background preloader

Man-in-the-middle attack

Man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle.[1] Example of an attack[edit] Illustration of man-in-the-middle attack. Suppose Alice wishes to communicate with Bob. 1. Related:  Secure Comm tools (dev included)Attacks

Le jeu sécurise les échanges mobiles Pour assurer une connexion sécurisée entre deux appareils mobiles, l'une des solutions consiste à soumettre les utilisateurs à un exercice ludique de mémorisation. Lors des échanges entre deux appareils mobiles - via Bluetooth, Wi-Fi, ou RFID - il est essentiel de veiller à la sécurité de la communication. Pour amener les utilisateurs à s'assurer que la connexion s'effectue dans les bonnes conditions, et qu'aucune attaque dite de l'homme du milieu (HDM) n'a modifié le déroulement de l'échange, une équipe de chercheurs de l'institut polytechnique de l'université de New York propose de passer par le jeu. Les scientifiques ont développé un programme, baptisé "Alice says", qui s'inspire du jeu de mémoire "Simon Says" (Jacques à dit, en Français). Chacun des deux utilisateurs ouvre en fait l'application dédiée - développée par les chercheurs, et préalablement installée sur leur smartphone.

Pass the hash In cryptanalysis and computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. This technique can be performed against any server/service accepting LM or NTLM authentication, whether it is running on a machine with Windows, Unix, or any other operating system. Description[edit] On systems/services using NTLM authentication, users' passwords are never sent in cleartext over the wire. Instead, they are provided to the requesting system, such as a domain controller, as a hash in a response to a challenge-response authentication scheme.[1] History[edit] In 2008, Hernan Ochoa published a tool called the "Pass-the-Hash Toolkit"[5] that allowed 'pass the hash' to be performed natively on Windows. Hash harvesting[edit] Mitigations[edit] See also[edit] Notes[edit] References[edit]

Network packet Terminology[edit] Architecture[edit] The basis of the packet concept is the postal letter: the header is like the envelope, the payload is the entire content inside the envelope, and the footer would be your signature at the bottom. .[2] Network design can achieve two major results by using packets: error detection and multiple host addressing.[citation needed] Framing[edit] Different communications protocols use different conventions for distinguishing between the elements of a packet and for formatting the user data. Contents[edit] A packet may contain any of the following components: Addresses The routing of network packets requires two network addresses, the source address of the sending host, and the destination address of the receiving host. Error detection and correction Error detection and correction is performed at various layers in the protocol stack. At the transmitter, the calculation is performed before the packet is sent. Hop counts Length Priority Payload Example: IP packets[edit]

Psiphon Un article de Wikipédia, l'encyclopédie libre. Psiphon est un logiciel développé depuis 2004 par des équipes d'universitaires canadiens, américains et anglais, et permettant de créer un réseau privé virtuel (VPN, Virtual Private Network) entre l'ordinateur d'un internaute et un serveur distant, afin de contourner les politiques de filtrage et de censure à l'encontre des internautes dans certains pays[1]. L'outil, développé sous licence GPL (General Public License), est multiplateforme (Windows, GNU/Linux et bientôt Macintosh) et indétectable d'après ses auteurs[1]. Récompenses[modifier | modifier le code] En 2008, Psiphon a gagné le « Grand Prix Netexplorateur » de l’année de France pour « l’initiative numérique et Internet la plus originale, la plus importante et la plus exemplaire du monde ». Principe[modifier | modifier le code] Le principe consiste à installer le logiciel sur son ordinateur. Notes[modifier | modifier le code] Voir aussi[modifier | modifier le code]

How To Use Netcat to Establish and Test TCP and UDP Connections on a VPS Introduction Linux is known for having a great number of mature, useful command line utilities available out of the box in most distributions. Skilled system administrators can do much of their work using the built-in tools without having to install additional software. In this guide, we will discuss how to use the netcat utility. Often referred to as a Swiss army knife of networking tools, this versatile command can assist you in monitoring, testing, and sending data across network connections. We will be exploring this on an Ubuntu 12.04 VPS, but netcat should be available on almost any modern Linux distribution. General Syntax By default, netcat operates by initiating a TCP connection to a remote host. The most basic syntax is: netcat [options] host port This will attempt to initiate a TCP to the defined host on the port number specified. If you would like to send a UDP packet instead of initiating a TCP connection, you can use the -u option: netcat -u host port netcat host startport-endport

Internet Protocol The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. Historically, IP was the connectionless datagram service in the original Transmission Control Program introduced by Vint Cerf and Bob Kahn in 1974, which was complemented by a connection-oriented service that became the basis for the Transmission Control Protocol (TCP). The Internet protocol suite is therefore often referred to as TCP/IP. The first major version of IP, Internet Protocol Version 4 (IPv4), is the dominant protocol of the Internet. Function[edit] Sample encapsulation of application data from UDP to a Link protocol frame Version history[edit] IP versions 0 to 3 were experimental versions, used between 1977 and 1979. Version number 5 was used by the Internet Stream Protocol, an experimental streaming protocol. Reliability[edit] Security[edit]

Créer gratuitement et en quelques secondes un serveur proxy Ce midi, on va apprendre a s'installer un petit serveur proxy rapidement et sans avoir besoin de serveur dédié... Simplement en utilisant Google App Engine qui offre un espace de stockage gratuit. Ce proxy est basé sur le code Mirrorr et a été porté par Amit Argawal sur Google App Engine. Il permet entre autre la consultation de vidéos flash (Youtube and co). J'ai repris cette technique décrite initialement pour Windows et j'ai essayé de la rendre compréhensible à la fois pour Windows, Mac mais aussi Linux. Le première étape consiste à vous créer un compte sur Google Apps. Cliquez sur le bouton "Create an application" et nommez votre application. Une fois que c'est fait, rendez vous sur le site de Python.org et téléchargez puis installez Python (Pour Linux, Windows ou Mac) ou faites un sudo apt-get install python Rendez vous ensuite sur la page de téléchargement du SDK Google app engine pour Python et téléchargez la version qui correspond à votre OS. . Et voilà, le tour est joué ! [source]

Easiest Way to Hack ! NETBIOS BASED HACKING TUTORIAL   BY Ethical Hacker GAURAV KUMAR ethicalhackers@yahoo.com Note- This tutorial may bear a resemblance to tutorials written by other authors. I have acknowledged to tutorials or articles that I referred before writing this tutorial. It is possible that there may be other tutorials I have not referred and are similar to my tutorial. It is not possible for me to give acknowledgment to such tutorials and hence there must be no copyright or legal issues regarding thistutorial. Preface Dear reader I have written this tutorial keeping in mind that readers having only the basic knowledge will also be able to know how hackers hack using NetBIOS. Contents- A brief lesson on NetBIOS The NBTSTAT command What you need to hack ? Types of attacks Searching for a victim Lets Hack - Part 1 Remotely reading/writing to a victim's computer Cracking "Share "passwords Using IPC$ to hack Windows NT Penetrating in to the victim's computer Lets Hack - Part 2 Denial of service attack How to protect yourself Name of the computer Username Domain Computer Name 1.

Related: