Thursday, April 23, 2015

Poll: Vote for best USB Wireless cards for Kali Linux

Read full details here: Poll: Vote for best USB Wireless cards for Kali Linux


Vote for best USB Wireless cards for Kali Linux - blackMORE Ops -2A simple poll for readers to vote for the “Best USB Wireless Cards for Kali Linux”.
There isn’t a “best” card. There is whatever is right for YOU.
A common problem in pentest distro such as Kali or BackTrack Linux is when users trying to use a card which is not supported or there just isn’t a supported driver. Most of the following cards are priced below $50USD and they take care of a massive headache and saves time to troubleshoot driver issues rather than investing time to actually do something. With each update these makeshift fixes seems to break old drivers and you end up doing the whole thing again and again.
A good card will allow you to crack WiFi on the fly or at least make it easier. I’ve included only the cards recommended in this post. If you think there’s a different card that worked for you, please put that in the comment section and I will update this poll.
I guess the idea is to come up with as many cards as possible that worked for pentesting. Standard criteria’s to consider:
  1. Supports monitor mode
  2. Supports injection
  3. Works out of the box (plug and play)



Read the rest of it here: Poll: Vote for best USB Wireless cards for Kali Linux

Tuesday, April 21, 2015

Denial-of-service Attack - DoS using hping3 with spoofed IP in Kali Linux

Read full details here: Denial-of-service Attack - DoS using hping3 with spoofed IP in Kali Linux

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. In this article I will show how to carry out a Denial-of-service Attack or DoS using hping3 with spoofed IP in Kali Linux. Denial-of-service Attack – DoS using hping3 with spoofed IP in Kali Linux - blackMORE Ops - 51
As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
Denial-of-service threats are also common in business, and are sometimes responsible for website attacks.
This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games, such as popular Minecraft servers. Increasingly, DoS attacks have also been used as a form of resistance. Richard Stallman has stated that DoS is a form of ‘Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.
I recently published another post that shows you DoS attack map in Realtime. So if you got a good connection and enough bandwidth, hey, you might even see your own attack on that map.

Our take on Denial-of-service Attack – DoS using hping3

Let’s face it, you installed Kali Linux to learn how to DoS, how to crack into your neighbors Wireless router, how to hack into a remote Windows machine be that a Windows 2008 R2 server or Windows 7 or learn how to hack a website using SQL Injection. There’s lot’s of guide that explain it all. In this guide, I am about to demonstrate how to DoS using hping3 with random source IP on Kali Linux. That means,
  1. You are executing a Denial of Service attack or DoS using hping3
  2. You are hiding your a$$ (I meant your source IP address).
  3. Your destination machine will see source from random source IP addresses than yours (IP masquerading)
  4. Your destination machine will get overwhelmed within 5 minutes and stop responding.
Sounds good? I bet it does. But before we go and start using hping3, let’s just go over the basics..



Read the rest of it here: Denial-of-service Attack - DoS using hping3 with spoofed IP in Kali Linux

Tuesday, April 14, 2015

3D Robotics reveals its new 3DR Solo Quadcopter running on Linux

3D Robotics reveals its new 3DR Solo Quadcopter running on Linux - 3DR Solo - blackMORE Ops - 3Read full details here: 3D Robotics reveals its new 3DR Solo Quadcopter running on Linux


I am big fan of QuadCopters. Just the look of them reminds me of my childhood fantasies of traveling around unknown alien world on a weirdly looking powerful aircraft. A new drone from 3D Robotics named Solo just got my attention. If you are a fan of QuaCopters, 3DR Solo would definitely blow your mind. It’s stylish, it’s awesomely designed and it can be fitted with a GoPro camera. And as if the alienish, perfectly slick and smooth design was not enough to make you drool, under the hood it’s the first-ever consumer drone run by two full-blown computers running on1 GHz ARM Cortex-A9-powered Linux computer on both the copter and the controller. heavy breathing

Read the rest of it here: 3D Robotics reveals its new 3DR Solo Quadcopter running on Linux

Saturday, April 11, 2015

Website Password hacking using WireShark

Read full details here: Website Password hacking using WireShark


Website Password hacking using WireShark - blackMORE Ops - 10Did you knew every time you fill in your username and password on a website and press ENTER, you are sending your password. Well, of course you know that. How else you’re going to authenticate yourself to the website?? But, (yes, there’s a small BUT here).. when a website allows you to authenticate using HTTP (PlainText), it is very simple to capture that traffic and later analyze that from any machine over LAN (and even Internet). That bring us to this website password hacking guide that works on any site that is using HTTP protocol for authentication. Well, to do it over Internet, you need to be able to sit on a Gateway or central HUB (BGP routers would do – if you go access and the traffic is routed via that).
But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website. I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.


Read the rest of it here: Website Password hacking using WireShark

Monday, April 6, 2015

New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support


Read full details here: New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support

New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support - blackMORE Ops - 2
Mozilla Foundation just released it's latest Firefox (Version 37.0).   It's been rolled out for Windows, Mac, Linux and Android operating systems. Those who don't know, it was released on the week of March 31st. Well to be honest, as of writing this article, Version 37.0.1 was already out on April 3, 2015 that fixed 2 more issues since.
Firefox 37 disabled insecure TLS version fallback for site security by default and improved protection against site impersonation via OneCRL centralized certificate revocation. It removed support for DSA which improves certificate and TLS communication security. All in all, a massive overhaul was done in SSL and TLS security space.



Read the rest of it here: New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support