Hamster and Ferret : Sniffing Around in Wireless Connections

>CheeseHacker logged in<

Hi there, CheeseHacker here. This is the last post of the consecutive 5 posts for today. But, sadly, I ran out of ideas on what other topic to write here, and it’s already 3 A.M anyways. So, I decided to make a placeholder here for the program Hamster and Ferret, which I found while reading my textbook.

Hamster is a proxy server application, while Ferret is a tool used to grab cookies. From what I understand from reading the book, Hamster and Ferret can be used to retrieve cookies from other people in a wireless connection, but I haven’t got the chance to try this myself as I’m the only one using the wireless connection at home at this hour ;D.

And so, I decided to mark this post for Hamster and Ferret, which I will try to use in my campus wireless connection :D, maybe with some help from my friend as a victim. Okay, that’s all for the placeholder, I’ll post another update on this post soon :D. See you later guys. CheeseHacker out. >yawn<

>CheeseHacker disconnected<

Download Link (not tried, download at your own risk) :

1. Hamster and Ferret : http://ihackers.co/hamster-sidejacking-tool-session-hijacking-tool/


DoS Attacking VMXPSP3 part 2 : LOIC

>CheeseHacker logged in<

Hello, CheeseHacker again here. This is the fourth post for my set of consecutive 5 posts. It is now already 2.15 P.M. at the time I write this post 😀 . And I just remembered that I also have a quiz and a presentation tomorrow -.- . Okay, MUST…NOT…SLEEP, I’ll just sleep tomorrow.

This post will be taking about another DDoS session, but this time it’s more dangerous. Please don’t use what you learned here to attack random targets as it could be considered illegal. This blog post is for educational purpose only.

You might already know about LOIC ( Low Orbit Ion Cannon). If you haven’t heard of it, LOIC is basically a program specifically created to conduct a DoS attack. This time, I will be using this program to DoS attack my XP until it broke down 😀

So, this is the appearance of LOIS when I opened it.


From just this appearance, I think the application looks funny as the Title bar said “When harpoons, air strikes and nukes fails” and the default TCP/UDP message is “A cat is fine too. Desudesudesu~”. Regardless of that, I tried starting up my VMXPSP3. Here is the initial state of the CPU and network.


Just a peaceful day in VMXPSP3 😀 , but everything changes when LOIC strikes!

I fill in the LOIC IP bar with the VMXPSP3 IP address, pressed lock on, and set the attack method to TCP. After that I start the attack.


And this is the state of the VMXPSP3 during the attack :

Screenshot_27 Screenshot_28

To be honest, during the attack, I can’t even change tab from Networking to Performance because the Task Manager keeps Not Responding. Although the network utilization did not reach 100% but the CPU usage reached 100% very easily and the impact can be felt directly.

Next I’m going to try opening multiple LOICs. The first one stays the same, but the second one with UDP as the method. But this doesn’t work because only one will be sending packets in this method. Disappointing -.-

And then I tried adding the thread number. I changed it to 100 from 10. And then the task manager really stops responding.



Here’s a comparison I made myself. Opening Mozilla Firefox in initial state takes up to 3 seconds until it’s ready to use. But, during the attack, even after waiting for 2 minutes, the window does not appear, then I just stop counting. The window appears only after I stopped the attack.

In conclusion, LOIC is a very powerful tool to do DoS attack. Be careful when you use it, as with great strength comes great responsibility 😀 . Remember, this blog post is for educational purpose only. See you in the next post… which is the last of the consecutive five :D. CheeseHacker out

>CheeseHacker disconnected<

Download Link:

1. LOIC : http://sourceforge.net/projects/loic/

Generating Lists for Brute Forcing

>CheeseHacker logged in<

Hello, CheeseHacker again here. This is third post for my set of consecutive 5 posts. It is now already 1.30 P.M. at the time I write this post 😀

This post will mainly be about generating a list of password, ID, or username for brute force attacks.

First method, is of course to write manually 😀 . Just write everything that comes to mind when you think of weak and common passwords or usernames such as admin, 1234, and so on.

Second method is by coding. In this part, I’m using Dev-Cpp to write a code in C to generate a list of the numbers 0-999999. It took less than a second, so this method is very useful to generate large lists of code. This is the code I used to generate the list


The string generated using this method is pretty flexible, as you can play around in the fprintf command. For example, you want to generate a list of 100 IDs with the prefix “SB-“, just change the command fprintf to fprintf(output,”SB-%d\n”,x); and change the repetition amount in the for statement.

And last is to use CUPP (Common User Password Profiler). CUPP is a program specially designed to generate list from combination of strings or numbers. Here is a sample usage of CUPP.

First, we fill in any information regarding the target. In this example, I’m using a random data as a seed.



And here is the result list generated.


