Showing posts with label Articles. Show all posts
Showing posts with label Articles. Show all posts

Tuesday

MAC Address Spoofing Explained


The device that you’re looking at right now has a network interface controller (NIC), the thing that’s responsible for allowing you to connect to a network, like the internet. All devices capable of networking (smartphones, laptops, routers) have one of these. Each NIC is assigned a unique hard-coded MAC addresses that cannot be changed.

However, almost all popular platform such as Windows or OS X or Linux (and hence Android) support changing MAC addresses and pretty easily too. Just because we cannot change the MAC address built into our NIC doesn’t mean we can’t make other devices think that our MAC addresses is something different. Whatever information leaves our device is in our control. And in the header of the packets that make up our data is the address of our device, the MAC address (along with IP and a bunch of other information).

So, our operating systems allow us to instruct the NIC to ignore the built-in MAC address and instead use our own custom MAC address which could be anything we want it to be. This is called MAC spoofing.

What is MAC spoofing used for?

MAC spoofing is awesome. We’re interested in MAC spoofing because it allows us to make other devices think that we are someone else. For a hacker, this opens up a variety of attack vectors:

It allows us to perform man-in-the-middle attacks

It can help us hack Wi-Fi networks

It lets us directly target devices connected to our Local Area Network (LAN)

If you’ve been banned from using a public Wi-Fi hotspot, MAC spoofing allows you to trick the router into thinking that you are some other device.

There are a couple of completely legitimate (read: white hat) reasons for MAC spoofing as well:

Setting up numerous virtual machines in a corporate environment, each with a randomly assigned MAC address.

It can be used for improving anonymity (An unsafe local network can track you using your MAC address. If your MAC address keeps changing, they can’t do that anymore).

Consider an example. Say you’re using Wi-Fi and you’re friend is also connected to the same network. Now, when you first connect to a Wi-Fi access point (the router), you exchange some information with the router. You request a connection from the router, enter the password and if successful, the router responds by opening a connection for you. Now the router knows who you are (your MAC address) and you know who the router is (it’s MAC address).

Now, if you spoof your MAC address to look like the router’s MAC address you could make the friend think that he’s talking with the router when instead all his network traffic is going through your device. This is an example of a man-in-the-middle attack and this technique can allow you to snoop on unencrypted traffic (HTTP), redirect the user to some other websites or replace all the images they see with photos of cats if you want to.

 Can a website detect your real MAC address?

No. MAC addresses are a restricted to the local network segment. For example, they are only used by a router to distinguish different devices connected to it, but the MAC address is never sent from the router to the internet.

Published by on No comments:

CTF Resources (100% HeadHit)


[+] CTF Calender:
http://ctftime.org

[+] Write-ups to learn CTF
https://github.com/ctfs/

[+] How to start CTF
https://trailofbits.github.io/ctf/

[+] Starter CTF
https://picoctf.com
https://ctf.tamu.edu
https://www.easyctf.com/

[+] Hard CTF
http://plaidctf.com
https://ctf.hitcon.org
https://ctf.csaw.io/
http://dragonsector.pl/

[+] PHP Challenge (Real World CTF)
https://hackmd.io/s/rJlfZva0m

[+] Networking / Linux Challenges
http://overthewire.org/wargames/

[+] VPS (Virtual Private Server)
https://digitalocean.com

[+] Hack The Box (Pentesting style CTF)
http://hackthebox.eu

[+] Web Application CTF
http://websec.fr

[+] Binary Exploitation CTF
https://pwnable.kr
https://pwnable.tw

[+] Reverse Engineering CTF
https://reversing.kr

[+] Cryptography
https://cryptopals.com
https://www.coursera.org/learn/crypto

[+] InfoSec Youtube Channels:
https://www.youtube.com/user/GynvaelE...
https://www.youtube.com/channel/UClcE...
https://www.youtube.com/user/OpenSecu...
https://www.youtube.com/channel/UC--D...
https://www.youtube.com/channel/UCSLl...

