How to Reveal Hidden Passwords in Web Browsers

In many places where you need to input your password to gain access, authorise or confirm a transaction, whenever you type passwords into the input box, the characters automatically change into asterisks or bullets. This is to protect your password from straying eyes. There is a simple trick to find out what is behind the… Read more »

Detect Heartbleed Vulnerability using Perl Script

Check to see if sites you access are still vulnerable to the Heartbleed exploit (CVE-2014-0160) by running the following Perl script: 1. Create a file called check-ssl-heartbleed.pl and paste the following contents: 1a. Paste the following into check-ssl-heartbleed.pl 2. Run script Or download it here check-ssl-heartbleed.pl

ZyNOS (ROM-0) Exploit

ZyNOS is the proprietary operating system used on network devices made by the ZyXEL Communications Corporation, ZyXEL Communications Corporation first introduced ZyNOS in 1998. A vulnerability exists with ZyNOS based routers (ZyXel, Netgear and TP-Link and maybe others) that can allow an attacker to download the rom-0 file and reverse engineer to retrieve the local admin… Read more »

Poisoning ARP packets using ARP Spoof

ARP spoofing (also known as ARP poisoning) is a technique whereby an attacker sends fake “spoofed” Address Resolution Protocol (ARP) packets onto a Local Area Network (LAN). The purpose of this attack is to associate the attackers MAC address with the IP address of another host (such as a default gateway), causing any traffic that… Read more »

Generate Custom Password Lists with Common User Passwords Profiler (CUPP)

If getting massive word lists and spending days if not weeks or months running attacks on targets isn’t your thing (not that I endorse this type of behaviour) then you can try a more defined approach if you know a little information about your specific target using common user passwords profiler (CUPPS). Most people generate… Read more »

Setting up BackTrack 5 R3

Setting up BackTrack 5 R3 Out of the box you might find that BackTrack 5 doesn’t give you some basic services, this is just a quick note on how to make things work. Run all commands without the “#” Update Packages #apt-get update #apt-get upgrade Enable SSH Keys Generate SSH Keys #sshd-generate AutoStart SSH #update-rc.d… Read more »

How to stress test websites with ApacheBench

How to stress test websites with ApacheBench Okay so you have a Microsoft IIS or Apache web server, you placed a website on it and want to know if it will “fall over” under load, well I have just the tool for that! ApacheBench (aka AB) is a stress testing tool part of Apache, it… Read more »

How to break WPA2 key with Reaver WPS Attack

How to break WPA2 key with Reaver WPS Attack When routers are enabled with WPS (aka Wi-Fi Protected) they are anything but “protected”, the way WPS works is by a eight digit key exchange between device and router. The key exchange is not encrypted and can be “brute forced” exposing the WPA or WPA2 wireless encryption… Read more »

BackTrack 5 Penetration Tool Notes

This is my running notes of the tools BackTrack offers, how to use them etc. It will continually be updated the more I use and understand the tools. Configure Wireless to Full Power DHCP Starvation/Exhaustion Attack This causes all leases to be taken which might crash the switch or router that you launch the attack… Read more »