Tab-nabbing with DNS Spoofing using Backtrack

Please visit my new blog to find new updates.: http://aakarperiwal.com


Hello Everyone I am going to tell you how to use tab-nabbing with DNS Spoofing to make it more effective.

First let me tell you what is Tab-nabbing?

Tab-nabbing is the Advance form of Phishing attack. The Tab-nabbing attack method is used when a victim has multiple tabs open. When the user click on the link he/she will get page presenting " please wait while the page loads" (depends upon your coding, but if you are using SET then you don’t have to do coding). When the victim switch tab then the website detects that a different tab is open and rewrites itself with the page you specify. When the victim clicks back on the link he/she will see a login page thinking that they may be logged. When the credentials are inserted attacker get the credential and victim get forwarded on the real website.

When you are using it on the WAN you have to send a link of your website to victim, but if you are using it on LAN then it is necessary that victim hit your web server to do so we use DNS spoofing so that victim click on our web server and our Tab-nabbing page open.

Malwares.......

Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. While it is sometimes software, it can also appear in the form of script or code. Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains.

Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U.S. states, including California and West Virginia.

Cracking WEP......

Types of Wi-Fi authentication:-

          Wi-Fi Authentication can be done by using Open authentication, WEP, WPA & WPA2 or may be some time MAC based authentication is also used. In Open authentication as per name suggest there is no authentication required it is like open for public to connect, this type of authentication is least secure. Second one is Wired Equivalency Protocol or WEP this type of authentication we use Shared Key for Authentication. A WEP key is composite of either 40bit or 128bit encryption, but still this type of authentication is not very much secured. WPA/WPA2 shared key authentication is very much secure than WEP the also use shared key authentication as WEP but the difference is in the WEP Access-Point send password to client machine in encrypted form as a challenge string then client send it back by solving the challenge string, but in the WPA/WPA2 client send the password string to the access-point and then access-point, so unlike password in not stored in client machine. In MAC-based authentication client is authenticated by using its MAC address this type of authentication is not secure or maybe I can say it is as weak authentication as open authentication.

Hacking SSL in LAN using ARP-Poisoning

Helo, everyone this time I am going to explain how to bypass SSL vpn security using arp-poising and sslstrip.
I am going to use BACKTRACK 5 and ettercap for this tutorial………..

I am going to explain this attack step by step

I have uploaded images in high resolution if you can’t see the image click on it and zoom it to see…

This type of attack is done for a specific victim and have an drawback, but still have more than 80% success rate. When we type gmail.com then your request is sent on port 80 from where it is redirected to port 443 at gmail server. In this attack we will come in the middle and then accept all request at port 80 and then redirect it to port 443.

How to use Metasploit & Nmap

In this blog I will tell you how to use Metasploit and Nmap. Throughout the blog I will use Backtrack you can use any OS just download metasploit framework and nmap for that OS and install them.

First we need to understand basic terms

Vulnerability => a weakness which allows an attacker to break into/compromise a system`s security.

Exploit – code which allows an attacker to take advantage of a vulnerable system.

Payload- actual code which run on the system after exploitation.

Download Torrent Using Direct download.....

Hey,

                Torrent is blocked in almost all colleges. So, this time I am going to tell you  how to download torrent files without using any torrent client like bittorent etc.