Fork me on GitHub

събота, 20 декември 2014 г.

SSL Stripping & Sniffing HTTPS LOGIN internet explorer 11 windows 8.1 sucks (SSLStrip)


Performing a ‘Man In The Middle’ attack therefore all the traffic flows through the attacker. Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port. SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user, ettercap then picks out the username & password.

Stripping SSL & Sniffing HTTPS_internet... by nu11secur1ty


Need to install:

arpspoof (DSniff)

Using tools:


arpspoof (DSniff)



петък, 12 декември 2014 г.

WPA WPA2 aircrack bruteforce using dictionary


WPA WPA2 aircrack bruteforce from nu11secur1ty on Vimeo.

Download video
Why should use WPA/WPA2 encryption?!!!

In order to protect your data from snooping or prying eyes, you should encrypt, or scramble, it so that nobody else can read it. Most recent wireless equipment comes with both WEP (wired equivalent privacy) and WPA (wifi protected access) encryption schemes that you can enable. WEP was the encryption scheme included with the first generation of wireless networking equipment. It was found to contain some serious flaws which make it relatively easy to crack, or break into, so it is not the best form of security for your wireless network. WPA was later rolled out to provide significantly stronger wireless data encryption than WEP. But, in order to use WPA, all of the devices communicating on the network need to be configured for WPA. If any of the devices in the chain of communication are configured for WEP, the WPA devices will typically fall back to the lesser encryption so that all of the devices can still communicate. Refer to the owner's manual for your wireless router or access point to determine how to enable and configure encryption for your device. Once you enable encryption on your router or access point, you will need to configure your wireless network devices with the proper information to access the network. If you can use WPA you should because it is much more secure. However, even WEP is better than nothing and will keep casual snoopers and novice hackers out of your wireless network. Using encryption with a longer key length will provide stronger security, but with a slight performance impact.It is an interim solution that is used now until 802.11i comes out. TKIP basically works by generating a sequence of WEP keys based on a master key, and re- keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher. TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.

You need to know!

WPA and WPA2 was more strongly from WEP encryption! Because WPA/WPA2 is on another level of encryption! The breaking of WPA/WPA2 is very very hard and maybe may take long long time. If you have a good "@*dictionary" for the case you may successful to breaking the WPA or WPA2 encryption!!In this video I show you just exaple how can you do this but if you want to seriously do this!! You will do this. But you know!That is risky and very hard..anyway... Of Course there are another way to decrypt WPA/WPA2 but better you do not know anyway...Thanks for watching guys :) Somthing important that you know: When you are write a password "USE LETTERS AND NUMBERS".Make your password with 20 or 30 symbols!!!

@*The dictionary is a list of special words who you type in " .text" file. Wordlist who identify this victim!!! It is very hard to do this wordlist. May you take year or days to do this. You must know this victim. The way this victim thinks and more.. however... You should know something. Maybe you never discover the right words and never find this password!

събота, 29 ноември 2014 г.

Hey users, better to know it.../ Здравейте, Потребители трябва да знаете това!

facebook a.k.a fuckbook from nu11 on Vimeo.

Личните данни в социалните мрежи отново са под заплаха.Този път тя идва от Фейсбук. От 1 януари догодина мрежата ще предоставя на трети лица информация от профилите на потребителите си. Наред със стандартните статуси и снимки, ползвателите на социалните мрежи държат в профила си и данни за своята месторабота, телефонни номера, ценни съобщения до близки приятели. Някои пазят дори конфиденциална информация за плащания и банкови сметки, което ги прави уязвими. Броят на българите, които използват Фейсбук наброява 2,5 милиона души. Всеки от тях в различна степен доброволно е изложил живота си на показ. Статистиката показва, че 25% от потребителите по света не познават настройките за поверителност във Фейсбук. „Преди всичко „Фейсбук” е корпорация и тя използва данните на своите потребители както поиска”, коментира Рой Себастиан Хил, редактор в Той пояснява, че ако изпратим ЕГН или банкова сметка на наш близък през модула за съобщения, вече сме в капана. Причината е, че минавайки през един фейсбук месинджър, те вече са достъпни за хакерски атаки. Достъп до личната ни информация имат и партньорски сайтове, интернет магазини, рекламни компании, приложения и правителствени служби. От началото на следващата година това ще става без нашето изрично съгласие. „Потребителите не се очаква да предприемат нещо, за да се съгласят с условията. Дотолкова, доколкото те ползват услугата, се приема, че те са съгласни”, изтъква Емил Георгиев, адвокат и експерт по интелектуално право. Някои потребители предвидливо са поставили специален текст в своя профил, с който цитират Бернската конвенция за защита на художествените произведения. Според юристи обаче такива статуси на практика нямат правна стойност, тъй като не може да се очаква от служителите на Фейсбук да четат статусите на всеки потребител. Това, което пише в общите условия, е и това, което се прилага на практика. Оттам нататък статусите са за лично ползване.

