Tired of ads? Upgrade to paid account and never see ads again!
CIDST End Goal Establishments
cmdjunkie
Individual Sabotage:

  1. Identify the target's primary email address

  2. Locate  online accounts they own

  3. Perform recon on their personal lifestyle


  • Spouse, children, workplace

  • Boss, peers, partners

  • College, Uni, Military

  • Car, Address, City/Location


  1. Crack their email account

  2. Identify who they bank with

  3. Pull their tax records

  4. Identify their children's school, grade and homeroom teacher

  5. Identify their spouses parents, address, and thier email addresses respectively


HHM Model ( Hassles | Headaches | Misery )
The following end-goals can be classified as hassles, headaches or misery when targeting an individual.  Remember, we don't do anything in the physical world.  No vandalism, no TPing, no tire slashing... unless...well... yeah, that shit's kinda fun.

  • Phone Sabotage

  • Child Porn on PC/Phone

  • Social media account compromise

  • Infidelity Sabotage

  • Traffic Tickets

  • Taxes

  • Financial / Economic Assults

  • Reputation Assualts

  • Rape Allegations

Common Post-Ex List Collection (CPLC)
The following are post-exploitation goals: or what to do with a compromised machine:

Web Server

    • Phishing Site

    • Malware Download Sie

    • Piracy / Warez Server

    • Child Porn Server

    • Spam Site

    Email Attacks

    • WebMail Spam Server

    • Standard Abroad Spam Server

    • Harvesting Email Contacts

    • Access to Corporate Email

    Virtual Goods

    • Online Gaming Characters

    • Online Gaming Goods

    • Game Licence Keys

    • OS License Keys

    Reputation Hijacking

    • Facebook

    • Twitter

    • LinkedIn

    • Google+

    Bot Activity

    • Spam Zombie

    • DDoS Extortion Zombie

    • ClickFraud Zombie

    • AnonProxy

    • CAPTCHA Solver

    Credentials

    • Ebay / Paypal Fake Auctions

    • Online Gaming Creds

    • FTP Credentials

    • Skype/Voip Creds

    • Client Side Encryption Creds

    Finac Credentials

    • Bank Account Data

    • Credit Card Data

    • Stock Trading Account

    • Mutual Fund / 401k Account

    Hostage Attacks

    • Fake AV

    • Ransomeware

    • Email Account Ransom

    • Webcam Image Extortion

    The purpose of the categories and the lists above is to supply a collection of end-goals that drive the motivation of CI engagements and activities.  Using the DST (Destruction | Surveillance | Theft) model, the Common Postex List can be used to define an end-goal for active engagements.  Combat Informatics is not specifically focused on the technical aspects of security or pentesting.  It is to define a mind map and mental model for performing offensive techniques in order to achieve a specifical goal.  Without goals, what's the point of continuously expanding upon your skillset?

    (no subject)
    cmdjunkie
    Optimizing Python (may be worth the read)
    https://www.airpair.com/python/posts/optimizing-python-code

    I've been working on something big for the last couple of months.  When everything changed back in January, I had to shake things up a bit in order to come out unscathed.  March 6th brought what would become a saving grace as well as a slight disappointment.  Truth be told, I was never that excited about that soggy opportunity, I just wanted out -- or something drastically different.  I found it interesting that only one person at my previous place of work asked me why I was leaving for my current state of slavery if I was looking to migrate to the land of wet emeralds anyway.  I deflected that question as I naturally do when an answer isn't necessary and looked around suspiciously.  I'm on a sentimental journey; chasing an ideal, not a job or a new city to reside.

    What's coming is an opportunity to live like I want to live.  It's a chance to dedicate myself to my tradecraft and improve my skillset beyond anything I might be able to achieve without having the chance to do it all the time.  I've been working torward this since I got my first degree in 2006.  It's what I've always wanted as it speaks to the sporatic, seemingly random lifestyle that I naturally lead.

