ZyNOS (ROM-0) Exploit

ZyNOS is the proprietary operating system used on network devices made by the ZyXEL Communications Corporation, ZyXEL Communications Corporation first introduced ZyNOS in 1998. A vulnerability exists with ZyNOS based routers (ZyXel, Netgear and TP-Link and maybe others) that can allow an attacker to download the rom-0 file and reverse engineer to retrieve the local admin… Read more »

Poisoning ARP packets using ARP Spoof

ARP spoofing (also known as ARP poisoning) is a technique whereby an attacker sends fake “spoofed” Address Resolution Protocol (ARP) packets onto a Local Area Network (LAN). The purpose of this attack is to associate the attackers MAC address with the IP address of another host (such as a default gateway), causing any traffic that… Read more »

How to break WPA2 key with Reaver WPS Attack

How to break WPA2 key with Reaver WPS Attack When routers are enabled with WPS (aka Wi-Fi Protected) they are anything but “protected”, the way WPS works is by a eight digit key exchange between device and router. The key exchange is not encrypted and can be “brute forced” exposing the WPA or WPA2 wireless encryption… Read more »

How to install and configure fail2ban on Linux

How to install and configure fail2ban Reducing your attack area is ideal but in the situations where you need to expose services to the wild, you should reduce the effectiveness of attacks, this is where Fail2Ban comes in handy, it constantly reads logs you specify in the configuration file for multiple user pass attempts, if… Read more »

Discover Open Ports Visually from Inside your Network

It has been around for years, the good people at Gibson Research Corportation have a great online tool that identifies open ports in a visual form, requested from the internal network. This is really for people that don’t have an understanding of other tools e.g nmap. The tool is called “Sheilds Up”, it allows you… Read more »

BackTrack 5 Penetration Tool Notes

This is my running notes of the tools BackTrack offers, how to use them etc. It will continually be updated the more I use and understand the tools. Configure Wireless to Full Power DHCP Starvation/Exhaustion Attack This causes all leases to be taken which might crash the switch or router that you launch the attack… Read more »