|
|
|
|
Written by lirva32
|
|
Friday, 07 May 2010 |
|
 PenTBox : simple n smart security tools
Yes... simple, smart n powerfull... ;) not just push button hacker....
PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). What the function of PenTbox...???
Maybe you can use PenTBox, for :
* Cryptography Tools tools, like : Base64 Encoder n Decoder, Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512), Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512), Secure Password Generator, Files Encryptor n Decryptor Rijndael (AES) 256 bit - GOST - ARC4. * Network tools, like : TCP Flood DoSer (this is my power tools...;) , TCP Flood AutoDoSer, Spoofed SYN Flood DoSer [nmap -hping3], Port Scanner, HoneyPot, PenTBox Secure Instant Messaging, Fuzzer.
How to build PenTBox ...??? * Download PenTBox in here : windows, Linux
sorry, I'm using Ubuntu 9.10 Karmic Koala, like :
. extract pentbox_1.3.2.tar # apt-get install ruby
# ruby pentbox.rb 
Okay Fren... Happy Hacking... Good luck... Shooutz :
. echo|Staff
. MyDaughters : Faiza Debian n Fivana Gutsy -- I Love U....
. MyAlmamater FTI_UBL
. AllMyStudents@STMIKBinaInsani
. All Indonesia NewBieHacker
|
|
Last Updated ( Friday, 07 May 2010 )
|
|
|
Written by lirva32
|
|
Wednesday, 05 May 2010 |
. HostIDS with Samhain .
Hi friends....
today, I'm giving subject about IDS.
An IDS is a device (or application) that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. IDS have terminology, like :
* Alert/Alarm : A signal suggesting that a system has been or is being attacked
* True Positive : A legitimate attack which triggers an IDS to produce an alarm
* False Positive : An event signaling an IDS to produce an alarm when no attack has taken place
* False Negative : A failure of an IDS to detect an actual attack
* True Negative : When no attack has taken place and no alarm is raised
* Noise : Data or interference that can trigger a false positive
* Site policy :Guidelines within an organization that control the rules and configurations of an IDS
* Site policy awareness : The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
* Confidence value : A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
* Alarm filtering : The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks |
|
Last Updated ( Wednesday, 05 May 2010 )
|
|
Read more...
|
|
|
Written by lirva32
|
|
Wednesday, 21 April 2010 |
DoS Web Server
-- collapsing random web server in 15 minutes -- A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
DoS attack methode, like : ICMP flood, Teardrop Attacks, Peer-to-peer attacks, Permanent denial-of-service attacks, Application level floods, Nuke, Distributed attack, Reflected attack, Degradation-of-service attacks, Unintentional denial of service, Denial-of-Service Level II, Blind denial of service.
cmiiw.... What is DoS Web Server...?
only attack web server on port 80 using Denial-of-Service attack (DoS attack).... very harmful... because make down your "victim" target.
Okay... u can do DoS Web Server attack, by :
|
|
Last Updated ( Thursday, 20 May 2010 )
|
|
Read more...
|
|
|
Written by lirva32
|
|
Monday, 19 April 2010 |
|
VoIP Sniffing Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks. Other terms frequently encountered and synonymous with VOIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.
Cain n Able VoIP sniffing function support the following codecs like : G711 uLaw, G711 aLaw, ADPCM, DVI4, LPC, GSM610, Microsoft GSM, L16, G729, Speex, iLB and other codecs.
In this episode lirva32 demonstrate how to sniff Voice over IP (VoIP) conversation, by :
. Install Cain n Able (base on windows)
. Setting your cain n able like : 
. just waiting.... C n A VoIP traffic analyzer to capture incoming and outgoing voice packets in your network and record voice data into WAV files.
voice packets capture : 
good luck... happy VoIP hacking friends.... Shoutz :
. MyDaughter's : Faiza Debian Navisa n Fivana Gutsy Ramadhani
. echo|staff.. thx for your sharing about hacking...;)
. MyAlmamater : FTI_UBL
. IndonesianNewbieHacker.... |
|
Last Updated ( Friday, 07 May 2010 )
|
|
|
Written by lirva32
|
|
Monday, 19 April 2010 |
|
VoIP Sniffing Tools
Taaaadddddaaaaa..... this is about VoIP Sniffing Tools for VoIP hacking n penetration..