    I'm not compatible with the 9-5 model.  My creative juices and ability to perform and produce good work does not happen on a schedule.  I'm practically braindead in the mornings, which is why I either read blogs and news stories or just contribute to my own.  I'm not a morning person and I think it's ridiculous to think that creative minds like myself can come into an office at 9am (heaven forbid anytime earlier) and actually get right to work.  One of the guys I now work with is like that, but he's a fucking robot.  I asked him what he works on in his spare time or if he's got side projects going and he looks at me like I'm crazy.  It was then that I deduced that he's simply a programmer.  He comes into work, gets as much done as he can and goes home to his wife.  I respect that, but I realize that I'm the exact opposite.

    As I told one of my friends the other day, it's not a job I'm chasing, it's a lifestyle.  It's the free reign to hack as I please, when I please, where I please and shed the shackles of modern workforce 9-5 slavery.  When everyone I know is just trying to get a good job so they can keep their head above water, I'm over here playing legos with potential employers in the valley.  I feel privileged to have developed the skillset I have that grants me the ability to find work within a week.  And with that, I've bounced around until something great came along.

    So as I forray into the world of becoming a bonofide professional pentester, I realize that there are a few things I need to do:

    1. Finish setting up my new lab in my office.  I need to find some Server 2012 ISO's so I can set up the AD environment.

    2. Upgrade the fan in my T41 and reinstall BT5.  I miss that stupid machine.  It's either that or just buy a new one, which is what I should have done in the first place instead of trying to go all hardware tinkerer on my shit.  (I never understood how dudes are fascinated with hardware.  It seems so limited).

    3. Enumerate, download and stand up a variety of vulnerable systems for testing and practice.  I should also be designing the CIDST framework around those vulnerable targets and finishing the core TTPs for the program.

    4. Continue refining common attacks and attack vectors as well as postex procedures.

    More on this later. 

    Memorialize This
    cmdjunkie
    Today's topics of discussion:

    The first three CI DST candidates, thier progress, their motivation and thus the obsessive compulsion that is security work

    Over the last couple of weeks I've had numerous people come to me and ask about either programming/code or "getting into security".  I naturally want to help anyone that wants to help themself, so I try to give these individuals some guidance and information that can help them get to where they need to go.  My involvement with their aspirations turned into a couple of realizations.  One, everyone out there is lost and confused and social media makes it worse.  People want to have some passion about something, but most don't.  They see others with it, and they're endlessly envious because they have nothing like that in their lives.  Two, most don't know what they want.  They think they do, but they typically haven't dug deep enough to find out what it is at a philosophical level that they want to achieve.  When I listen to people tell me they want to learn to program, or they want to be in security, I dial it back and ask them what they're really trying to accomplish.  'Want' is the most powerful aspect of life as it will push you to acquire what it is you're set your sights on.  If you don't know what it is you specifically want, then you're never going to get there.  Want can be looked at as a math problem whereas you simplfy your answer until you can't simplify it anymore.  You want to be a programmer?  Too broad.  You want to be a game programmer?  Still too broad.  Simplify it.  Get it down to saying, "I want to make a game on the Android where I can play with my friend remotely across town".  That's a specific goal.  You want to be in security?  Too fucking broad.  You want to learn some hacking stuff?  Well who doesn't?  You want to learn how to crack your neighbors weakass WEP encrypted WiFi because you can't pay your internet bill this month?  Now we're talking.  The idea is that the goal has to be specific so you can begin to take baby steps toward it and figure it out incrementally.

    Three of the people that have been asking me about how to break into some industry or whathaveyou, have been given what I call OSSPreliminary tasks to complete.  The tasks assigned are relatively simple recon activities to perform based around the smart goal approach.  Of the three I initiated for Combat Informatics activities, only one has uploaded at least one file to HER repository in the data store.  Of the other two potentials, I have little faith they'll finish the assignment, let alone develop enough of an interest in security/ combat informatics to do anything on their own.  This is telling and not at all a surprise to me at this point.  I've learned and come to the conclusion that you can't just "get into security".  It's just not something you can excel at without having an obsessive compulsion to do so.

    I know this because my security interest is rooted in a desire to become powerful.  I'm driven to learn and experiment with computers and security, not because it's cool, popular, topical and lucrative, but because I'm utterly obsessed with the power that comes along with he knowledge.  Most don't have that obsession and as a result, they're not driven to learn.  Even more discerning is the fact that anyone around my age (or younger) wants reward without effort.  No one wants to put the time in and work, they just want to immediately be involved.

    I can't help someone who doesn't want to help themselves.  If you don't have the drive and motivation to sit down and put in the effort to learn something you claim you want to learn, then no one can help you.  And don't come to me after I've slaved for the last 15+ years asking me for shortcuts and hand-holding so I can help you get to where I am.  Fuck that.  Put in the work.

    Programmers vs. Developers (Robots vs. Artists)
    I started my current position about a month ago and it's been an eye opening experience.  As my first professional programming position, I've recgonized the differences between those that can write code and it's absolutely fascinating.  First off, I'd like to say that coding is the new cursive.  This is a maxim I came up with in Seattle, as I consorted with what felt like a city of nerds.  In the future (right now), everyone can write code.  Everyone can write software.  It's nothing special.  It's akin to writing a paper.  Kids should be taught in school and it should be something everyone can at least do to an extent.

    The difference at this point, and going forward is the individuality that one can bring to a project.  Programming/coding/development or whatever the hell you want to call it, is now an art form.  What makes people and their programming acumen valuable is their unique take and individuality that they can bring to the table.  No two programmers will create the same solution and that's where the value comes from.  In a world where everyone can code, the artist/visionary with the idea(s) is king.  It comes down to not how you create things, but what you wind up with in the end.  This is the difference between those that understand how to put a solution together and those that just simply want to create things.  I asked a co-worker on my team to tell me about his side projects and he said he doesn't do side projects --he's just not that type of programmer.  I have nothing against those folks either.  The visionary needs them as they're essentially code generators that do as they're told.

    Psychology and Philosophy behind Sec | Dev | GameDev and fucking wannabes
    All of these different types or new ago IT workers live in their own worlds.  Their working philosophies are governered by the nature of their work.  Security guys are rule makers and/or rule breakers and information junkies.  They're driven by their desire to either secure or circumvent in order to protect or acquire information.  They understand that information is the new currency and they live their lives by that ideal whether they realize it or not.

    Developers on the other hand don't give a shit about rules.  They don't even think about rules in their daily mind-cycles.  Developers focus on creativity, fluidity and efficieny as nothing in the developers mind is impossible.  Yes, there are no impossibilities to a developer as the manifestation of an idea is all it takes for a developer to chase an end goal.  Developers have a freedom in their work that only writers share -- the freedom of grand creation, limited by nothing but pure thought.  That is godlike.

    Game developers are even more removed from the constraints of physicality as the worlds they create are interactive and they merge with the real world -- and conseqently, consciousness, unlike simple programs or applications of the developers' world.

    All of these are beneficial in their own right.  They simply cater to individuals that are aligned with the philosophy of the work.

    Pentesting is...
    I have nothing against gaming, or gamers for that matter.  In fact, I love sitting down and playing a good game for an hour or two, taking my mind off of things if only temporarily.  I can't however, dedicate anymore time to video games than that because really, they're such a waste of time.  But I have to admit, Pentesting (the small subsection of security work that it is) is essentially a real world video game.  To me, it may be the best video game in the world as it's mastery provides you with power in the real world.  Like a video game, there are rules, challenges, levels, accomplishments and essential level-ups, only they're real in a virtual space.  Spend time learning the game, and master the world around you.  How cool is that???


