Project - Wireless Networks Pentest(802.11g)

Hi,

 Friends at present i dont have any work, I have not got job yet, but I would like to do any project so that my time will be used efficiently till I get a job. So decided to do a project on Wireless networks(802.11g). We will set up a lab for wireless networks and start playing with the wireless networks, we will hack the Access points and perform some attacks on wireless clients and explore the security of wireless networks.

For this project we follow video tutorials available in Securitytube.net ,i have already downloaded 4gb video from that site ,if you need i can send you the DVD. I have virtual box installed, and everything was ready ,only we need some people so that we can play while learning.......

Requirements to complete the Project :

1.Securitytube.net videos named " wireless security megaprimer"(free)
2. Vitual box software(free)
3. Back Track (linux) operating system.(free)
4. Access Point D-link.(not free have to buy from market).
5. Two laptops to practice the attacks.(hacking)

finally once we are well with this topics , we can start a pentest on real wireless networks.thats all.

Anyone interested can join me ,, i am waiting for energetic girls and boys,,,,,mail me at raghuram.jilumudi@gmail.com

HACKING- Lesson 4 , BYPASSING PROXY

Hi ,
 
Today we will discuss about Proxy server and how to bypass proxy for accessing filtered sites. let's get in Proxy is a server works at OSI layer 7 ie Application layer. If you are behind proxy your request to any public web server in the internet will be first examined by your company or organization proxy server, if the request is found to be valid against the rules configured in the proxy it allows you to access that particular website or application.

If the request doesn't satisfy the proxy it simply discards the request and sends error message to the client.This is how typically proxy servers work.There may be a little difference in implementation but most of the proxy servers in colleges and in some corporate environments works like above.

SCENARIO:- 

Rama is a student in NIELIT an prestigious organization. He fall in love with shanthi a beautifull girl with little loose mind, she likes facebook and always want to be in facebook. Rama wants to talk with her so he tried to access facebook from inside his organization, but unfortunately the institute does not allow to access Facebook in its premises. Now what to do? either Rama has to tell her that he cannot come on facebook or he has to Bypass proxy server of his organization. certainly because of his love towards shanthi he choosed the second option ie to Bypass proxy to access facebook.

 Let's Do practical:

1. To Bypass any proxy there is a good software available in internet for free of charge. It's name is ULTRASURF.

2. Download ULTRASURF from this link http://www.top4download.com/free-ultrasurf-10.

 3. Unzip the file downloaded from the above site. Scan the file downloaded may sometimes contain virus.

 4. Now go to the folder unzipped and double click the icon name starting with "u".

 
  5. It will automatically try to connect to one of the server of UltraReach Internet Corporation.

  6. Give the proxy address and port number to the software ,your work is almost done. Goto Options-->Proxy settings --> Manual settings --> enter your company or organization proxy address and port number. thats it finished.

      

7. click the Home menu in the UltraSurf , it will open Internet Explorer browser in your system only through that You can access any site on internet after surfing close the UltraSurf program.see the figure below.

8. Now u can acess any website through this window. Only through this window u can access,if u have firefox installed it will not disturb ur firefox.For example Rama access Facebook through this window. see the figure below.

Now you can login with your Id and Password , enjoy! .

Conclusion: I myself tried in my organization it worked well so i recommend this to you, regarding privacy all the traffic between you and UltraReach Corporation is encrypted no one can see the Data.If u use Https the it is double encrypted so dont worry if even they capture your data they cannot decrypt the data.

 I am able to access Facebook and Youtube and all sites which are not allowed in our Organization. see if your caught it is a punishable offense, think twice before using this trick.

Happy Bypassing Proxy.

Lesson 3- E-MAIL Tracing

Hi,

Today we will discuss about how to trace a email received in your mail box back to the sender machine. We will trace the email with the help of E-mail header which will be present in Every email. so now we do practical enough theory, I hate theories. Lets do practical.

Our Aim:-

1. To know the ipaddress from where the Mail has come.(if individual has sent from any system.)
2. To know the organization behind the email if sent by any organization.

Requirements :-

1. Mozilla firefox or Internet Explorer.
2. Valid email account with Gmail or Yahoo or any web based email accounts.

Let's go .

Scenario:-

 You got a mail from a bank asking you to give your password for your account in that bank, but you suspect that it is not a legitimate mail from the bank, so you now have two options

 1. One is to trust the mail and send your password.
2. Do a little investigation by tracing the email, so that you can know from where the mail has come.

Obviously we choose the second option in this case.

 Open your Gmail acoount with your valid email and password. Try yours i don't wanna give mine for demo.

STEPS TO PERFORM:

Step 1:  Open Gmail web based email or any other but here i will discuss exclusively on gmail box.

Step 2:  Open the mail which you suspect and in the Top right corner click on The button after Reply button, i dont know how to name it but you will definitely see that button after reply button sorry for not naming it it has no name on it.

Step 3: Click on show original option displayed after the step 2. Now a new window with mail header will be opened by gmail for you.In that page all  the information will be present that is the sender original Ip-address.

Step 4: Copy that all the page by pressing ctrl+a and ctrl +c.

Step 5: open this link in new window http://www.ip-address.org/tracker/trace-email.php


Step 6: Paste the copied Email Header into the Web page opened in previous step. you can see a big box in blue color in that box paste the content(Email header copied in step 4).

