Right, so this is what has been keeping me busy, along with college of course. This is a comprehensive course on using Android as a penetration testing tool, you will start as a beginner with no previous knowledge about penetration testing. The course will start with you from scratch, from preparing your Android device and computer, […]
So its been a while since I wrote anything , I’ve just been really busy with work and college. After the great success the Arabic version of this course have made , I decided to make an English version of this course. The course is designed to take your network hacking skills from scratch to a […]
In this video , you’ll see how easy it is to create a fake software update and hack windows 8 using Wi-fEye.
Wi-fEye will create a back door (or you can use your own) , then it will start Evilgrade server and DNS-spoof all requests to update the target software to our machine where we have Evilgrade running , Evilgrade will send the back door to the target machine instead of sending an update , once the machine receives the update file it will run it and execute our back door :)
We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.
In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.
Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.
Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.
To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.
PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP
In this video , you will see how we can control all the connections around us (EX: kick users out of networks , or prevent them from connecting to any network or even prevent people from connecting to a specific network) using airdrop-ng , we don’t need to connect to any of the networks around us , all we need is airdrop-ng.
And as usual the video is for education purposes and i’m not responsible for any misuse of the info provided in this tutorial.
Enjoy :D
Ok so this method is not new its been around for more than a year now , but since I never updated Wi-fEye for more than a year it doesn’t contain this attack , so while I was making a module to do this attack automatically I thought it might be a good idea to explain how to do it manually first.
Using reaver we don’t need any clients to be connected to the target network , we also don’t need to use a dictionary to brute force the WPA/WPA2 key, This method depends on brute forcing the WPS pin for the network , therefore it will only work on networks that use WPS pins. Cracking a WPS pin is much more easier than cracking a WPA or a WPA2 key as WPS pins only contain numbers , therefore using brute force its a matter of time (up to 10 hours) till we guess the correct pin , once we have the pin reaver can retrieve the WPA or WPA2 key from it.
Last time i needed to use a keylogger on a linux computer, at that time i relised that i’ve never actially used a keylogger on linux and never really thought that i’ll need to use one on linux, so i started searching for one, i tried LKL (linux key logger) but it didn’t work for me, then i tried uberkey ,it was a bit buggy as i lost control over my mouse pointer. Then i came accross logkeys which was briliant !!
logkeys is a linux keylogger (GNU/Linux systems only). It is no more advanced than other available linux keyloggers, but is a bit more up to date, it doesn’t unreliably repeat keys and it should never crash your X. All in all, it just seems to work. It relies on event interface of the Linux input subsystem. Once set, it logs all common character and function keys, while also being fully aware of Shift and AltGr key modifiers. It works with serial as well as USB keyboards.
This video shows how to AUTOMATICALLY sniff messages from instant messengers (e.g yahoo messenger) using Wi-fEye.
All you have to do is choose the target then Wi-fEye will ARP-spoof this target ,enable ip-forwarding and start msgsnarf.
requirements: msgsnarf,ettercap.
This video shows how to bypass https using Wi-fEye.
All you have to do is choose the target then Wi-fEye will ARP-spoof this target ,set an ip-tables rule to redirect the packages from port 80 to 10000, and starts sslstrip.
This video demonstrates software hijacking using Wi-fEye.
This moule requres Metasploit , Expect and Evilgrade.
All you have to do is select the software you wnat to hijack its upate, select a payload, select the target and thats it. Now Wif-Eye will use metasploit to creat and encrypt the agent, start multi/handler , stop the apache if its working , start evilgrade webserver and dns spoof the updates to evilgrade.
Za1d's Blog 