    Tool reviews:
    As plan on completely transitioning into a working pentester, I'll be conducting periodic reviews on new tools I come across in my daily readings and research.  I think tool reviews are beneficial, as they're often new (and better) ways to perform common tasks quickly and more efficiently.  Pentesting fundamentals don't change -- the goal is always to perform the same steps quicker and more efficiently, with output being organized in a manner that's easily readable and accessible.  The faster you can do something, organize the output, put it in context and put it to use, the better.  The following tools I'll be testing and reviewing throughout the week:

    1. Spiderfoot OSINT Automation Spider

    2. InstaRecon - Automated Subdomain Discovery Tool

    3. zzuf - Applicaton Input fuzzing tool

    4. Wapiti - Web application vulnerability scanner

    5. The Dude - Automatic Network Discovery and Layout tool


    Hump Day Decisions
    cmdjunkie
    Strategic Security is holding an exploit development course in Maryland next month and I'm thinknig about attending.  The dates are the 8th-12th.

    I've created a new sql instance that will allow me to process the enormous amount of fwlog data on my ubuntu server.  From here, I can use the current codebase to pull the logs and process the statistics, only the resource will be a mysql backend.  I'll be getting to this today and I plan to have the core funcationality of writing and reading to the DB by lunch.

    Optimization algorithms I learned in college have become critical to my success with the project I'm currently working on.  In the last couple of weeks I've written caching, pooling and streaming implementations in attempts to process massive amounts of data.  Even more, Today if I can get to it, I'll be microthreading the connections to my database in order to generate realtime metrics of firewall threat data.  More on this later.

    The new Logjam bug looks interesting as it affects 8.4% of the commercial internet web space.  It affects servers that use the Diffie-Hellman key exchange. Like FREAK, it's primarily a MITM attack where a connection between a client and a Diffie-Hellman enabled server can be be injected with payloads that reduces the encryption to 512-bit.  To operationalize this, the following items are needed:

    1. Mechanism to identify vulnerable hosts

    2. Requirements to implement the attack

    3. 2-3 hours to build the attack


    BlackThought Design Doc:


    Here's a quick pylet that keeps an eye on your memory usage:
    ********************
    import os
    import time
    while 1:
            os.system("vmstat")
            time.sleep(.3)
    ********************
    Make the console small so it doesn't take up a lot of space. 

    Lessons learned: CIDST
    cmdjunkie
    Lessons learned from solutionary pentest:

    1.  My lab needs to be updated and maintained so vulnerable platforms and instances can be easily deployed and tested against.
    2.  I should be standardizing attack methods and procedures for common and popular services.  The lab redesign should reflect this.
    3.  Further solidify enumeration steps for specified targets:

    • FTP Services

    • HTTPd Services

    • SSH Services

    • SQL Services

    • SQLi Injection

    • XSS Injection

    Enumeration steps should include: identifying the service version, testing for common vulnerabilities and default credentials, exploit searching, what to look for, how to determine actual vulnerability and how to organize findings.

    4.  Project Pencoil needs to be completed as its use is definitely in need.  The ability to quickly copy in the output of CLI tools for specific hosts would be time saving as well as a productivity booster.

    5.  To stay abreast of new vulnerabilities, implement PENTRN News capabilities into the PENTRN module upgrade.

    6. (BONUS)  Maintain a list of current and active targets that I'm working on.  Orgs, companies, PE's, platforms, code projects, etc.  (Whiteboard?)  Without a list of current work/projects, things get forgotten and discarded. 

    Brave New World
    cmdjunkie
    Current projects:

    1. Naiomi  -- Palo Alto Object Migration Tool

    2. BlackThreat -- RiskIQ Threat Analysis Security Control Efficacy

    3. Pencoil  -- Penetration testing module to collect, parse and organize raw text output from commandline tools

    4. CISDT Module - Collective module for penetration testing TTP and resource management

    Naiomi is the first project I was assigned to at my new position.  The tool utilizes Palo Alto's Panorama API to access, read, write and commit configuration changes to PA Firewalls.  The tool is 100% command line driven with an interactive mode (based on the OSS operationalization model) that allows you to log into and access numerous Panorama instances in order to migrate objects between them.

