RSSWilson

Video: Man-in-the-Middle Attack on MySpace with Cain

| March 13, 2008

By Brian Wilson, CISSP, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Last year at ChicagoCon 2007, Brian Wilson gave a great talk entitled "Cain & Abel: Windows Can Hack, Too!" Although the presentation and audio recording of the talk can be downloaded from the ChicagoCon site at Library arrow Media Lab arrow 2007 Evening Presentation Files, I had totally forgotten to publish his videos. Just in case things didn’t go as planned during the live event or his laptop crapped out on him, Brian made a video of the MITM attack he demonstrated using Cain. They made it on the DVD passed out to the attendees, but unfortunately not in his column… until now!

Although we often talk about this incredibly versatile tool here on EH-Net, for the uninitiated…

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

Continue Reading

Product Review: GFiLANguard NSS 8

| June 28, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

gfi.gifBy Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

I recently was asked to test drive GFiLANguard Network Security Scanner (N.S.S.) 8.0 and write my findings. GFi describes LANguard as having the ability to "check your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more." Having known about this product for quite some time but never getting my hands on it, I was excited as I had the perfect idea for testing its described capabilities.

I immediately contacted the Director of a local non-profit organization, and asked if they would be willing to be my test bed for this network security auditing tool. After explaining my intentions, they were very happy to open their doors and be a gracious host. And, considering that GFi was kind enough to extend the temporary licenses to a full year for every copy of the software for the non-profit, they were thrilled to be selected as our site of choice.

To give you a brief background on the non-profit, they are a home for disadvantaged youth and orphans while also providing family services to children. They have a main location with 200 workstations, 8 servers with varying duties, and 5 remote offices connected to the main location via Layer 2 VPNs. Due to being a non-profit where funding is very limited, their team consists of only two Network Administrators. Since I have assisted them in the past with lots of volunteered time and services, I was very aware of the network design and need for help. This network was pieced together over time with whatever was on hand or donated, so there are many different versions of Windows and other OSs on the network. Also, the remote offices are hundred of miles from the main campus, so patch and update management is done when time permits. The two current Network Administrators are self-taught and mainly care about the mission of their organization and not the little money they get paid. Now that I have painted a picture of this network and how it is maintained, I will roll into how the LANguard software was tested and received by the local staff on their network.

Continue Reading

Free WiFi in Airports and Public Hotspots

| April 14, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

apRecently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. I thought that was just too much money for a quick internet connection, and my layover between flights was about 3 hours. I decided to see what I could access while connected to there AP.

Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. I hold no responsibility for any actions or damage that might accrue if you try anything explained in this paper. “Do not do this at home kids” hacking/cracking/pen testing might be harmful to your health.

Continue Reading

How Cable Modems Work

| April 12, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

modem_docsisBy Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

So you have a broadband connection at home or work and are wondering how it all works. Well I hope to offer a low-tech level explanation, so you will have a better understanding of how your connection works. Broadband services from cable companies or Multiple Service Operators (MSOs) are normally provided via cable modems and 90% of the cable modems are using DOCSIS (Data over Cable Service Interface Specification).

Continue Reading

Fun with Online VoIP Hacking

| April 2, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

voip-stationBy Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without permission from owner of the network/service you plan on testing. I hold no responsibility for any actions or damage that might accrue if you try anything explained in this paper.

Ok… We all have heard of Vonage and the other VoIP providers that will give you unlimited phone services over your broadband connection using your regular old phone. But there are other services that are similar but have a few extra fun options. Let's take a look.

Continue Reading

Video: Alternate Data Streams (ADS): Hiding In Plain Site

| March 21, 2007

By Dan Honkanen, GCIH, Security+, MCP, DCSE

stealthfighterThis video is a companion to “Alternate Data Streams (ADS): Hiding In Plain Site” by myself and Brian Wilson. I am going to show you how Alternate Data Streams (ADS) work and show you a small example of how to make one. ADS is a feature in the NTFS file systems to make a compatibility with HFS, or the old Macintosh Hierarchical File System. ADS has been a function of NTFS since NT 4.0 and is still available in Windows XP (and yes even Windows Vista). ADS gives you the ability to inject/add file data into existing files without affecting their functionality, size, or display in utilities like Windows Explorer or even “dir” under command line.

Continue Reading

Alternate Data Streams (ADS): Hiding In Plain Site

| February 27, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

b2By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Contributions to this article and the accompanying ADS Video were provided by Dan Honkanen, GCIH, Security+, MCP, DCSE

In this little article I am going to show you how Alternate Data Streams (ADS) work and show you a small example of how to make one. ADS is a feature in the NTFS file systems to make a compatibility with HFS, or the old Macintosh Hierarchical File System. ADS has been a function of NTFS since NT 4.0 and is still available in Windows XP (and yes even Windows Vista). ADS gives you the ability to inject/add file data into existing files without affecting their functionality, size, or display in utilities like Windows Explorer or even "dir" under command line.

Continue Reading

Pick Your Poison – ARP, MAC, WiFi

| February 10, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Active ImageIn this paper we will cover the basics on Address Resolution Protocol (ARP), Media Access Control (MAC) Addresses, Wireless (WiFi), and layer 2 communications. I hope to explain how a "Man in the Middle Attack" works. The common name for this is ARP poisoning, MAC poisoning, or Spoofing. Before we can get into how the poisoning works, we need to learn about how the OSI Model works and what happens at layer 2 of the OSI Model. To keep this basic we will only scratch the surface on the OSI model to get the idea of how protocols work and communicate with each other.  The OSI (Open Systems Interconnection) Model was developed by the International Standards Organization (ISO) in 1984 in an attempt to provide some standard to the way networking should work. It is a theoretical layered model in which the notion of networking is divided into several layers, each of which defines specific functions and/or features. However this model is only a general guideline for developing usable network interfaces and protocols. Sometimes it may become very difficult to distinguish between each layer as some vendors do not adhere to the model completely. Despite all this the OSI model has earned the honor of being "the model" upon which all good network protocols are based.

Continue Reading