Step 7: Now press Trace mail button down the same page you will see the Ip-address of the sender machine from where the mail has come from.

Sample Output may looklike this below.

Email Header Analysis

IP Address:  210.212.51.20
Hostname:  210.212.51.20
IP Address Country:  India
IP Continent:  Asia
IP Address City Location:  Gorakhpur
IP Address Region:  Uttar Pradesh
IP Address Latitude:  26.755,
IP Address Longtitude:  83.3739
Organization:  DOEACC SOCIETY,GORAKHPUR
ISP:  National Internet Backbone

From this it is clear that the email come from a organization in Gorakhpur, UP,INDIA.

I practiced it and its working well .

So friends we have practically traced a mail Successfully, Next time if you receive any suspicious mail it may help you a little but its not the entire solution, as E-mail is now legally considered as a form of communication be careful while sending emails to others. Bye be safe online.

HAPPY EMAIL TRACING.

HACKING NOTES- LESSON 1

Today we will discuss about phishing.

What is Phishing?  Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

How Does Phishing works?

The Attacker will build a fake web site which is similar to the legitimate one and he direct some traffic to his fake website through some popular techniques like  mass emailing or through social engineering ,etc.

Once the victim gives his personal information in the fake website hosted by the attacker ,the information will be available to attacker and he can use for his personal gain or can sell in the underground community.

Now i think you have some understanding about Phishing, beware of phishing on internet.



Some Intersting statistics on Phishing in India:

KOLKATA: RSA, the security division of EMC, in its May Fraud Report said that India ranked amongst the top three countries targeted through phishing attacks by brands. The other countries witnessing the phishing attacks by brands was the US followed by UK.


The report highlights the latest cyber security threat to the global hospitality and airline industry which has now become an important target for fraudsters. According to the report, there is a vast amount of personal and financial data of customers stored online and cyber criminals have discovered unique and creative ways like fraudster travel agencies and many more to exploit the industry and its customers.

The U.S (42%), UK (19%), and India (8%) accounted for 70% of the brands targeted by phishing in April. Brazil and China fell off and were replaced by Ireland and Colombia in terms of the countries with the most targeted brands.

How to Perform a Phishing attack?

Phishing is done in different ways, one way is to use automated tools like SET which is available as open source. SET refers to Social Engineering Toolkit.  In the following steps I will show you how to perform Phishing using your PC. Below is the statistics of different phishing attacks.

Requirements to perform Phishing using ur computer:
1. Install Back-Track Linux on your PC or Laptop.
2. Internet Connection is must.
3. As it is illegal to perform phishing attacks on others prepare yourself to go behind bars if caught.
 That's all you are ready to perform The attack.

Phishing Step by Step:-

Step 1:-   Open SET toolkit in BackTrack Linux. It is already installed in    BackTrack.

Goto --> Applications -->Backtrack --> Exploitation Tools --> Social Engineering Tools --> Social Engineering Toolkit --> set.

Step 2:-  Use the option 2. which is Website Attack Vectors.

Step 3:-  Use the option 3. which is  Credential Harvester Attack Method.

Step 4:-  Use option 2 . Site Cloner.

Step 5:-  SET will ask you to enter the URL of the site to clone, that is you have to fake a legitimate website like say LinkedIn , then you have to enter the LinkedIn URL which contains  Username Password field. for example give this link, http://in.linkedin.com/

Step 6:- Your fake website will be prepared and hosted on your computer by SET automatically , ur task is to send your IPaddress to your friends like this link http://Your-IP-address/ . Once the victim clicks the link he will be presented a fake linkedIn web page from your computer, but he/she thinks that it is legitimate and enters their personal information like username and passwords. Once they enter it will recorded to a file in your computer. that's all.

Phishing and Countermeasures :-

1. Don't open any E-mail sent from unknown Person.
2. Don't Click on the links which you do not trust.
3. Check the URL carefully before entering your personal details.


I myself tried this attack on my friends most of them easily fall to this attack and gave their Personal Information. Success rate is above 90% . In my view Social engineering  works most of the time particularly when all the doors to exploitation are closed.

Please comment something on this tutorial , so that i can know how to improve my content. Thanks for Visiting my blog. Some of the pictures are taken from Internet so the credit is to internet.

Starting a Computer security and Hacking club, Gorakhpur,Uttar Pradesh.

I am reddy a computer science graduate, planning to start a computer security and hacking club in gorakhpur,UP. The main objective behind starting this club is to make people to know about the security issues in internet and exchange  ideas within the group.

The group will be exercising their hacking skills together and improve by sharing their thoughts. we will be gathering at saturday and sunday of every week. Every gathering will be having some practical on one or more Hacking tools.

People who are going to join us please ensure that you have basic linux and TCP/IP knowledge , if not no problem we can help you. Systems and internet connection will be provided for hacking purposes. A lot of things were going to happen. we are free to do everything we want.

In future the same group may be converted to private cyber army, so people who are joining now would become army commander or someting like that and the group will be planning to expand to other cities and states.This will be the  the common place we meet.

Intersted candidates can call me at 8090345906 , mail raghuram.jilumudi@gmail.com.

everyone is welcome but must have zeal to hack systems.