    BlackThreat is the current project I'm working on, putting forth some effort to identify gaps and lackluster security controls by using a blacklist provided by RiskIQ.  The project has taken me longer than expected because the requirements have been ambiguous from the beginning.  I've learned in my 6 weeks of development work that solid requirements are an absolute must before any code is written.  (More on this later).

    Pencoil came out of the need to track all commandline activity when performing a pentest.  It's currently anything but polished, but its core functionality is there and it works as I imagined it would.  The goal is to have a dynamic, searchable, repositority for all commandline activities performed on a host.  Each host will be its own context wthin the application, allowing you to switch between hosts/targets and dump the group-labels or search all content in order to quickly retrieve information.  I feel this will come in handy during fast-paced pentests (and CTF's) because I hate having to document or organize data as I'm poking around a network.  I need to move quickly because I get bored when things don't move as fast as I think.

    Finally, CIDST module is the interactive implementation of my security training program (Combat Informatics: Destruction Surviellance Theft).  CIDST is a project I've been working on for almost 5 years.  The goal is to standardize my work and practices, make them repeatable and hone them so they're second nature.   Currently I have a couple of modules that do very different things:
                    pentrn-g:    Interactive GUI with a searchable collection of offensive tools, tactics, techniques and procedures (Very useful)
                    deftrn:        Interactive GUI with a searchable collection of defensive tools, tactics, techniques and procedures (eh... DFIR sucks)
                    CI_Index_UI.py:    Interactive GUI with content geared toward and organized in alignment with standard penetration testing methodology
    The application needs to be able to update the data source (XLS file) as needed, without going to Excel.  It also needs a functioning search feature (which would really enhance it).

    The ultimate goal with the CIDST module is to merge all discipline modules into one where you can easily toggle between modes.  I also want to incorporate the OSS theory as well as simplified REVEX procedures.  Also, Pencoil should be integrated into the module as well as keeping track of activies is important on any engagement.

    ---

    Over the next couple of weeks I'll be blogging about setting up a enterprise level penetration testing lab.  This is the last piece of the puzzle.

    OSCE in 3 Weeks -- although  I'll likely be purchasing additional lab time to work with the web vulns I've become extremely interested in.

    -q0m

    Powershell ShellCode Injection
    cmdjunkie
    Dave Kennedy introduced this attack in SET and it’s a very useful technique especially because most AV vendors don’t detect it. The easy part is generating the actual shellcode because Metasploit does all of that work for you. The hardest part of this technique is getting the user to do something in order to execute the code. You can have them execute it via multiple attack vectors so it’s important to be creative. Think autoruns, etc.

    Run SET
    10> Powershell Attack Vectors
    1> Powershell Alphanumeric Shellcode Injector

    Set up the payload listener (this is the machine you want the victim to connect back to). Go ahead and configure the architecture of the victim and watch Metasploit run and generate your shellcode.

    In Kali, the generated shellcode will be located in:
    /usr/share/set/reports/powershell/

    If you’re still using Backtrack, I can get down with that but you should upgrade. Kali is the bomb.
    Once the victim executes that code, the listening machine will get a shell and you’re golden. It’s a good idea to plan out some ways in which targets will execute your shellcode. This is why this is a social engineering attack. Werd up son.

    Network Attack Abstract (ITPE)

    Descrip: Generating a Powershell Shellcode Injector

    Int / Req: Social Engineering, Remote Access [Shell]Obtained

    Tools: SET, Metasploit, Powershell

    Procedure:
    1.) Identify a Windows target to exploit
    2.) Set up your reverse shell callback host
    3.) Generate the Powershell Injection code
    4.) Devise a method of user action to run the exploit

    Exercises :
    1.) Inject the ps1shellcode into an MS Office file for stealthy exploitation
    2.) Using legitimate credentials, place a ps1 shellcode injection file into an autorun file on a neighbor’s machine

    Attack Practice:
    1.) Quickly generate a Powershell Shellcode Injection ps1 file with a callback host to 192.168.1.22.

