Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - erogol

Pages: [1] 2
1
Hacking and Security / Injecting MYSQL server through Metasploit?
« on: October 02, 2014, 02:12:18 pm »
I try to inject into a MySQL server with metasploit. I am pretty navie about the tool as a certain beginner. I initially try to get mysql server version by the mysql_server tool. But it is given that the remote machine does not allow my IP address. IS there any further process I can take to get around this limitation or is this it and I should try completely different way?

PS: this is totally hobbyist work ain't intending any illegal move.

2
Hacking and Security / Re: Is there any way to download FLV video from a website specifically IMDB trailers
« on: September 05, 2013, 04:53:18 pm »
currently I am m using a python code to find the movies from imdb from genres and search them on youtube and download the first mvoie from the search. But some videos are so unrealted and poor in quality. It requires some hand effort to delete all those noise.

3
Hacking and Security / Re: Is there any way to download FLV video from a website specifically IMDB trailers
« on: September 03, 2013, 09:44:51 pm »
Thanks for the answers folks!!! But the fact is, I need that download in my Python program.Therefore I need a script or a source code that is able to download that video. Or the tool should be able to take a list of video names and download the matching videos from IMDB.

4
Hacking and Security / Is there any way to download FLV video from a website specifically IMDB trailers
« on: September 03, 2013, 07:37:03 pm »
I need to download movie trailers for my research but there is no legible place to get some so I decide to download from the site itself. Is there any programic way to do that preferably in Python. I know some of unofficial APIs but they also give only meta data about the movies. If someone know how to do that, help that naive researcher.

5
Hacking and Security / Re: Bypass torrent block of my university network?
« on: January 17, 2013, 08:55:39 am »
Quote from: Kulverstukas on January 16, 2013, 10:44:33 pm
did you try just plugging your computer via an Ethernet cable? assuming there are sockets around...

Yes I am online of ethernet cable.

By the way I am looking a free option not like seedbox or such. I try to hack not give the money get the service that is reciprocal of hacking mentality.

6
Hacking and Security / Bypass torrent block of my university network?
« on: January 16, 2013, 04:08:04 pm »
There is a filtering at university for bittorrent and in fact any attempt to bittorent causes to be banned for a while. I have map the school network with nmap and traceroute to see the route of the packages and the possible candidate serevers causing this filtering. I saw that my packages pass straight on just two machines. One is the router machine of my a little network with addresses and the other machine is the main gateway of the university network that is connected to the out bound net. In addition I run nmap to see the open ports of these machines to see the predict applications running on machines. Here are the list of open ports :

The last gateway to the outbound :
Code: [Select]
PORT    STATE    SERVICE
22/tcp  open     ssh
25/tcp  open     smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
161/tcp filtered snmp
179/tcp open     bgp
199/tcp filtered smux
445/tcp filtered microsoft-ds
873/tcp open     rsync
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.21%D=1/16%OT=22%CT=1%CU=37350%PV=N%DS=1%DC=I%G=Y%TM=50F6C132%P=
OS:x86_64-unknown-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CF%TI=Z%CI=Z%II=I%TS=U)OPS(
OS:O1=M5B4NNSNWA%O2=M5B4NNSNWA%O3=M5B4NWA%O4=M5B4NNSNWA%O5=M5B4NNSNWA%O6=M5
OS:B4NNS)WIN(W1=111C%W2=111C%W3=111C%W4=111C%W5=111C%W6=111C)ECN(R=Y%DF=Y%T
OS:=40%W=111C%O=M5B4NNSNWA%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T
OS:2(R=N)T3(R=Y%DF=Y%T=40%W=111C%S=O%A=S+%F=AS%O=M5B4NNSNWA%RD=0%Q=)T3(R=Y%
OS:DF=Y%T=40%W=111C%S=O%A=O%F=A%O=%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R
OS:%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=
OS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0
OS:%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R
OS:=Y%DFI=N%T=40%CD=S)

Network Distance: 1 hop

first node just after my machine:

Code: [Select]
PORT    STATE    SERVICE
22/tcp  open     ssh
25/tcp  open     smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
161/tcp filtered snmp
179/tcp open     bgp
199/tcp filtered smux
445/tcp filtered microsoft-ds
873/tcp open     rsync
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.21%D=1/16%OT=22%CT=1%CU=37350%PV=N%DS=1%DC=I%G=Y%TM=50F6C132%P=
OS:x86_64-unknown-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CF%TI=Z%CI=Z%II=I%TS=U)OPS(
OS:O1=M5B4NNSNWA%O2=M5B4NNSNWA%O3=M5B4NWA%O4=M5B4NNSNWA%O5=M5B4NNSNWA%O6=M5
OS:B4NNS)WIN(W1=111C%W2=111C%W3=111C%W4=111C%W5=111C%W6=111C)ECN(R=Y%DF=Y%T
OS:=40%W=111C%O=M5B4NNSNWA%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T
OS:2(R=N)T3(R=Y%DF=Y%T=40%W=111C%S=O%A=S+%F=AS%O=M5B4NNSNWA%RD=0%Q=)T3(R=Y%
OS:DF=Y%T=40%W=111C%S=O%A=O%F=A%O=%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R
OS:%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=
OS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0
OS:%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R
OS:=Y%DFI=N%T=40%CD=S)

Network Distance: 1 hop
With respect to these information do you think what causes that filtering and how can be bypassed?



7
Hacking and Security / Re: Ettercap and getting the visited websites in my local network?
« on: December 17, 2012, 04:26:28 pm »
Quote from: Snayler on December 17, 2012, 02:22:02 pm
Yeah, the guy who wrote the tutorial forgot to mention that you need to edit /etc/etter.conf and uncoment iptables command.


