Browsing All Posts filed under »Tutorials«

Scapy – Decode and forge your own packet

January 24, 2012

3

I started to write articles on the wiki of Sec IT’s related to the posts on this blog. If you want to modify or improve the articles (I’m pretty sure there are plenty of typos and materials to describe), feel free to edit it on the wiki. Scapy is an application for packet manipulation written in […]

MITM 3: ARP spoofing

January 20, 2012

1

The first step in a Man In The Middle attack is to modify the ARP table of the victim’s computer and the default gateway router in this way: ARP table (victim) ARP table (router) IP MAC address IP MAC address 192.168.0.1 (router IP) Attacker MAC address 192.168.0.2 (victim IP) Attacker MAC address Before spoofing, you […]

MITM 2: The OSI model (layer 1-2-3)

January 17, 2012

1

A Man In The Middle (MITM) attack uses the protocol ARP to: impersonate the router used as default gateway from the target computer point of view. impersonate the target computer from the router point of view. Once the impersonification done, the attacker uses the protocol IP to: Forward the communication from the target computer to the […]

Man In The Middle Part 1: Introduction

November 6, 2011

0

With my flatmates, a friendly war started. A kind of capture the flag, where the flag is posting a comment with a hijacked Facebook session. I first started with my defence and I came up with the obvious that a Man In The Middle (MITM) will be attempt. A MITM is an active eavesdropping attack […]

HTTP Data tampering

October 13, 2011

0

This tutorial is related to the previous Bypass an IP camera AXIS’ authentication tutorial. I already gave a brief description of the use of nmap now I’m going to talk about data tampering in HTTP communications. Before diving into the topic, it is important to understand how the data is carried when you request a web […]

Basic use of nmap

October 7, 2011

0

I figured out I gave a light description of the hack in my previous post so I decided to give a thorough description of nmap and data tampering. Let’s start with nmap: nmap, short for network mapper, is a free open-source security/hacking tool, developed by Gordon Lyon, that send specially crafted packets over a computer […]

Bypass an IP camera AXIS’ authentication

October 4, 2011

1

Last year (2010), for my first Ethical Hacking lab, I had to bypass the HTTP authentication system of an IP camera AXIS using the Axis Network Camera HTTP Authentication Bypass security flaw to create a new user with all privileges and change the root password. This was just a funny-first-lab to get an overview of […]