Feb 18, 2012

[Tutorial] DoS Attack On A Network.

Denail Of Service (DoS) attack is an effective way to block traffic from your target pc or whole network.
You can use DoS attack to stop your victim from browsing the internet. Or maybe you can DoS his/them to gain all the bandwidth in your network without disconnecting other users.

DoS Attack in a LAN is very simple in Linux (BackTrack).

Just fire up your terminal and type:

arpspoof -i <your_interface_name> <your_gateway;router_ip>

eg: arpspoof -i wlan0

This command will DoS the whole network without disconnecting the users, but you will still be able to browse without any side-effects.

If you want to give them access again, just ip forward from your machine:

echo 1 > /proc/sys/net/ipv4/ip_forward

And, if you want to just attack one victim, the commands would be:

arpspoof -i <interface_name> -t <target_pc> <gateway>
arpspoof -i <interface_name> -t <gateway> <target_pc>
arpspoof -i wlan0 -t
arpspoof -i wlan0 -t

Enter the command in two separate tabs.
And again,

echo 1 > /proc/sys/net/ipv4/ip_forward

to disable DoS.

So, enjoy people. But dont forget to change your mac address and let them access internet from time to time, else they may maintain the

Feb 14, 2012

[Tutorial] Gaining Credentials Via Phishing/Fake Pages!

Was busy with studies so was unable to post sooner.
As mentioned in my earlier post, I am writing this tutorial about phishing pages.

So what is phishing?
Wikipedia defines phishing as:
"Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication."

So, in short it is a way of gaining user credentials via fake pages acting to be original ones.

Most of other tutorials you find in internet ask you to make an account in free hosting sites and host your phishing page and phishing script in it, and when you do it, your account gets blocked within a day because you are using it for illegal purpose.

I also tried the same at first, but got tired of getting my accounts blocked withing few hours.

So, here is a smart trick of doing it:
** Make an account in free hosting sites, my personal favorite is phpnet.us,
confirm it by checking your email.

** Now what you have to do is, not to upload the phising page in these servers but use pastehtml.com to host your fake/phising page.

Wondering what to do in the free hosting servers?? You upload your phishing script in this place. I got a script from somewhere I forgot (If anyone reading this is original author then please don't mind in sharing your work, Full credit for this script goes to you.)

Click here to get the script, save it as .php. and upload it in required place in the server.

** Go, to the page you want to make fake of, lets take facebook here.

** Get the source of facebook login page or simply just save the page.
open the page with text editor and find word "action" followed by a link inside inverted comma. Replace the link with link to your script.
for eg:

** upload the code to pastehtml.com.

** got to dot.tk and get a .tk domain name by pasting the link of your fake page from pastehtml.

** spread the page.

** whenever anyone logins in that page thinking that it is a real one, they get f**cked up. To find the user credentials and passwords login to your account in hosting site, you will find a .htm file with filename you specified in the php script.

Thats all good peoples, if you think this tutorial is not detailed enough, then please comment and give feedbacks, I will make it more easier with some screenshots too.