As I said before in the previous post, brute force attack can only work on weak password, so make sure to set a strong password for your accounts. This brute force list generation techniques can also be used to measure the strength of your password. This is the end of this post, my third post out of five 😀 . See you in the next post… again :D. CheeseHacker out

>CheeseHacker disconnected<

Download Link:

1. Dev-Cpp : http://www.bloodshed.net/devcpp.html

2. CUPP : http://www.remote-exploit.org/content/cupp-3.0.tar.gz


Brute Force with BurpSuite

>CheeseHacker logged in<

Hello, CheeseHacker again here. This is the second post for my set of consecutive 5 posts. It is now already a new day here 😀

This post will mainly be about brute forcing a form using BurpSuite. The BurpSuite download link will be provided below if you also want to try it :D. I am using a web application I get from my lecturer for the testing parts.

First, I set the browser’s proxy to the same value as the BurpSuite proxy settings. And then I use the BurpSuite to intercept my login attempt.


Then, I copied the whole request. After that, I opened the Intruder tool in the BurpSuite. I set the target to the website’s IP address.


Then, in the Positions tab, I pasted the request I copied earlier. I also set the attack to Cluster Bomb and then mark the login and password parameter as the payload by clicking on the Add $ button after selecting the “tes” text.


Then, in the Payloads tab, I set the payload by loading a runtime list I created using C language which contains the numbers 1000000-1000099. I will talk about list generation in the next post, so just wait for it 🙂 .


Then, at the Menu bar, I clicked on Intruder-> Start attack to start the brute force attack.


And here is the result of the attack


The result shows that on login ID 1000001 to 1000005 there is a difference in the response length. Here is the rendered page of the response, saying wrong password instead of Identifier not found as usual.


And now for the password, I used a Cluster Bomb attack, reduce the payload list. Then, I create a list of commonly known password by typing manually. And then I use it as the payload for the password parameter. Then I start the attack and here is the result.


The ID 1000001 and 1000005 is using 1234567 as their password, and I managed to login using these login credentials.

Brute force attack can only work on weak password, so make sure to set a strong password for your accounts. This is the end of this post, my second post out of five 😀 . See you in the next post… soon :D. CheeseHacker out

>CheeseHacker disconnected<

Download Link:

1. Burp Suite Pro : http://www.mediafire.com/download/9hp5pemgk665gv7/Burp+Suite+Professional+v1.5.01.rar


Using SQLmap as a tool for SQL Injection

>CheeseHacker logged in<

Hello, CheeseHacker here. Sorry for not updating my blog in the last 5 weeks or so. I’ve been very busy with the Penetration Testing final project in my study. The work took so long as my team are trying our best to find as many vulnerabilities as possible. But now that the report is done, I will do ALL the posts in a single swoop. YES! ALL 5 POSTS! The time is now at 11.30 P.M. So, I guess no sleeping tonight 🙂

In this post, I will be exploring an application called sqlmap. This software is CLIbased, so might be hard for some people who don’t like to type in the lengthy commands used in this program. This is one of the programs I used for my penetration testing and I will include the download link at the bottom of the post.

This program basically used for automating SQL injection attack against a web application form. Here is the command I normally used in this program.


The first line is used to check if there is any parameter in the POST data vulnerable to SQL injection. The blocked part after -u is the URL address where we commenced the attack. The string after the –data= is the POST data sent to the server when submitting the form. Without additional commands, the program will only look for its vulnerabilities.

The second line is used to enumerate the whole database by adding –dbs to the end of the first line. The databases listed are all the databases inside the server. If you want sqlmap to only enumerate the name of the database the web application is using, then use the –current-db command instead of –dbs.

In the third line, the blocked part after -D is the name of one of the database you get in the previous step. The –tables command added in the end will make the program enumerate the list of tables inside the database.

In the fourth line, the blocked part after -T is the name of a table retrieved in the previous command. The command –columns at the end of line is the command to tell the program to get the name of the columns in the table and their data types.

Finally, in the last line, the -C command determines which column to retrieve and the –dump is used to get all the content of the table. Another way to do this is to use the –dump-all command to get the whole database instead of specifying it one by one, but it will take a very long time to retrieve the whole data in a slow connection so it’s not recommended.

Here is one of the example usage of sqlmap. The sqlmap is used against the holynix OS for testing.

The query used to test the form

The vulnerabilities in the password parameter

The database list enumerated using –dbs command

That’s enough for the demonstration! Feel free to try it yourself against the holynix OS. That’s also the end of this post. Hope my post helps you use this tool 🙂 . 4 posts to go 🙂 . See you in the next post. CheeseHacker out.

