Project - Wireless Networks Pentest(802.11g)

Hi,

 Friends at present i dont have any work, I have not got job yet, but I would like to do any project so that my time will be used efficiently till I get a job. So decided to do a project on Wireless networks(802.11g). We will set up a lab for wireless networks and start playing with the wireless networks, we will hack the Access points and perform some attacks on wireless clients and explore the security of wireless networks.

For this project we follow video tutorials available in Securitytube.net ,i have already downloaded 4gb video from that site ,if you need i can send you the DVD. I have virtual box installed, and everything was ready ,only we need some people so that we can play while learning.......

Requirements to complete the Project :

1.Securitytube.net videos named " wireless security megaprimer"(free)
2. Vitual box software(free)
3. Back Track (linux) operating system.(free)
4. Access Point D-link.(not free have to buy from market).
5. Two laptops to practice the attacks.(hacking)

finally once we are well with this topics , we can start a pentest on real wireless networks.thats all.

Anyone interested can join me ,, i am waiting for energetic girls and boys,,,,,mail me at raghuram.jilumudi@gmail.com

HACKING- Lesson 4 , BYPASSING PROXY

Hi ,
 
Today we will discuss about Proxy server and how to bypass proxy for accessing filtered sites. let's get in Proxy is a server works at OSI layer 7 ie Application layer. If you are behind proxy your request to any public web server in the internet will be first examined by your company or organization proxy server, if the request is found to be valid against the rules configured in the proxy it allows you to access that particular website or application.

If the request doesn't satisfy the proxy it simply discards the request and sends error message to the client.This is how typically proxy servers work.There may be a little difference in implementation but most of the proxy servers in colleges and in some corporate environments works like above.

SCENARIO:- 

Rama is a student in NIELIT an prestigious organization. He fall in love with shanthi a beautifull girl with little loose mind, she likes facebook and always want to be in facebook. Rama wants to talk with her so he tried to access facebook from inside his organization, but unfortunately the institute does not allow to access Facebook in its premises. Now what to do? either Rama has to tell her that he cannot come on facebook or he has to Bypass proxy server of his organization. certainly because of his love towards shanthi he choosed the second option ie to Bypass proxy to access facebook.

 Let's Do practical:

1. To Bypass any proxy there is a good software available in internet for free of charge. It's name is ULTRASURF.

2. Download ULTRASURF from this link http://www.top4download.com/free-ultrasurf-10.

 3. Unzip the file downloaded from the above site. Scan the file downloaded may sometimes contain virus.

 4. Now go to the folder unzipped and double click the icon name starting with "u".

 
  5. It will automatically try to connect to one of the server of UltraReach Internet Corporation.

  6. Give the proxy address and port number to the software ,your work is almost done. Goto Options-->Proxy settings --> Manual settings --> enter your company or organization proxy address and port number. thats it finished.

      

7. click the Home menu in the UltraSurf , it will open Internet Explorer browser in your system only through that You can access any site on internet after surfing close the UltraSurf program.see the figure below.

8. Now u can acess any website through this window. Only through this window u can access,if u have firefox installed it will not disturb ur firefox.For example Rama access Facebook through this window. see the figure below.

Now you can login with your Id and Password , enjoy! .

Conclusion: I myself tried in my organization it worked well so i recommend this to you, regarding privacy all the traffic between you and UltraReach Corporation is encrypted no one can see the Data.If u use Https the it is double encrypted so dont worry if even they capture your data they cannot decrypt the data.

 I am able to access Facebook and Youtube and all sites which are not allowed in our Organization. see if your caught it is a punishable offense, think twice before using this trick.

Happy Bypassing Proxy.

Lesson 3- E-MAIL Tracing

Hi,

Today we will discuss about how to trace a email received in your mail box back to the sender machine. We will trace the email with the help of E-mail header which will be present in Every email. so now we do practical enough theory, I hate theories. Lets do practical.

Our Aim:-

1. To know the ipaddress from where the Mail has come.(if individual has sent from any system.)
2. To know the organization behind the email if sent by any organization.

Requirements :-

1. Mozilla firefox or Internet Explorer.
2. Valid email account with Gmail or Yahoo or any web based email accounts.

Let's go .

Scenario:-

 You got a mail from a bank asking you to give your password for your account in that bank, but you suspect that it is not a legitimate mail from the bank, so you now have two options

 1. One is to trust the mail and send your password.
2. Do a little investigation by tracing the email, so that you can know from where the mail has come.

Obviously we choose the second option in this case.

 Open your Gmail acoount with your valid email and password. Try yours i don't wanna give mine for demo.

STEPS TO PERFORM:

Step 1:  Open Gmail web based email or any other but here i will discuss exclusively on gmail box.

Step 2:  Open the mail which you suspect and in the Top right corner click on The button after Reply button, i dont know how to name it but you will definitely see that button after reply button sorry for not naming it it has no name on it.

Step 3: Click on show original option displayed after the step 2. Now a new window with mail header will be opened by gmail for you.In that page all  the information will be present that is the sender original Ip-address.

Step 4: Copy that all the page by pressing ctrl+a and ctrl +c.

Step 5: open this link in new window http://www.ip-address.org/tracker/trace-email.php


Step 6: Paste the copied Email Header into the Web page opened in previous step. you can see a big box in blue color in that box paste the content(Email header copied in step 4).

Step 7: Now press Trace mail button down the same page you will see the Ip-address of the sender machine from where the mail has come from.

Sample Output may looklike this below.

Email Header Analysis

IP Address:  210.212.51.20
Hostname:  210.212.51.20
IP Address Country:  India
IP Continent:  Asia
IP Address City Location:  Gorakhpur
IP Address Region:  Uttar Pradesh
IP Address Latitude:  26.755,
IP Address Longtitude:  83.3739
Organization:  DOEACC SOCIETY,GORAKHPUR
ISP:  National Internet Backbone

From this it is clear that the email come from a organization in Gorakhpur, UP,INDIA.

I practiced it and its working well .

So friends we have practically traced a mail Successfully, Next time if you receive any suspicious mail it may help you a little but its not the entire solution, as E-mail is now legally considered as a form of communication be careful while sending emails to others. Bye be safe online.

HAPPY EMAIL TRACING.