evilGrade[v0.1.3].sh + evilGrade_install[v0.1.3].sh

EvilGrade: "ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates."

Metasploit: "Evilgrade Will Destroy Us All."

This is a "semi automate" script to help set-up an environment for EvilGrade so it can work its magic, and then there is a video demonstrating it in action which shows the effects of EvilGrade. EvilGrade is simply, another "option" to do after performing a "Man In The Middle" attack, that tricks certain software to believe there is an update available when really it's the attacker payload.

metasploit-fakeUpdate[v0.1.4].sh

This is a bash script to automate 'Manning in the Middle' to 'pwn' whoever it can, via giving them a "Fake Update" screen. The attack is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!), VNC (remote desktop) or whatever the attacker wishes to use.

pWnOS

This is my walk though of how I broke into pWnOS v1.

pWnOS is on a "VM Image", that creates a target on which to practice penetration testing; with the "end goal" is to get root. It was designed to practice using exploits, with multiple entry points.

Cracking WiFi - Sniffing Traffic (Airdecap-ng + Wireshark)

This video shows, that you don't have to be connect to a wireless network, to see what data has been sent over it!

chap2asleap.py (v0.1.1) + Cracking VPN (Asleap + THC-pptp-bruter)

A python script, to automatically generate the arguments for Joshua Wright's 'asleap' program.

This video demostrates an offline (asleap) and online (THC-pptp-bruter) attack on MSCHAP v2 software VPN.

Cracking WiFi - WEP With a Client (Aircrack-ng)

Yet another video on "How to crack WEP".

Messing With Metasploit

A basic guide to show how powerful the metasploit framework is!

Setup & run a exploit.
Use nmap to scan.
Use db_autopwn (to exploit the masses!)
Gather information about the target
Read, download and upload files
Run scripts
Create & use a backdoor.

Session Sidejacking (Ferret + Hamster)

This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!

Cracking WiFi - WPA/WPA2 (Aircrack-ng vs coWPAtty)

Comparing Aircrack-ng versus coWPAtty, in the time it takes to crack a WPA2 PSK key.

It shows 4 different cracks, the time taken and speed of the crack (see results):

Aircrack-ng (Dictionary)
Aircrack-ng & airolib-ng (Pre-computed hashes)
coWPAtty (Dictionary)
coWPAtty & Genpmk (Pre-computed hashes)

February 2010 - ISOs and Dictionaries

Just to say, I've uploaded:

All the current De-ICE.net networks - because they are not the easiest thing to find...
Backtrack 2's dictionaries, along with a few more - because De-ICE.net was designed with this in mind and these files have been discontinued with Backtrack 4.

De-ICE.net

de ice.net 1.100 1.0.rar ~ *Removed*
de ice.net 1.110 1.1.rar ~ *Removed*
de ice.net 2.100 1.0.part1.rar ~ *Removed*
de ice.net 2.100 1.0.part2.rar ~ *Removed*

Dictionaries

List all: *Removed*
common-1.txt ~ *Removed*
common-2.txt ~ *Removed*
common-3.txt ~ *Removed*
common-4.txt ~ *Removed*
wordlist.txt ~ *Removed*
darkc0de.lst ~ *Removed*
webster-dictionary.txt ~ *Removed*
wpalist.zip ~ *Removed*
theargonlistver1.rar ~ * Removed*
Default Password List 2007.html ~ *Removed*
Default Password List 2010-02-04.html ~ *Removed*

...and for the people that keep asking for "g0tmi1k.lst" - its simply 9 Wi-Fi keys which I personally use - very little point of you having this.

Hav0c: ComboFile.txt ~ *Removed*

← Older Archives Newer →