Archive for the Privacy Category

Trying my hand at tabnabbing

Posted June 19, 2010 at 10:59 pm in Phishing, Privacy | No Comments

I recently learned about tabnabbing/tabgrabbing and decided to give it a try for myself. If you are unaware of what tabnabbing/tabgrabbing is then I suggest you point your browser to http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ for more detailed information regarding the attack.

The idea behind this attack is to deceive the user into believing they have left open a browser tab that has expired credentials in the hope that they’ll attempt to reauthenticate themselves so we’re able to steal their credentials. It’s important to note that the user must not have an expired session or have logged out from the site we are attempting to steal credentials from. The gist of this attack is that the user submits their credentials, we steal them, and then redirect them to the site they were attempting to access in the first place. In order to do this we’ll need someplace to store these valuable credentials so the first thing I did was setup a MySQL database to house them. Continue reading..

Tunneling nmap through Tor

Posted June 26, 2009 at 11:05 pm in Pen Testing, Privacy | No Comments

I looked at how to reduce your exposure using Tor earlier in the week. We installed Tor and Privoxy and configured our system to browse the Internet anonymously. We can use Tor and another great program called proxychains to Torify our network scans with nmap.

Before I continue I would like to recommend to anyone who doesn’t know what Tor is to read the aforementioned post. My post will walk you through installing Tor and provide additional background information. For anyone who doesn’t know what nmap is, you must be stuck on stuck on a Bell 103. All joking aside, ,map, short for network mapper, is a free and open source utility for network exploration or security auditing. It was created by Gordon “Fyodor” Lyon and has come a long way since its inception. A brief summary of its transformation: nmap’s original source code contained lines such as “fprintf(stderr, “Your ftp bounce server sucks, it won’t let us feed bogus ports!\n”);” and transformed itself into a movie star when it was featured in The Matrix Reloaded. It is used by network admins, system admins, and security professionals alike. You can find more detailed information at nmap.org.

Continue reading..

Reducing your exposure with Tor

Posted June 20, 2009 at 11:50 pm in Privacy | No Comments

TorA step often hastily overlooked in the attack process is the step of footprinting the target. As anyone who has ever had to thoroughly research a target knows this process can be exhausting and quite unrewarding. I tend to disagree with people who feel this is unrewarding. Researching a target is similar to learning to program, exploit, harden, etc. in my opinion. The more information you know about your target the more likely you are to succeed. As the old adage goes, “Proper planning prevents piss poor performance.”

We can enhance our performances by planning properly from the onset. This means remaining anonymous as long as possible through many different means. An easy method to accomplishing this anonymity early on in our attack process should begin with the The Onion Router (Tor). Tor is an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy.

Continue reading..

Page 1 of 212