>CheeseHacker disconnected<

Download link:

1. sqlmap : http://sqlmap.org/

2. holynix : http://vulnhub.com/entry/holynix-v1,20/


1. https://github.com/sqlmapproject/sqlmap/wiki/Usage

Using AutoScan to Make Your Pentesting Life Easier :)

>CheeseHacker logged in<

Hello, CheeseHacker here. In this post, I will be exploring an application called AutoScan Network. This software is GUI based, so it will be easy to use for some people that don’t like the Command Line Interface like me. I will include the download link at the bottom of the post. 🙂 [1]

The journey begins *dun dun dun*

After I installed the software, I tried opening the software, and this is how it looks.

First time opening AutoScan

A wizard is open to add a network. So, I tried clicking forward.


And I’m greeted by something I’m unfamiliar with. So I tried messing around a bit, and this is what I input in the wizard.


Then, I tried clicking Forward again.


I have no idea what to do at this point, so I just click Forward without changing anything.


This time, I changed the network Interface to match what I input earlier, which network address is ( is the VMXPSP3’s IP address). Then, I clicked forward twice again (the next part is just confirmation, so I’m skipping it 😛 ) .


Then, it starts an automatic scan of the network. I am surprised myself that the tool is this simple. So, I just need to add a network on the software, then the program will do the scan by itself. It will detect all the hosts in the network. So, there I was, starting a VM spree by turning on all my VMs and their Host-Only connections. This is the result.

Ah, the beauty of simple programs.

All of the VMs are detected. The IP above are my host machine, DEN-WEB2, VMXPSP3, Backtrack, and Kali Linux, in the order above. The last one is the firewall, I think. Not only that, the software also does OS fingerprinting automatically.

OS fingerprinting is the attempt to determine what OS the host is running by sending packets (active probing) or analyzing received packets (passive probing). After this, I tried looking around the results of the test. I found some more info.


The program also automatically do port scanning! This software is really something. This will further make my job easier. And from what I see, the port scanning is pretty accurate because when I tried doing scans using other tool such as SuperScan (Link will also be included below 😉 [2]), the result is the same for all of the regular ports.

The result using SuperScan

However, from my experience using this software, it looks like this software lacks the ability to do advanced port scanning, such as using port range or other packet types. There is a console tool which I haven’t tried yet, so maybe it’s there somewhere. I’ll try that part in the next post 🙂 .

That’s the end of this post. Hope my post helps you use this tool 🙂 . See you in the next post. CheeseHacker out.

>CheeseHacker disconnected<

Download Links :

1. AutoScan Network : http://autoscan-network.com/download/

2. SuperScan : http://www.mcafee.com/us/downloads/free-tools/termsofuse.aspx?url=http://b2b-download.mcafee.com/products/tools/foundstone/superscan-4.1.zip


DDoS Attacking VMXPSP3

>CheeseHacker logged in<

Hello again. CheeseHacker here. In this post, I will be writing about my efforts in breaking down my VMXPSP3 through DDoS attack.

By the way, please don’t try this on your friend’s or colleague’s PC or laptops as it might break from the exertion (I don’t know exactly if this is possible, better safe than sorry, right 🙂 ?). Also, anything written in this post is for educational purpose only.

First of all, I will be using my Kali Linux and Backtrack OS which I recently installed (I will be giving a manual on how to install it later) as the attacker. And at the defensive side is the VMXPSP3.

The calm before the storm

And let the battle begin! *epic battle music starts*

First, I set up the attack from both Kali Linux and Backtrack. Here’s the command I gave in the terminal.

hping3 –flood -d 65000

The part “–flood” means to send the packets as fast as possible and not to wait for the response. “-d 65000” is to set the size of the data part of the packet to 65000 bytes to further add weight to the processing. hping3 sends TCP packets by default, so I think there’s no need to set the packet type.


However, the VMXPSP3 is still able to hold up. The network usage is up to 99%, but the CPU usage is going around 80 to 90 percent, even with the combined attack from 2 VMs at the same time.


I also tried opening multiple terminal windows in both OS, but to no avail. It seems that the packets sent is still limited even when I set the bandwidth to unlimited on both VMs.

Screenshot_6 Screenshot_7
The brutality 🙂

Therefore, I wanted to try something. I tried cloning my Backtrack VM. So now I have 2 Backtrack VM in the attacking party.

Here comes a new challenger!

And then, I start it up and input the same command. But, the VMXPSP3 is still holding up.

Just stop responding or something :(!

However, the effect can be seen when I tried browsing online. Even though it was on a different interface, I cannot even load my own blog during this attack.

Take that :)!

So, yeah, no victory is achieved, but it’s still an accomplishment. I will keep on trying when I have time for more of this DDoS session :).

Oh yeah, remember, this is only for educational purpose :D.

Well, that’s it about today’s post. See you in the next post. CheeseHacker out.

>CheeseHacker disconnected<