cable.txt

黑客培训教程

<mikestevens> take back down the interface 
<mikestevens> and bring it up again with your settings
<mikestevens> start up your services again
<mikestevens> and ping the router again to make sure your are on
<mikestevens> you should now be getting the target's downstream traffic
*** Joins: Prophecy2K1
*** Quits: Matt (Ping timeout)
<mikestevens> you can use all your fun sniffer tools to invade their privacy,etc...
<mikestevens> I will open up a Q&A section while I get the code mods for the ARP section
*** mikestevens sets mode: -m
<mikestevens> any questions?
*** Joins: UraniumD
<[T]racer[T]> yes
<mikestevens> ok
<Ellis_D> does the person whose traffic we are stealing have a way of knowing we are doing this?
*** Parts: UraniumD
<ToRmEnThOr> i think so
*** Joins: MosdestMouse
<mikestevens> no
<[T]racer[T]> NM
<mikestevens> they can't see it
<shellfish> i havnt follow this very well, but is this secure? are the cops gonna come knocking on your door or what?
<ToRmEnThOr> no?
<mikestevens> your cable modem silently passes on the traffic to you
<Ellis_D> hm
<mikestevens> probally not
<ToRmEnThOr> cool
<mikestevens> unless someone checks on your cablemodem
<mikestevens> hijacking is a little riskier
<[T]racer[T]> and what if someone does it?
<mikestevens> they will probally just think the cable is out
<mikestevens> interception is less risky
<mikestevens> well first they have to prove you did it on purpose,etc
<[T]racer[T]> but if noone sees my cabel modem?
<mikestevens> but if you don't tell anyone they probally will never know
<[T]racer[T]> hehe
<mikestevens> actually if you bring up the interface (when you are using their MAC as your MAC)
<mikestevens> with a local IP
<mikestevens> sometimes the CM will see that
<[T]racer[T]> but on some External cabel modems there is a way to connect to the modem
<[T]racer[T]> from the local machine
<[T]racer[T]> and check what's up there
<mikestevens> and there will be no traffic hitting the real network (cable network)
<[T]racer[T]> *in there
<Edrin> well, in this case you are using spoofed MACs and spoofd IPs on the "same cable" so it would be extremly dificult for others to find you (well, if there are only 2 computers on the cable... anyway: police does not know what an arp table is
*** Joins: Nokio
<[T]racer[T]> LOL
<mikestevens> lol
<mikestevens> good point
<Nokio> hey guys
<mikestevens> anyways for the other method of getting your CM to see you
<mikestevens> I made a simple mod to arpspoof.c 
<mikestevens> of dsniff
*** Quits: Leper (Quit: Leaving)
<mikestevens> I commented out the arp_send routine on line 193
*** Quits: gUeSt51 (Quit: Leaving)
<SpiderMan> DF: I'm going to DCC the linux networking log to you, ok?
<mikestevens> you can get the CM to see you like this with the modified arpspoof
<Nokio> hey all, is the lecture over?
*** Joins: vanished[coding[
*** Parts: vanished[coding[
<mikestevens> ./arpspoof -t victimip victimip
<mikestevens> then controlC it 
<mikestevens> it will send out the needed packets saying their IP is their MAC
<mikestevens> but
<mikestevens> the important part
*** Quits: Prophecy2K1 (Ping timeout)
*** Joins: Exposed_Truth
<mikestevens> your Cable modem will think that the computer is in your lan
*** Joins: jimi
<Edrin> mikestevens: i have onece done an ip+mac spoofer for windows using the winpcap. that磗 a nice thing but i never realy found out what use there is on it?
<mikestevens> well this could be a use for it
<mikestevens> :-)
<[T]racer[T]> for what MAC stends
<[T]racer[T]> ?
<mikestevens> ?
*** Joins: zhortrox
<Ellis_D> media access..
<Ellis_D> or something
<mikestevens> something
*** zhortrox is now known as _ZhorTroX-
<mikestevens> I forget
<[T]racer[T]> yes
*** Quits: vanished (Ping timeout)
<Ellis_D> controller?
*** Joins: Prophecy2K1
*** _ZhorTroX- is now known as Esamurai
<Ellis_D> no..
<[T]racer[T]> LEMME check in the BOOX:)
*** Mikkkeee sets mode: +v Esamurai
<mikestevens> just call it their ethernet address
<mikestevens> now
<mikestevens> on to why you can't get the router's traffic
<mikestevens> and stay on
<Edrin> i think it comes from the BigMac... the inventor once eat a BigMac when he infentedarp and MACs
*** Quits: CodE4 (Quit: )
<SpiderMan> Media Access Control
<mikestevens> well if you broadcast this stuff and make the CM think that the router is inside your network
*** Esamurai is now known as _Esamurai-
<mikestevens> it won't forward data for it out
<_Esamurai-> mikkeee this are masjcrasj and zhortrox at esamurais house actually.. lo
<mikestevens> so you will then be screwed and can't get online
<Edrin> or maybe MacGyver...
<[T]racer[T]> MIKESTEEVENS: mac is not only their address, its their Uniqe address, and its hardware address that you cant change
<mikestevens> so don't try doing this as the router and expect to get everyone's upstream
<mikestevens> cuz you won't be online yourself
<[T]racer[T]> LOL
<mikestevens> anyways
<[T]racer[T]> my router is a backbone
<[T]racer[T]> thats KEWL!
<Edrin> [T]racer[T]: yes, you can change it by using simply another in softwaremode
*** Parts: Nokio
*** Joins: gUeSt51
<mikestevens> there are some otherways to hack your cable modem that I have to research more
<mikestevens> the software is updated with TFTP
*** _Esamurai- is now known as MasjZhorEsam
<Mikkkeee> hehe
<gUeSt51> hi evrybody
<mikestevens> if you could spoof that you could reload your CM with a new image and enable yourself to sniff all traffic including upstream
<mikestevens> so that would be really cool
<mikestevens> other things could include spoofing DOCSIS commands
<shellfish> a maybe not related q: we have bought a new switch for the comp. club, and they say it "can ban mt harwhare address", is that MAC?
<mikestevens> so you could change your limits and the like
<[T]racer[T]> thats a nasty one
<Edrin> in addition to that only MACs of LAN-cards are fix. i know that the MAC of a modem is created by random in windows and then gets saved in the registry... dunno how it is with cablemodem
<mikestevens> shellfish: yes
<shellfish> ok tnx
<mikestevens> ok
<mikestevens> for security
<gUeSt51> i have an issue concerning paltalk: anyone have any idea how to get ip's through paltalk?
*** mikestevens sets mode: +m
*** Joins: Matt
<Mikkkeee> wb
<[T]racer[T]> gest: netstat LOL
<[T]racer[T]> *gest
<mikestevens> you can use arpspoof to send out arps for your computer
<[T]racer[T]> *guest!
<Mikkkeee> netstat -a
*** Matt is now known as M[a]tt
<mikestevens> that way if sometries arpsoofing against you
*** Quits: jimi (Ping timeout)
<mikestevens> your computer has counter arps going out
<mikestevens> much nicer :-)
-M[a]tt- its late, nite :)
<mikestevens> as for sniffing
<mikestevens> don't use cable
<mikestevens> or get a secure tunneled connection elsewhere
<mikestevens> and use proxies through that
<mikestevens> use SSH
<mikestevens> etc...
*** Quits: ToRmEnThOr (Quit: good users don't use colored quits)
<mikestevens> as for local arp security
<mikestevens> add static arp entries for all your computers
<mikestevens> for servers this is really important
<mikestevens> so one sever can't be hijacked as easy
<mikestevens> that should really be a whole other lecture 
*** Parts: Y0Yo
<mikestevens> it would also be good to know your enemy
<mikestevens> get a program to detect stealth scans
<mikestevens> or use arpwatch
*** Joins: Y0Yo
<[T]racer[T]> where are all the lectures stored, cos i am in college, so i cant be on every lecture:(
<mikestevens> that way you can see people being naughty
*** Parts: Prophecy2K1
<Mikkkeee> heh
<mikestevens> now that is it
<mikestevens> I will provide a few links
<mikestevens> then close up with a Q&A section
<mikestevens> just remember Cable is not secure
<mikestevens> http://www.gi.com/noflash/sb3100.html <<< page for my Cable modem
<Edrin> yes
<mikestevens> its a bitch
<mikestevens> http://www.cisco.com/univercd/cc/td/doc/product/cable/bbcwcrg/bbcmts.htm <<< wonderful page on cisco cable router commands, if you would ever need this
<[T]racer[T]> whos on linux box outa here?
<mikestevens> It was on the neworder board
<mikestevens> I'm not sure, matt might have something to do with its posting
<mikestevens> http://www.monkey.org/~dugsong/dsniff/
<mikestevens> Dsniff
<mikestevens> this sniffer set is awesome
<mikestevens> get it
<Mikkkeee> yup
<mikestevens> http://www.ethereal.com
<mikestevens> Ethereal
<mikestevens> great sniffer (I use tethereal)
<mikestevens> can decode aim traffic coming on the downstream
<mikestevens> one more thing
<mikestevens> if you want their aim password (naughty naughty)
<Edrin> you can find a collection of sniffers at securityfocus
<mikestevens> e-mail it to them with the password reminder
<mikestevens> and wait for them to check their e-mail
<mikestevens> it will be in their downstream for mail
<mikestevens> well thats it
<mikestevens> now for Q&A
*** mikestevens sets mode: -m
*** Parts: Y0Yo
<Edrin> mikestevens: i wish i would have a cable modem :) that would be much fun
<mikestevens> Just a question, was this too technical?
<[T]racer[T]> i am geting ADSL soon
<Edrin> do you have some firms on the same line?
<[T]racer[T]> very soon
<Mikkkeee> nah
<mikestevens> does anyone want anything explained better
<Mikkkeee> mike u going to release a tut soon on this topic right
<[T]racer[T]> mikesteevens: so wich cable modem to buy?
<mikestevens> I will post some source code and a better explanation later on my site, and hopefully on bsrf
*** Joins: sitech
<b0iler> mikestevens: well, I think it was too much of a guide rather than a way of teaching them about networking and cable modems
<gUeSt51> i was looking for in depth registry tutorials
<K3rNEL[PAn1C]> does anybody have the complete logs ??
<[T]racer[T]> guest: www.regedit.com
<[T]racer[T]> :)
*** Joins: PhoeniX
<[T]racer[T]> kernel
<mikestevens> try my cable modem
<gUeSt51> thnx TracerT
<mikestevens> its nice
<[T]racer[T]> I have them.
<mikestevens> if you have an external surfboard
<mikestevens> browse to http://192.168.100.1/
<[T]racer[T]> nope
<mikestevens> play around
<mikestevens> RCAs are also common
<mikestevens> I don't like them, I had one and it broke alot
*** Joins: CodE4
* Mikkkeee got all the logs
<mikestevens> well I have to go eat dinner
*** Parts: PhoeniX
<SpiderMan> good job mike
<mikestevens> so if you have any questions e-mail me at mike@unixclan.box.sk
<Mikkkeee> <--------------End of lecture------------>