    PENTRN Vocabulary and Vernacular
    cmdjunkie
    Target: The subject being subjected to penetration analsysis
    G2: Mandatory 2 hours of Google research pertaining to the target.
    IG2ST: Initial G2 Steps to Take
    LFH: Low Hanging Fruit
    IMEH: Initial Mandatory Email Harvest
    CAL: Contacts and Associates List
    PPOE:  Potential Points of Entry
    NSD: Network Security Defender
    FLB: Forward Lookup Brute force.  

    InfoSec: Not Quite Pointless, but close
    cmdjunkie
    Is information security a phantom career choice?  Does it exist because it’s a natural reaction to a force that cannot be controlled?  I’m beginning to think it is.

    I’m well aware of what it takes to protect a live, multi-user, multi-vectored network.  I’m familiar with Richard Bejtlich’s works, theories and methodologies.  I’m a seasoned programmer and I’m excellent at developing my own tools; whether they’re for analysis, recon, or real-time situational awareness.  However, what I’m not willing to do is kill myself or sacrifice my youth to what I like to call professional rabbit chasing.

    My close friends and school mates often ask me why I want to leave security behind.  They see my progress and current career state as enviable and profitable; alas, they’re on the outside looking in.  From an outsider’s perspective, information security seems like a fun and rewarding career.  You get to dig into the trenches, hunt down digital bad guys and develop strategies to protect networks against intruders.  I’ll admit there are fun aspects to the industry, but the reality of the situation is an overwhelming burden of stress and a high probability of infosec burnout.

    Infosec burnout is becoming more common and it’s starting to get some attention.  Having been in the industry for almost 8 years, I can confidently say that it’s an area that needs attention.  I admit, it’s fun and interesting to be at the forefront of what’s increasingly becoming a major topic of international socio-economic issues.  Everywhere you turn there’s some mention of data breaches, hackivism, NSA leaks or cyber-terrorism.  The importance of information security is taking off at an alarming rate and truth be told, it was just a matter of time.

    I was 12 years old when I realized that computers and information were the way of the future.  This was the year 1995.  I was obsessed with anything and everything computer related and dedicated myself to learning as much about them as I could.  I was no stranger to stealing books from school, rummaging through the dumpsters of CompUSA,  and riding my bike 15 miles to thrift shops/flea markets/computer conventions just to get my hands on some new equipment or meet someone that could open my world up to something new.  I knew there was something to be found within the confines of those copper wires that were beginning to connect the world over, I just didn’t know what it was or what it meant.

    Flash forward to 2013 and everyone’s got a Linux machine in their pocket, the primary way in which people communicate and share their lives is through a social web site and if you don’t know how to type, you’re practically worthless in our increasingly high-tech society.   It’s safe to say that the culture from which I came is long gone and the complete commercialization of computers, networks and more specifically “Information Security” is alive and kicking.

    I came from an era where the term Information Security didn’t really exist.  To be interested in computer security was a rebellious mindset; one that was rooted in angsty adolescence and the acknowledgement that intelligence didn’t necessarily mean straight A’s and a full ride to Brown.  Individuals like me that had an affinity for programming and dare I say, hacking, were interested and drawn to the LCD because there was something to be found, discovered and explored.  How were we to know that the endless pursuit of fun, creation, art and power would ever be packaged up, labeled and sold to the corporations of the world?