Also, are you using wireless or ethernet for the attack?


Thanks for the answer.


I am on wireless. Does it matter?

8
Hacking and Security / Ettercap and getting the visited websites in my local network?
« on: December 17, 2012, 02:11:50 pm »
I r to acquire web sites visited in my net by adapting the steps explained here but I cannot see the web site addresses on command line or the ettercap's console on ettercap's user interface. On ettercap I just see the DHCP packages going around with ACK responses and I cannot see any foreign http package when I run urlsnarf Is there any missing point on that tutorial or what can be the reason for that malfunctioning.


Here is the tutorial that I pointed: http://h4xors.wordpress.com/2012/07/17/ettercap/#more-686


Can u please help me if you have any experience on ettercap?

9
Hacking and Security / Re: How could I detect DNS servers on my university network?
« on: December 17, 2012, 02:05:13 pm »
Quote from: kenjoe41 on December 13, 2012, 10:00:39 am
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
Code: [Select]
dnsgoblin.c - nasty creature constantly searching for DNS servers   DESCRIPTION                                                                 * * dnsgoblin uses standard dns querys and waits for the replies.   COMPILE                                                                     * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \                     * * --std=gnu99 -D_REENTRANT                                                    * *                          You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void     sig_int(int sig); char    *human_addr(uint32_t ip_addr); void    *lstn(void *ptr); int8_t   check_ip_addr(char *ptr); int      main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr    = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8  ) & 0xFF; oct4 =   ip_addr         & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr             = ptr; int sockfd            = *sptr; struct ipheader *ip   = NULL; uint8_t *pkt_recv     = calloc(1,2048); char *cptr            = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd;         /* raw socket to inject packets */ int32_t sockfd2;      /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int        one = 1; const int *val = &one; /* what can you find out here? */ char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader  *ip  = NULL; struct udphdr    *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port   = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL)    ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family      = AF_INET; ifcfg.sin_port        = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port   = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id  = ntohs( rand() ); ip->v   = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p   = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp         = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest   = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id  = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */


Do I need to do something special other than the compile command in the code since I get lot of errors while compilation.




10
Hacking and Security / How could I detect DNS servers on my university network?
« on: December 11, 2012, 01:36:03 am »
I aim to detect the ip addresses of the DNS machines on my university network. Since they propose a filtering, I'll try to thrash them up. Hence the first step is to detect DNS servers. I have some experiences with nmap but I cannot set it specifically for finding DNS servers on net. How could I do it?

11
Hacking and Security / Getting rid of bandwidth limitation of my dorm network to some sites
« on: November 21, 2012, 11:28:05 pm »
In my dorm Youtube like sites are limited and streaming any video or content is so slow albeit there is very fast internet. My question is how can I trick network to pass these limitations? Is there any specific method or tool that can help or what should I investigate on network to find a solution? Thanks...

12
Hacking and Security / Is it possible to acquire MAC address of a computer out of the LAN?
« on: November 02, 2012, 04:05:16 pm »
I want to get the MAC address of a computer from out of the my LAN.

In addition what are the hacky things can be done by knwing the MAC address of such a computer?

13
Hacking and Security / Re: Accessing a restricted internet connection behind a access controller?
« on: October 27, 2012, 12:07:33 am »
Quote from: RedBullAddicted on October 24, 2012, 08:05:42 am
Hi erogol,

I dont know anything about coova and how it is working. Just did a bit of your work and found the following:

seems like they keep track of authenticated users by IP/MAC address combination or only IP address. Guess you need to pay for the internet access at least once. Do you have a friend who has paid access? First of all you should capture with wireshark or tcpdump during login to see what is send to the access controller for authentication and what you get back (cookie?). If your client is connected to the internet go to another client and try to ping the authenticated client. Have a look at your ip configuration you got from dhcp before and after logging in. Any changes? Try to set the ip and mac address from the authenticated client on the unauthenticated one. Should produce an "duplicate ip address detected" error and have a look if you can access the internet. Please give detailed information on what you did and what the result was.

Cheers,
RBA


I used a script that looks on the LAN and sees the different IP numbers that are currently connected to the lan. Then I choose one of those and get the MAC address of that host. I change my MAC address to that I found from the connected host.


I used this method some times and it works.


Here is the link to the script I wrote : [size=78%]https://github.com/erogol/hacking_scripts[/size]

14
Hacking and Security / Re: Accessing a restricted internet connection behind a access controller?
« on: October 24, 2012, 01:03:00 am »
Quote from: RedBullAddicted on October 22, 2012, 08:17:10 am
Hi,

guess you are talking about some 802.1X protected network. There are many different ways to setup radius based access to a network. If you need to enter an username and a password I dont think you will make it through by just changing your mac address. Guess they create username and password combination in an directory like LDAP and allow authenticated users access to the internet and other parts of their network. Without knowing a correct combination you will be put into an isolated network part where you cant do anything. Describe everything you need to do a bit more in detail. Do you connect to a wireless network, open a browser and you need to enter your login credentials to a website? Or is it a wired network with domain authentication? Dont think there will be an easy way... not even sure if there is a way anyways.

Cheers,
RBA

When you connect to lan (can be eth or wlan) you need to enter your ID and the password to connect to internet. The system is Coova. You might see on internet. I don't know what kind of blockage it uses but I pass it some times with MAC address change. Thereby I am open new solutions.

15
Hacking and Security / Torrent connection on torrent restricted university network
« on: October 21, 2012, 11:34:22 pm »
I am connecting to internet at my university campus but before I connect to, I need to enter my ID and password, wherever I am. What is problematic about is that I cannot use torrent. If system catches you for any torrent connection it bans you for a while. What can I do, to pass this torrent restriction? Any suggestion?

Pages: [1] 2