[Video] Creating fake software update and hacking windows 8 using Wi-fEye

In this video , you’ll see how easy it is to create a fake software update and hack windows 8 using Wi-fEye.


Wi-fEye will create a back door (or you can use your own) , then it will start Evilgrade server and DNS-spoof all requests to update the target software to our machine where we have Evilgrade running , Evilgrade will send the back door to the target machine instead of sending an update , once the machine receives the update file it will run it and execute our back door :)


Wi-fEye v1.0-beta Released


Ok so its been a long time since I said i’m going to release a new version of Wi-fEye soon , but between college and work I had very little time to work on it.

Anyway here it is after more than 2 years Wi-fEye v1.0 is out with some new features , bug fixes and compitableity improvements.

For those who don’t know what Wi-fEye is I suggest you google it

This version is still in beta so expect to see bugs , I still have a lot of ideas to add to it but can’t promise when I will add these features :)

For download and more info check out the official website (http://wi-feye.za1d.com)

So yeah that’s pretty much it , enjoy


[Video] Session Hijacking using Cookie Cadger

We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is  most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.

In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.

Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.

Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.

To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.


PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP

[Video] Monitoring wireless connections using airdrop-ng

In this video , you will see how we can control all the connections around us (EX: kick users out of networks , or prevent them from connecting to any network or even prevent people from connecting to a specific network) using airdrop-ng , we don’t need to connect to any of the networks around us , all we need is airdrop-ng.

And as usual the video is for education purposes and i’m not responsible for any misuse of the info provided in this tutorial.

Enjoy :D

[python] Analysing HTML code using BeautifulSoup

Ok , so its been a while since my last post , but i’ve been busy with work and college that I literally had no time to write anything. Anyway , i’ve been looking to buy a new phone and i’ve noticed  that some great phones are going for sale very cheap on some classified websites , the only problem is that they get sold in less than 10 minutes , so I decided to make a python script that will play a warning once a phone that matches what I want comes on sale.

The first thing I had to do is read the html code of the target page that contains the ads,

import urllib2
usock = urllib2.urlopen("http://www.donedeal.ie/find/phones/for-sale/Ireland/") 
source = usock.read()

Now the source code is saved in the variable “source” , next I need to parse the html source code so that I can search for the phones that I want and make sure that they are within budget , to do this BeautifulSoup seems to work perfectly.

First import it

from BeautifulSoup import BeautifulSoup

To make things easier I separated the table in the middle from the rest of the code and then analysed each row separately as each row represents a different ad.

To separate a certain HTML tag from the source we can use the findAll property in BeautifulSoup , first lets parse the whole page with BeautifulSoup

search_table = BeautifulSoup(source)

and then i’m going to look for the div in the middle that has the class “text” ,

rows = search_table.body.findAll('div', attrs={'class':'text'})

Now the variable rows contain the HTML source code of all the ads without the top and bottom of the page , just the ad rows , all I need to do now is read each row on its own and read the title , price and how long its been on sale (cause I’m only interested in the new ads).

To read each row on its own I used a for loop as follows:

for line in rows:

In this loop I used BeautifulSoup again to parse each row and read the title price , date and URL , in my example the developer is using <span>’s for price and date so reading them is straight forward using findAll:

price = line.findAll(name = 'span' , attrs={'class':'price'})
dt = line.findAll(name = 'span' , attrs={'class':'publishDate'})

However the title is a bit tricky as it is inside an <a> tag in the <span> , so here is how I read it:

title = line.findAll(name = 'span' , attrs={'class':'header'}) # to read the span which contains the <a> tag
title = title[0].find('a').text #title '.text' is used to read what's between the <a> and </a> tag
link = title[0].find('a')['href'] #url , .you can replace 'href' with any attribute name inside the selected tag to read the value of that attribute

And thats pretty much it , all I did after that is check the title for types of phones that i’m looking for and check the price , if its within budget and the time is less than 6 minutes then it’ll play a warning and print the ad on screen.

here is the full program (make sure you put an mp3 file called ‘alert.mp3’ to play when a match is found)

[Video] Cracking WPA/WPA2 using reaver

Ok so this method is not new its been around for more than a year now , but since I never updated Wi-fEye for more than a year it doesn’t contain this attack , so while I was making a module to do this attack automatically I thought it might be a good idea to explain how to do it manually first.

Using reaver we don’t need any clients to be connected to the target network , we also don’t need to use a dictionary to brute force the WPA/WPA2 key,  This method depends on brute forcing  the WPS pin for the network , therefore it will only work on networks that use WPS pins. Cracking a WPS pin is much more easier than cracking a WPA or a WPA2 key as WPS pins only contain numbers , therefore using brute force its a matter of time (up to 10 hours) till we guess the correct pin , once we have the pin reaver can retrieve the WPA or WPA2 key from it.

3 ways to fix the fixed channel: -1 issue


Yesterday while I was working on the new version of Wi-fEye , I found out that every time I try to use airodump-ng I get the ‘mon0: fixed channel -1’ error message , now this is a very popular one , and there are a few ways to get around it , in the past to get around this I usually set the channel when I enable monitor mode , so instead of running

airmon-ng start [interface]


airmon-ng start [interface] [target-AP-channel]

For example if your network interface is wlan0 and the target AP is running on channel 6 then the command would be

airmon-ng start wlan0 6

This unfortunately didn’t work on ubuntu 12.04 , so I decided to set the channel and enable monitor mode manually without airmon-ng.

iwconfig [interface] channel [target-channel]
 ifconfig [interface] down
 iwconfig [interface] mode monitor
 ifconfig [interface] up

This – sort of – did the trick , when I say sort of i mean the error message is gone , I can run airodump-ng successfully on any AP with no problems , I can assotiate with APs successfully as well , even the injection test (airmon-ng -9 wlan0) tells my that injection is working , but when I actually try to inject packets it doesn’t work :S.

At this stage I was out of ideas and had to ask google , after some googlig I decided to patch my kernel but before that I thought it could be a good idea to search for compat wireless , so I did and it was a good idea indeed.

first check you kernel version:

uname -r

then install the relevant compat wireless package from the software center or using apt-get.

Then I restarted my system and BOOM , injection is working perfectly.

Now all of these ways have worked for me at some stage (depending on the kernel , the linux distro and the wifi card) , so if you are stuck with the same problem try them all and see what works for you.

Hello world [The real one :D]

Ok , so my last blog was 2 years ago , i know i didn’t even blog much before that , the reason is that i never wanted to blog ! The only reason I made this blog is to talk about Wi-fEye and that’s what i did .

Now I actually want to start blogging , that’s why i’m going to consider this as my first blog …. lets just put the past behind :D

So i’m going to talk about everything here , mostly computer related stuff , but i’ll probably talk about other random shit as well. I will be blogging randomly as well , blogging is exhausting , thinking about taking a break already :P.

Oh yeah i’m working on a new version of Wi-fEye with some new cool features …. stay tuned !