    Those from my generation are the true pursuers of this forbidden knowledge.  As information security becomes more main-stream it will evolve into a 9-5 job that will lack any and all passion.  It is the passionate ones that have the dedication, will and interest to protect the world’s data, but they are now too few and far between.  Those that have a passion for security, networking, coding, and ultimately hacking, do it for reasons that the masses and the average infosec 9-5er cannot explain.  Unfortunately these individuals are the worst possible candidates for filling a seat in an information security position.

    Information security personnel, once jaded, become liabilities.  I speak from experience because the amount of knowledge I’ve acquired over the last 7-15 years cannot be taken away from me.  In the modern high-tech and interconnected world that we live in, skills that I have honed over the majority of my life make me not only dangerous, but sketchy, shady and a threat to anyone who uses computers and networks to do business or live life; basically everyone.  I don’t find the same joy and satisfaction that I used to get from learning something new about security.  I think it’s due to the fact that I’ve realized that security is something that can never be mastered and to pursue mastery in a field as broad as information security is emotional, mental, and professional suicide.   My perspective is also brought on by the amount of work I take for my employer as I’m the only information security professional in the organization, but I digress.

    Eventually, I will get as far away from information security as I possibly can although that may be a less than economical decision considering there’s so much money to be made by exploiting it.  It’s very difficult for me to dedicate myself to something that feels like such a lost cause.  When I consider the amount of work and sacrifice it takes to just stay current within information security, I’m reminded of the life I want to live; a life that does not include sitting sedentary in front of a computer during the late night hours of my progressively stressful and sleepless life.

    Because information security requires the commitment of after hours functioning, it has no choice but to breed an anti-social discernment.  Those that don’t have the time or interest to put in the extra hours will never be sharp enough to make enough of a difference.  Those that have the interest will eventually realize that their time is more valuable than sitting around in their office, tinkering away at something that only a handful of people will appreciate.  In my experience, as a hacker gets older and the reasons he/she became a hacker in the first place begin to fade into obscurity, the really good things in life begin to take priority over what was once the most important thing in the world to them.  We can’t stay up all night for the rest of our lives.

    Information security won’t just affect your social life; it will also begin to take effect on your physical health.   To stay abreast, current, sharp and effective, one has no choice but to sit for long periods of time, burn the midnight oil and stay awake when everyone else is snoring.  I suppose this was fine when we were kids, but as adults, sleep becomes more and more important for a healthy lifestyle.

    I have to ask myself what the point is.  How much of a difference can you really make working in information security?  Is the job worth the stress when nothing you do can completely eliminate the threat of compromise?  Is the job worth the stress when every day you drive home and think to yourself, “Did I make a difference today?”  Is the job worth the lack of sleep, inevitable social sacrifices and adverse effects to your health?  To some it does because it’s profitable, new and growing in popularity. But to those that haven’t been around long enough to have developed a solidified perspective and dedication to what it takes to implement effective protection, I’m convinced the phantom position is for you.

    Attack Methodology: ARP Poisoning with Scapy
    cmdjunkie
    Scapy is one of my favorite tools.  It combines Python and Packet Analysis and Manipulation into one sweet little interpretive package.   Scapy can be used in a lot of different ways, but I like to use it to cause trouble and break shit.  To start off, I’m going to walk through how to ARP poison a network.

    ARP Poisoning can be performed in a lot of different ways.  It’s an effective attack because ARP has no authentication, meaning any system that’s sitting on the local area network will use all broadcast ARP requests to communicate.  This equates to a network vulnerability in that if you can produce spoofed ARP packets with MAC addresses that either don’t coincide with the IP associated OR MAC addresses that just don’t exist at all, you can seriously cause some havoc.

    Before I get into it, I just want to warn anyone that wants to try this to avoid testing it at work.  It’s effects are immediate and it’ll take a good 10 minutes for everyone’s computer on the local lan to clear out its ARP cache.


    The code is here

    EDIT: Whoa, I seem to have forgotten to import scapy.  Ahh well, you'll figure it out.


    Best,
    q0m~@support free info

    You are viewing cmdjunkie