ARP-Poisoning in practice

So yesterday i did some arp poisoning. Because, you know, i knew how it worked and so, but i never actually did it. And this ARP-poisoning went pretty well. I could follow my victims (my parents by the way) on the net and see where the were going.
I managed to retrieve all their passwords as well.



For the Arp cache attack i used:

• Cain and Abel (totally scriptkiddy i know)
• Ettercap
• Urlsnarf (i forgot the name but i believe it was Urlsnarf)
• Arpspoof (from the Dsniff packet)
• Wireshark

As you might suggest, I used all those software individually so i could check out arp-poisoning with both Windows and Linux. Oh, and by the way, I really can't believe why they didn't made a Cain and Able for the Linux. Cain and Able really is a reason for using a Windows instead of a Linux. It speeds up the process really well. A succesfull attack will be just a few clicks away. I understand as well why C&A is this famous in the scriptkiddie world. It is just to easy. You can compare it with a software to launch Nuclear missles (don't look for it on google, these software do not exist), just press on the launch button and you have started a nuclear war. Mhm...why does this remind me of Wargames?

Well that was it for yesterday, but what did i find out today. Today i made myself familiar to the python script Sslstrip for ARP-poisoning. With this script you can see even the passwords remote users type into ssl pages(https). This script makes use of an exploit to convert ssl sites (https) to normal sites (http). Well, not really convert, but the remote users gets to see an http site instead of a https site. This way the users types in his password in a http sites and so it can be viewed just as normally. This makes Sslstrip a really handy piece of software for your hackers arsenal.

Raseac_MI

New blog

People, i've just made a new blog about ftp. At that blog you can find information about how to use ftp at it's best. It's still in it's building process, but very soon it will be full of tips 'n trics and handy tutorials.

Regards,
Raseac_MI

Merry Christmas

Merry Christmas all of you! I didn't have the time to write a post yesterday nor that day before, but now i am back. So now it's Christmas. The time that we can we can all ask for geeky stuff, money or whatever you like. I asked the Santa-clause for money so i can buy an antenna for my laptop. This way i can wardrive more effectively. As you might think out of my previous sentence: i am really into wardriving again. First i just knew how to wardrive, but now I've got a laptop i can start going wardriving in real. Yeah!!! At this moment i know all the theory and software available and it is just waiting till Monday so i can buy an antenna.

The clue behind all this wardriving joy is that i am planning to combine this with ARP-poisoning, packet sniffing. And then, of course, i am gonna tell the owners of the hotspot that their internet connection isn't secure.

I also like the idea of mapping all hotspots in my local village. By the way i just read this article on the internet explaining how to upload your Kismet files to Google Earth. Well that's some geeky stuff. Here is the link: http://www.perrygeo.net/wordpress/?p=55.

Well, guess that was it.
regards,

Raseac_MI

Linux!!!

And People,
just as i promised, here is my second message. In just one single day! Now back to my point...

Guys, today i've installed Linux Ubuntu on my laptop. Just to check out all this mess on the internet that Linux is the real hackers OS. Well....i've checked it out and....My god this really is a wonderfull OS. Really, i didn't believe my eyes. I've immediately downloaded Wine, Aircrack, Kismet, Nmap and more.

At this moment i am learning all those unix commands. They're quite simple. (while i think DOS is simpler though)

I also reviewed my knowledge about wardriving(,warwalking, warflying, warskating etc). I am definitely gonna try this out in the field.

Well, that was it for today.

Happy Hacking,
Raseac_MI

Welcome to my Blog

Welcome readers, to my first post.
First i will introduce myself. I am Raseac_MI, a learning hacker. 13 years old. Later i would like to go into security. And to specify my future plans, i mean security with computers. My biggest dream is to become a Penetration Tester. Hacking while you're getting paid for it. I think that's the dream of almost any hacker on this planet.

In my free time i like to expand my knowledge about how operating systems work, networks and most important of all: keep up with the constant chang of technology. And that's the hardest part.

And some of you guys might think that i am just one of the many scriptkiddies. Well, i'am not.
While hacking i try to use as less software as possible. I don't seek my victims depending on the security vulnerability, but instead i chose a victim and then observate the system for vulnerabilities. And if you've read what i wrote in the first paragraph you must understand that i want to become a Pen Tester. And to make my way to that level i need to resist the easy tools freely available and do everything at my own.

Well...now, what am i gonna post on this blog?
On this blog or at this blog (english isn't my native language) i will put my thoughts and discoveries. So you might read this blog as a dairy. For example i will put my resent experiences (computer related), and technological discoveries. With discoveries i mean milesteps in my 'carreer'. So, for example, hack tacticts. What i will also post here are ebooks or links to text files. Becouse, of course, the most important thing to do as a hacker is expanding your knowledge. You can do this by reading.

Well that was my first post, i hope i have the time to put another one today. See you later folks.

Raseac_MI