Right, so this is what has been keeping me busy, along with college of course. This is a comprehensive course on using Android as a penetration testing tool, you will start as a beginner with no previous knowledge about penetration testing. The course will start with you from scratch, from preparing your Android device and computer, […]
So its been a while since I wrote anything , I’ve just been really busy with work and college. After the great success the Arabic version of this course have made , I decided to make an English version of this course. The course is designed to take your network hacking skills from scratch to a […]
In this video , you’ll see how easy it is to create a fake software update and hack windows 8 using Wi-fEye.
Wi-fEye will create a back door (or you can use your own) , then it will start Evilgrade server and DNS-spoof all requests to update the target software to our machine where we have Evilgrade running , Evilgrade will send the back door to the target machine instead of sending an update , once the machine receives the update file it will run it and execute our back door :)
Ok so its been a long time since I said i’m going to release a new version of Wi-fEye soon , but between college and work I had very little time to work on it.
Anyway here it is after more than 2 years Wi-fEye v1.0 is out with some new features , bug fixes and compitableity improvements.
For those who don’t know what Wi-fEye is I suggest you google it
This version is still in beta so expect to see bugs , I still have a lot of ideas to add to it but can’t promise when I will add these features :)
For download and more info check out the official website (http://wi-feye.za1d.com)
So yeah that’s pretty much it , enjoy
We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.
In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.
Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.
Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.
To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.
PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP
In this video , you will see how we can control all the connections around us (EX: kick users out of networks , or prevent them from connecting to any network or even prevent people from connecting to a specific network) using airdrop-ng , we don’t need to connect to any of the networks around us , all we need is airdrop-ng.
And as usual the video is for education purposes and i’m not responsible for any misuse of the info provided in this tutorial.
Enjoy :D
Ok , so its been a while since my last post , but i’ve been busy with work and college that I literally had no time to write anything. Anyway , i’ve been looking to buy a new phone and i’ve noticed that some great phones are going for sale very cheap on some classified websites , the only problem is that they get sold in less than 10 minutes , so I decided to make a python script that will play a warning once a phone that matches what I want comes on sale.
The first thing I had to do is read the html code of the target page that contains the ads,
import urllib2
usock = urllib2.urlopen("http://www.donedeal.ie/find/phones/for-sale/Ireland/")
source = usock.read()
usock.close()
Now the source code is saved in the variable “source” , next I need to parse the html source code so that I can search for the phones that I want and make sure that they are within budget , to do this BeautifulSoup seems to work perfectly.
First import it
from BeautifulSoup import BeautifulSoup
To make things easier I separated the table in the middle from the rest of the code and then analysed each row separately as each row represents a different ad.
To separate a certain HTML tag from the source we can use the findAll property in BeautifulSoup , first lets parse the whole page with BeautifulSoup
search_table = BeautifulSoup(source)
and then i’m going to look for the div in the middle that has the class “text” ,
rows = search_table.body.findAll('div', attrs={'class':'text'})
Now the variable rows contain the HTML source code of all the ads without the top and bottom of the page , just the ad rows , all I need to do now is read each row on its own and read the title , price and how long its been on sale (cause I’m only interested in the new ads).
To read each row on its own I used a for loop as follows:
for line in rows:
In this loop I used BeautifulSoup again to parse each row and read the title price , date and URL , in my example the developer is using <span>’s for price and date so reading them is straight forward using findAll:
price = line.findAll(name = 'span' , attrs={'class':'price'})
dt = line.findAll(name = 'span' , attrs={'class':'publishDate'})
However the title is a bit tricky as it is inside an <a> tag in the <span> , so here is how I read it:
title = line.findAll(name = 'span' , attrs={'class':'header'}) # to read the span which contains the <a> tag
title = title[0].find('a').text #title '.text' is used to read what's between the <a> and </a> tag
link = title[0].find('a')['href'] #url , .you can replace 'href' with any attribute name inside the selected tag to read the value of that attribute
And thats pretty much it , all I did after that is check the title for types of phones that i’m looking for and check the price , if its within budget and the time is less than 6 minutes then it’ll play a warning and print the ad on screen.
Ok so this method is not new its been around for more than a year now , but since I never updated Wi-fEye for more than a year it doesn’t contain this attack , so while I was making a module to do this attack automatically I thought it might be a good idea to explain how to do it manually first.
Using reaver we don’t need any clients to be connected to the target network , we also don’t need to use a dictionary to brute force the WPA/WPA2 key, This method depends on brute forcing the WPS pin for the network , therefore it will only work on networks that use WPS pins. Cracking a WPS pin is much more easier than cracking a WPA or a WPA2 key as WPS pins only contain numbers , therefore using brute force its a matter of time (up to 10 hours) till we guess the correct pin , once we have the pin reaver can retrieve the WPA or WPA2 key from it.
Yesterday while I was working on the new version of Wi-fEye , I found out that every time I try to use airodump-ng I get the ‘mon0: fixed channel -1’ error message , now this is a very popular one , and there are a few ways to get around it , in the past to get around this I usually set the channel when I enable monitor mode , so instead of running
airmon-ng start [interface]
execute
airmon-ng start [interface] [target-AP-channel]
For example if your network interface is wlan0 and the target AP is running on channel 6 then the command would be
airmon-ng start wlan0 6
This unfortunately didn’t work on ubuntu 12.04 , so I decided to set the channel and enable monitor mode manually without airmon-ng.
iwconfig [interface] channel [target-channel]
ifconfig [interface] down
iwconfig [interface] mode monitor
ifconfig [interface] up
This – sort of – did the trick , when I say sort of i mean the error message is gone , I can run airodump-ng successfully on any AP with no problems , I can assotiate with APs successfully as well , even the injection test (airmon-ng -9 wlan0) tells my that injection is working , but when I actually try to inject packets it doesn’t work :S.
At this stage I was out of ideas and had to ask google , after some googlig I decided to patch my kernel but before that I thought it could be a good idea to search for compat wireless , so I did and it was a good idea indeed.
first check you kernel version:
uname -r
then install the relevant compat wireless package from the software center or using apt-get.
Then I restarted my system and BOOM , injection is working perfectly.
Now all of these ways have worked for me at some stage (depending on the kernel , the linux distro and the wifi card) , so if you are stuck with the same problem try them all and see what works for you.
Ok , so my last blog was 2 years ago , i know i didn’t even blog much before that , the reason is that i never wanted to blog ! The only reason I made this blog is to talk about Wi-fEye and that’s what i did .
Now I actually want to start blogging , that’s why i’m going to consider this as my first blog …. lets just put the past behind :D
So i’m going to talk about everything here , mostly computer related stuff , but i’ll probably talk about other random shit as well. I will be blogging randomly as well , blogging is exhausting , thinking about taking a break already :P.
Oh yeah i’m working on a new version of Wi-fEye with some new cool features …. stay tuned !
Za1d's Blog 