Example Localhost intercept the Facebook login information

Example Localhost intercept the Facebook login information from nu11 on Vimeo.

Facebook Messenger App possess an access to all of your data without you knowing it Facebook’s new Facebook Messenger App is believed to be stealing your personal information making its users to be unconscious of the happening. The messenger is authoritative to be having all the access to personal data when user clicks the agree button while not bothering to read their privacy terms and service. Social networking has gained popularity among many people. Whether we talk about the teens or an old man sitting on the chair, each of them can be seen with smart devices in their hands with the social activity going on. Among all, Facebook is big daddy with the 1.28 billion users across the globe and tops it. This where the company came out with another initiative for its users to allow them chat more smoothly with Facebook Messenger App. Cause and Problem
But things don’t seem to be working fine as the new app is said to be expensive, a threat to personal data and consumes quite a space in your smartphone. The app has already crossed 1 million download barrier and when the user downloads the app, like always we tap on agree button without even reading it. This is where it makes easy for the Facebook to have an access to all of your private data including account details, details from other applications, your personal mobile data hidden in your phone and even the camera shots you take. This what their terms of service state:
It is necessary to provide with some information while downloading any particular app but here the so called Facebook Messenger App seems to cross all the limits. Another bad news is that Facebook is going to make this app permanent and will be the only application through which you can have chat with your friends. That means that existing Facebook application will no longer will be available to be used for chatting purposes. Analyzing the factual figures, people would start getting away from the Facebook. The company has started to use such crabby tactics to be forcing the users to download it which appears to be the biggest reason of all.

четвъртък, 16 октомври 2014 г.

Kali Linux NetHunter HID Attack

Kali Linux NetHunter HID Attack from Offensive Security on Vimeo.

kali-linux-nethunter more


Offensive Security Introduces Kali Linux Free All-in-One Solution for Professional Security Auditing Popular BackTrack Linux Evolves Into Mature, Enterprise-Ready Penetration Testing Toolkit. Black Hat Europe, Amsterdam – March 13 – Offensive Security today announced the availability of Kali Linux, the evolution of its popular BackTrack Linux, a free security auditing operating system and toolkit. Showcased at Black Hat Europe in Amsterdam, Kali Linux incorporates more than 300 penetration testing and security auditing programs with a Linux operating system, delivering an all-in-one solution that enables IT administrators and security professionals to test the effectiveness of risk mitigation strategies. “For IT professionals, an experiment is worth a thousand theories. Applied to security, it means that simulating attacks to assess the defenses protecting your organization is the only sure way to understand their effectiveness and the impact of an attack,” said Mati Aharoni, Lead Trainer and Developer, Offensive Security. “That’s why we created Kali Linux; we’ve developed the most advanced penetration testing and security auditing toolkit available to help IT administrators and security professionals put themselves in the shoes of potential attackers.” The new Kali Linux offers a smoother, easier penetration testing experience, making it more accessible to IT generalists as well as security specialists. The new infrastructure incorporates Debian development standards to provide a more familiar environment for IT administrators. The result is a more robust solution that can be updated more easily. Users can also customize the operating system to tailor it to their needs and preferences. All the programs packaged with the operating system were evaluated for suitability and effectiveness before being included. They include Metasploit for network penetration testing, Nmap for port and vulnerability scanning, Wireshark for monitoring network traffic, and Aircrack-ng for testing the security of wireless networks. “When it comes to security, the best defense is offense; you need to test the effectiveness of your own security practices before a real intruder does it for you,” said HD Moore, Chief Architect for Metasploit at Rapid7. “We built Metasploit to level the playing field for defenders; arming them with the same tools the attackers have. Offensive Security takes this even further, bringing hundreds of such tools together in Kali Linux to streamline security auditing.” Additionally, Kali Linux can now run on a wide variety of hardware and is compatible with numerous wireless and USB devices. It also introduced support for ARM devices – typically miniature, battery-powered computers – which are becoming more prevalent and inexpensive. More information on which devices are supported, as well as other documentation, is available on the Kali Linux documentation site.

