Results 1 to 3 of 3

Thread: Basic understanding of Kali / Attecks

  1. 2014-07-02 #1
    A5hv1n
    A5hv1n is offline Junior Member
    Join Date
    2014-Jul
    Posts
    1

    Question Basic understanding of Kali / Attecks

    Hello,

    Before I ask the main questions, I have been using Kali for about 3 months now on and off and have been familiarizing myself with Linux and IPtables by jumping straight in and replacing my home network with Linux; even the router.

    As I come from a pure Windows environment I am trying to bring my self up to speed as quickly as possible so I can start looking at taking some training with Offensive Security without playing catch at the same time on the fundamentals.

    This is all with the mind set that the company I work for wish to start doing security audits of customers networks externally and internally using Kali and its tools.

    One of the things he wishes to show is the detection of Facebook details using a fake Facebook account which we give to a customer and then get them to access it from their computer and we then show them how with internal access to the network we can sniff out the details. its a bit like a magic show to break the ice when in a meeting with them.

    The two main ways I have been reading about are arp spoof with sslstrip and setoolkit with dns spoofing, both of which I have set up and tested, the only issue I am having is its hit and miss as if the victims computer as only ready been to Facebook it knows to force it back too https before sending the log in details.

    It seems that those attacks would work on a clean system that has never been on the website before and in such a case the dns spoof would get the best result. but it will have less of a wow factor if we have to use our own equipment as the victim PC.

    Am I missing a trick here, or would the only way be to directly attacking the victim PC which if its not our equipment is out of the questions for a demo or is their another attack I have not come across.

    Not asking for spoon feeding but Google search only brings up those 2 attacks and I need to go to my boss and tell him this is the way it is or we need to do it in another way.

    The aim is to get the login details without effecting the OS of the victim.
  2. 2014-07-08 #2
    Defaultzero
    Defaultzero is offline Junior Member
    Join Date
    2014-Jul
    Posts
    19
    You can bypass all that jazz and use subterfuge and session hi jack
  3. 2014-07-13 #3
    mmusket33
    mmusket33 is offline Senior Member
    Join Date
    2013-Jul
    Posts
    844
    To Defaut Zero,

    We would be very interested in reading any further information and explanations concerning the use of subterfuge and session hi jack that you would be willing to provide.

    Musket Teams

Similar Threads

  1. Understanding /dev/null
    By spacexdragon in forum General Archive
    Replies: 2
    Last Post: 2021-10-26, 17:09
  2. Understanding the Pineapple Connector ?
    By BeNe in forum NetHunter General Questions
    Replies: 1
    Last Post: 2016-09-19, 18:44

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules