hey guys
I would like to say thanks to all of you who helped specially I_learning_I
I got great success in attacking the network
I used all the software to get details of the vulnerabilities present in the network.
Well it had medium level vulnerabilities but for my interest it supports sniffing which makes is vulnerable to man in the middle attack.
We have static ip configuration and the dns server for all is 192.168.0.1
i just changed my ip to 0 series and started sniffing
i found the server ip is 192.168.0.2
I poisoned it and bang! it worked all the traffic flowing through it popped up in password tabs.
I  used Cain&abel for it.
Now the company that provides protection to our college is nebero.
You can have a look at their website www.nebero.com
But the most foolish part was they encrypted the normal user with md5 hashing but the admin password was in plain text that made it feel like an icecream for me.
Now for being on the good side i told my college authorities about this and that brings my new question for everyone out there
How can they protect it?
second, I do changed the admin password but in a minute he called nebero and they rechanged the password, this means i have access to front end only which only leads to temporary access 
what should i do to get in the backend access and also maintaining it.
I tried port scan and find out port 650 is used for ssh.
That's all from my side info.
Can you guys sort this out for me or help me sorting it.
Thanks.

k
currently i'm back and will go bac k to college after a week till then i'm just learning and gathering more and more knowledge to make the penetration a more success and yeah if i'm able to get the md5 hash then i can definitely crack it coz i have the option of guessing also after all i can get into the office to and yeah we all friends are into it so anyone can do shoulder picking also.

Anyways i should also get more info on nikto, w3af and acunetix. I have never had hands on on these sotwares.

Thanks for the advise will keep you guys updated what goes on next.

T wouldn't it be easier for you to try Persistent XSS, Shell Upload, Path Trasversal and so on?
I'm not exactly sure if you're goal is to hack it to breach security or if it is just for fun, if it's for fun, bruteforce might be a good idea, and all you need is to know the size and charset (you can easily find that...)
If you're goal is to find a vulnerability in the configuration you might try other injection methods, also if you're working on a sniffer, why don't you simply ask someone to access it remotely and sniff the traffic?
I'm sorry if I'm missing the point here.

About bruteforce:

Code: [Select]

http://evilzone.org/hacking-and-security/url-bruteforce-i-guess/


dude my main motive is vulnerability testing actually i sniffed it last time and told them that this is the vulnerability but now actually they used md5 hashes and new routers and access points.
These don't even allow ping request so i'm not thinking of arppoisioning or sniffing.
But yeah the wireless is still vulnerable to sniffing but the admin is on lan with a cisco firewall and now comes the challenge to crack the pass or find vulnerability though i'm now going through details of nmap hope that'll help but if you have any better suggestions then please guide me.
Yeah i haven't tried Xss tunnelling and shell upload but path traversal didn't worked.
I'll try that too.
thaks for reply

hi evilzone
well i was just trying to sneak through our local server login page but was not able to do it through sql injection, i thought it would be easy coz its php based and debian server so but was not able to.
so now i thought it would be better i just try and bruteforce it but i don know a proper tool that is capable of this kind of stuff. can any1 help me with this 

thanks for putting it back ande
all the best and hope it will be a great success this time