cain & Abel

    Sunday, March 8th, 2009

    Method

    Warning: only try this on a network and on computers which you own or have permission to do this. In most countries it is illegal to do this on a network you do not own without permission of the owner.

    The RDP protocol prior to version 6 is vulnerable for man in the middle (mitm) attacks. A man in the middle attack can be done one several ways, for example with arp poisoning routing (APR), an eval twin access point, DNS spoofing. Today, we’ll choose APR. APR only works on the local subnet, so the attacker must be somewhere in between the victim and the RDP server. The RDP server can be a any Windows host with terminal services or remote control enabled. In most cases the attacker is on the same subnet as the victim.

    More information about arp-spoofing can be found on the wikipedia:

    http://en.wikipedia.org/wiki/ARP_spoofing

    (more…)

    Tags: , , , , ,
    Posted in pentesting | 8 Comments »

    Kismet / airodump using a Intel PRO/Wireless 4965

    Sunday, February 15th, 2009

    <<< Backtrack 4 pre-release is out now which has an newer version of Kismet. For BT 4 pre-final this page is not applicable >>>

    Kismet

    The Intel PRO/Wireless 4965 wireless adapter, which is build-in in my laptop is now supported by Backtrack 4 using the iwlagn drivers.

    Warning: only use this tooling on a network and on computers which you own or have permission to do this. In most countries it is illegal to use it on a network you do not own without permission of the owner.

    (more…)

    Tags: , , , ,
    Posted in pentesting | No Comments »