Site Network: About

Steps to view one's Gmail Inbox

  1. ARP poisoning
  2. Sniff the network
  3. Get the valid cookie
  4. Replay the cookie
  5. You are in victims Gmail session
1. ARP poisoning: ARP poisoning is necessary to make the network traffic between Victim machine and Gateway to pass through your system. The ARP poisoning can be done either through Manual or Automated approach. Automated ARP poisoning can performed with tools like Ettercap, cain and abel (available only for windows) etc.

Steps to do ARP poisioning with Cain and Abel

1.a) Scan for MAC address in the network:


1.b) Choose your Victim through IP address:


1.c) Start ARP poisioining: One can see the traffic of victim's machine


2. Sniff the network: Sniffing is necessary to get the valid cookie. My favorite tool for sniffing is Wireshark (earlier called as Ethereal) which is a packet capturing tool.

2.a) Start Wireshark and capturing the traffic and the Cookie can be easily find out using "http.cookie" filter. As shown in screenshot one can see the mail traffic from the corresponding system.


3. Get the valid cookie: Gmail uses "GX" as a cookie value to authenticate. After capturing the traffic through Wireshark filter out GX cookie value.

3.a) Right click on the "GET" request and click on "Follow TCP stream" to get GX cookie.


Copy the GX value alone without semicolon to use it to replay.

4. Replay the cookie: Create a new cookie in your browser with same GX value (Replay).

4.a) For constructing the cookie, the firefox plugin "Add N Edit Cookies" is required. The plugin will look like this.


4.b) Click add to create a new cookie and place the corresponding values as follows and save it:
  • Name: GX
  • Content: GX (paste here the copied GX value)
  • Host: .mail.google.com
  • Path: /mail



5. You are in victims Gmail session: Successful replay of GX should take you to the victim's Gmail Session.

After saving the cookie, type mail.google.com/mail in address bar of the browser and press enter the you should be able to view the victim's Inbox.

The procedure can be found in the form of video blow as well as at http://www.youtube.com/watch?v=vjDLxmsET6g:




Enojy !!!!!!!!!!!!!!!!!!!!

Happy Replay.........

Thanx for viewing it and let me know the comments or clarifications if any.

hakin9 Magazine

Haking9 is a magazine which gives u an exact brief of all latest information security related news.
The url: hakin9

Please click on below image to checkout more about the current issue.



Below is the html Articles posted in their website about The Top Threats to Online Gamers

  • The Top Threats to Online Gamers
  • Rogue servers offering low or no cost games
  • Social engineering scams and phishing to gain log-in details
  • Malware specifically targeting online games
  • Exploiting vulnerabilities in game servers and browsers


For more information click on the above mentioned url.

SNMP Enumeration

For SNMP enumeration two easy tools like "snmpenum" & "snmpwalk"

snmpenum:
In backtrack, you can find "snmpenum" in -- > /pentest/enumeration/snmpenum

How to use: ./snmpenum.pl [IP] [community] [configfile]

Example: ./snmpenum.pl 10.0.0.5 public windows.txt

Usually by default, the SNMP strings will be public and private.

snmpenum: Just follow the below syntax directly.
snmpwalk -v 1 -c public [ip_address]

#sudo apt-get update
#sudo apt-get install wine cabextract



http://www.howtoforge.com/ubuntu_internet_explorer

c:\>net use \\host\IPC$ "" /u:administrator -> To check for Null Password for Username administrator

c:\>net use \\host\IPC$ "" /u:dummy -> To check for Null Password for Username dummy

c:\>net use \\host\IPC$ "" /u:"" -> To check for Null Session