VoIP Sniffing Tools List provides categories, descriptions and links to current free and commercial VoIP security tools. Each commercial tool is indicated by the following icon next to it:
The key objectives of this list are as follows:
1. Provide links to tools that help test the efficacy of implemented best practices outlined by VOIPSA's Best Practices Project.
2. Facilitate the open discussion of VoIP security tool information to help users better audit and defend their VoIP devices and deployments.
3. Provide vendors the information needed to proactively test their VoIP devices' ability to function and withstand real-world attacks. DISCLAIMER: Many of these tools can cause harm to the normal operation of your VoIP network if used improperly. Before using any tools, we recommend that you read the instructions and other documentation available on each of the individual tool's websites. By selecting almost any of these links, you will be leaving VOIPSA's web space. These links and pointers are provided for our visitors' convenience. Please be aware that we do not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other tools that are more appropriate for your purpose. In no event shall VOIPSA be liable for any direct, indirect, incidental, punitive, or consequential damages of any kind whatsoever with respect to this list. Further, VOIPSA does not endorse any commercial products that may be mentioned in this list. These tools are only meant to be used on networks with the permission of the network owner and in compliance with the law. AuthTool
Tool that attempts to determine the password of a user by analyzing SIP traffic
resources : http://www.hackingvoip.com/sec_tools.html Cain & Abel
Multi-purpose tool with the capability to reconstruct RTP media calls.
resources : http://www.oxid.it/cain.html CommView VoIP Analyzer
VoIP analysis module for CommView that is suited for real-time capturing and analyzing Internet telephony (VoIP) events, such as call flow, signaling sessions, registrations, media streams, errors, etc.
resources : http://www.tamos.com/products/voip-analyzer/ Etherpeek
General purpose VoIP and general ethernet sniffer.
resources : http://www.wildpackets.com/products/etherpeek/overview ILTY ("I'm Listening To You")
Open-source, multi-channel SKINNY sniffer.
resources : http://chdir.org/~nico/ilty/
NetDude
A framework for inspection, analysis and manipulation of tcpdump trace files.
resources :http://netdude.sourceforge.net/ Oreka
Oreka is a modular and cross-platform system for recording and retrieval of audio streams.
sources : http://oreka.sourceforge.net/ PSIPDump
psipdump is a tool for dumping SIP sessions (+RTP traffic, if available) from pcap to disk in a fashion similar to "tcpdump -w".
resources : http://sourceforge.net/projects/psipdump rtpBreak
rtpBreak detects, reconstructs and analyzes any RTP session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn't require the presence of RTCP packets.
resources :http://xenion.antifork.org/rtpbreak/rtpbreak.html SIPomatic
SIP listener that's part of LinPhone.
resources : http://www.linphone.org/?lang=us&rubrique=1
SIPv6 Analyzer
An Analyzer for SIP and IPv6.
resources : http://pcs.csie.nctu.edu.tw/~yhsung/sipv6_analyzer/
UCSniff
CSniff is an assessment tool that allows users to rapidly test for the threat of unauthorized VoIP eavesdropping. UCSniff supports SIP and Skinny signaling, G.711-ulaw and G.722 codecs, and a MITM ARP Poisoning mode.
resources : http://ucsniff.sourceforge.net/
VoiPong
VoIPong is a utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to separate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP.
resources : http://www.enderunix.org/voipong/index.php
VoIPong ISO Bootable
Bootable "Live-CD" disc version of VoIPong.
resources : http://www.enderunix.org/voipong/manual/usage-livecd.html
VOMIT
The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players.
resources : http://vomit.xtdnet.nl/
Wireshark
Formerly Ethereal, the premier multi-platform network traffic analyzer.
resources : http://www.wireshark.org/ WIST
Web Interface for SIP Trace - a PHP Web Interface that permits you to connect on a remote host/port and capture/filter a SIP dialog.
resources : http://www.devel-it.org/index.php?modulo=projetos&id=2 good luck... happy VoIP hacking friends.... Shoutz :
. MyDaughter's : Faiza Debian Navisa n Fivana Gutsy Ramadhani
. echo|staff.. thx for your sharing about hacking...;)
. MyAlmamater : FTI_UBL
. IndonesianNewbieHacker.... |
|
Last Updated ( Monday, 19 April 2010 )
|
|
| | << Start < Prev 1 2 3 4 5 Next > End >>
| | Results 7 - 12 of 27 |
|
|