[+] For Security News:
https://www.reddit.com/r/netsec
https://www.reddit.com/r/securityCTF
Published by on No comments:

Thursday

Top 5 Password Stealers For Windows



1⃣ IE passview - This a small program that help us view passwords saved in Internet explorer.download here

2⃣ Password fox -This a program that allow us to view passwords saved in  mozilla firefox download here

3⃣ Mail passview - This is a small password recovery tool that reveals passwords and other account details of outlook,epress and window mail download here

4⃣ MessenPass- This password recovery tool reveals pasword for instant messenger applications download here

5⃣ PSPV - Utility program that also reveals passwords in our computer download here.
Published by on No comments:

Top 10 Common Hacking Techniques Every Beginner Should Know About



10. Keylogger
Keylogger is a simple software that records the key sequence and strokes of your keyboard into a log file on your machine. These log files might even contain your personal email IDs and passwords.
Keylogger is one of the main reasons why online banking sites give you an option to use their virtual keyboards.
9. Denial of Service (DoS\DDoS)
A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic that the server is unable to process all the requests in the real time and finally crashes down.
For DDoS attacks, hackers often deploy botnets or zombie computers which have got the only work to flood your system with request packets.

8. Waterhole attacks
If you are a big fan of Discovery or National Geographic channels, you could relate easily with the waterhole attacks. To poison a place, in this case, the hacker hits the most accessible physical point of the victim.
For example, if the source of a river is poisoned, it will hit the entire stretch of animals during summer. In the same way, hackers target the most accessed physical location to attack the victim. That point could be a coffee shop, a cafeteria etc.
Once hackers are aware of your timings, they might create a fake Wi-Fi access point and modify your most visited website to redirect them to you to get your personal information.

7. Fake WAP
Even just for fun, a hacker can use software to fake a wireless access point. This WAP connects to the official public place WAP. Once you get connected the fake WAP, a hacker can access your data, just like in the above case.

6. Eavesdropping (Passive Attacks)
Unlike other attacks which are active in nature, using a passive attack, a hacker just monitors the computer systems and networks to gain some unwanted information.
The motive behind eavesdropping is not to harm the system but to get some information without being identified.

5. Phishing
Phishing is a hacking technique using which a hacker replicates the most-accessed sites and traps the victim by sending that spoofed link.
Once the victim tries to login or enter some data, the hacker gets that private information of the target victim using the trojan running on the fake site.

4. Virus, Trojan etc.
Virus or trojans are malicious software programs which get installed into the victim’s system and keeps sending the victims data to the hacker.

3. ClickJacking Attacks
ClickJacking is also known by a different name, UI Redress. In this attack, the hacker hides the actual UI where the victim is supposed to click.
In another word, the attacker hijacks the clicks of the victim that aren’t meant for the exact page, but for a page where the hacker wants you to be.

2. Cookie theft
The cookies of a browser keep our personal data such as browsing history, username, and passwords for different sites that we access. Once the hacker gets the access to your cookie, he can even authenticate himself as you on a browser.

1. Bait and switch
Using bait and switch hacking technique, the hacker runs a malicious program which the user believes to be authentic. This way, after installing the malicious program on your computer, the hacker gets unprivileged access to your computer.

Published by on No comments:

FedEx Labelling [Latest Jan. 2K20]

Steps :

1. Buy A Good USA Card I prefer Debit Business Cards
2. Go to FedEx.com
3. Click United States English

4.  First Page Shipping, Choose Create Shipments, Or On Shipping Choose, Create a shipment

5. Create Account for shipping with a credit card, Create Email Of Card Holder, Via, Mail.com Very Fast And Easy Way.

6. Fill Billing with cc details That Includes Cc First And Last name on it As Well, It Does Not Matter either Drop Name or Address  is on it or Not, So Maintain Cc info On Billing Forms
7. Ship to / Put Receiver Address, U can Choose Any Street address In your Area In zm, Choose Zambia as the Shipping too Country, Add your zm Phone Number.

8. Proceed to Choose Box, I advice you Choose 25KG Box, with that u get Fast Shipment With a Rate between 700$ to 750$, Add Package weight Now Calculate Rate And Proceed.

9. Next Page Takes u to where u Choose the Shipment as Gift.

10. Add the Description Of your Package,
Manufacturing Country Choose USA,
Add the Full descriptions that is Package quantity, weight, Value.

11.
Proceed to Checkout Enter Ur Cc details
Maintain Billing address, Re Check throughout Make Sure Receiver Name is Spelled out Accurately

12. Next At the last page to Submit the Payment There should be a small Box where u will ticket to have them send u All the Shipping Documents or the labels in to your Inbox

13. Now  Submit Payment If It goes through‎.
enjoy!


Published by on No comments:
Subscribe to: Posts (Atom)