Pricing and Availability

Like its predecessor, Kali Linux is completely free and always will be. Offensive Security is committed to supporting the open source community with the ongoing development of Kali Linux. The development tree and all sources are available for those who wish to tweak and rebuild packages. Kali Linux is available immediately for download from

About Offensive Security

Founded in 2007, Offensive Security was born out of the belief that the only way to achieve sound defensive security is through an offensive approach. The team is made up of security professionals with extensive experience of attacking systems to see how they respond. They share this information through trainings, free tools and publications. With the motto “Try Harder,” the Company’s trainings and certifications are well-respected and considered amongst the most rigorous available, creating a model adopted across the industry. In addition, the Exploit Database, Metasploit Unleashed and BackTrack Linux community projects are highly-regarded and used by security teams in governmental and commercial organizations across the world. For more information about Offensive Security, please visit

сряда, 15 октомври 2014 г.

събота, 11 октомври 2014 г.

Offensive-security-wireless-attacks & Attack WPS WiFi protected WPA WPA2_script


This is a brute force attack against an access point’s WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP’s wireless settings can be reconfigured. Reaver-WPS targets the external registrar functionality mandated by the WiFi Protected Setup specification. Access points will provide authenticated registrars with their current wireless configuration (including the WPA PSK), and also accept a new configuration from the registrar. In order to authenticate as a registrar, the registrar must prove its knowledge of the AP’s 8-digit pin number. Registrars may authenticate themselves to an AP at any time without any user interaction. Because the WPS protocol is conducted over EAP, the registrar need only be associated with the AP and does not need any prior knowledge of the wireless encryption or configuration. Reaver-WPS performs a brute force attack against the AP, attempting every possible combination in order to guess the AP’s 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that keyspace is reduced to 10^7 (10,000,000) possible values. The keyspace is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually. That means that there are 10^4 (10,000) possible values for the first half of the pin and 10^3 (1,000) possible values for the second half of the pin, with the last digit of the pin being a checksum. Reaver-wps brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts. The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.


Need to install:

Kali Linux
Download script


Download from:
git clone


RECOMMENDED: Check for update every week!

NOTE! You need about 10 or 15 hours to complete the process. If you see "warning detected ap rate-limiting waiting 60 seconds before re-checking" Need to Know! Some routers will just block the mac address after a few failed WPS attempts. So you can bash your way with macchanger -r to some success. However anything new as you said tend to lock completely. You have to get fancy with trying to reset it using MDK3 to carry on. But do not worry. Reset the program and try another.

Upgrade 2019

вторник, 30 септември 2014 г.

Cisco Layer 3 Switch MAC Flood Attack[protect]& Cisco routers AAA bypass [arp poison] - old archive - 2011

Cisco Layer 3 Switch MAC Flood Attack[protect]& Cisco routers AAA bypass [arp poison]

fakeAP pwn - old archive - 2013

web test security - old archive - 2011

web test security
Download video

What is WEP WIFI encryption

WEP (Wired Equivalent Privacy) was the default encryption protocol introduced in the first IEEE 802.11 standard back in 1999. It is based on the RC4 encryption algorithm, with a secret key of 40 bits or 104 bits being combined with a 24-bit Initialisation Vector (IV) to encrypt the plaintext message M and its checksum – the ICV (Integrity Check Value). The encrypted message C was therefore determined using the following formula: C = [ M || ICV(M) ] + [ RC4(K || IV) ]

Why should not use WEP encryption?!!!

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes -- not necessarily fast enough to break into systems!

IMPORTANT for people who cannot use WPA/WPA2 encryption!!

1.Change your SSID-name of your WIFI network!
2.Enable mac-BSSID filter if you have this option on your router!
3 Disable wireless ssid broadcast!

(This example is made with a router "_user's_manual_dd-wrt", who have WPA/WPA2 and WEP encryption!!)

broatcast ESSID ATTENTION:This is not a 100% protection!!! Only may slow attack but not protect you!!!

4.Throw up your old router and buy new, who supporting wpa /wpa2 encryption!!! :)
5.Sorry but I must tell you this things ;

Good luck and next time we will talk about WPA/WPA2 PSK,TKIP and AES encryption!


websploit poison&spoofing browser - old archive - 2011

websploit poison&spoofing browser

blocking hosts - old archive - 2011

blocking hosts