[Video] Creating fake software update and hacking windows 8 using Wi-fEye

In this video , you’ll see how easy it is to create a fake software update and hack windows 8 using Wi-fEye.

 

Wi-fEye will create a back door (or you can use your own) , then it will start Evilgrade server and DNS-spoof all requests to update the target software to our machine where we have Evilgrade running , Evilgrade will send the back door to the target machine instead of sending an update , once the machine receives the update file it will run it and execute our back door :)

 

Wi-fEye v1.0-beta Released

wa

Ok so its been a long time since I said i’m going to release a new version of Wi-fEye soon , but between college and work I had very little time to work on it.

Anyway here it is after more than 2 years Wi-fEye v1.0 is out with some new features , bug fixes and compitableity improvements.

For those who don’t know what Wi-fEye is I suggest you google it

This version is still in beta so expect to see bugs , I still have a lot of ideas to add to it but can’t promise when I will add these features :)

For download and more info check out the official website (http://wi-feye.za1d.com)

So yeah that’s pretty much it , enjoy

 

[Video] Session Hijacking using Cookie Cadger

We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is  most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.

In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.

Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.

Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.

To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.

 

PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP

[Video] Monitoring wireless connections using airdrop-ng

In this video , you will see how we can control all the connections around us (EX: kick users out of networks , or prevent them from connecting to any network or even prevent people from connecting to a specific network) using airdrop-ng , we don’t need to connect to any of the networks around us , all we need is airdrop-ng.

And as usual the video is for education purposes and i’m not responsible for any misuse of the info provided in this tutorial.

Enjoy :D

[python] Analysing HTML code using BeautifulSoup

Ok , so its been a while since my last post , but i’ve been busy with work and college that I literally had no time to write anything. Anyway , i’ve been looking to buy a new phone and i’ve noticed  that some great phones are going for sale very cheap on some classified websites , the only problem is that they get sold in less than 10 minutes , so I decided to make a python script that will play a warning once a phone that matches what I want comes on sale.

The first thing I had to do is read the html code of the target page that contains the ads,

import urllib2
usock = urllib2.urlopen("http://www.donedeal.ie/find/phones/for-sale/Ireland/") 
source = usock.read()
usock.close()

Now the source code is saved in the variable “source” , next I need to parse the html source code so that I can search for the phones that I want and make sure that they are within budget , to do this BeautifulSoup seems to work perfectly.

First import it

from BeautifulSoup import BeautifulSoup

To make things easier I separated the table in the middle from the rest of the code and then analysed each row separately as each row represents a different ad.

To separate a certain HTML tag from the source we can use the findAll property in BeautifulSoup , first lets parse the whole page with BeautifulSoup

search_table = BeautifulSoup(source)

and then i’m going to look for the div in the middle that has the class “text” ,

rows = search_table.body.findAll('div', attrs={'class':'text'})

Now the variable rows contain the HTML source code of all the ads without the top and bottom of the page , just the ad rows , all I need to do now is read each row on its own and read the title , price and how long its been on sale (cause I’m only interested in the new ads).

To read each row on its own I used a for loop as follows:

for line in rows:

In this loop I used BeautifulSoup again to parse each row and read the title price , date and URL , in my example the developer is using <span>’s for price and date so reading them is straight forward using findAll:

price = line.findAll(name = 'span' , attrs={'class':'price'})
dt = line.findAll(name = 'span' , attrs={'class':'publishDate'})

However the title is a bit tricky as it is inside an <a> tag in the <span> , so here is how I read it:

title = line.findAll(name = 'span' , attrs={'class':'header'}) # to read the span which contains the <a> tag
title = title[0].find('a').text #title '.text' is used to read what's between the <a> and </a> tag
link = title[0].find('a')['href'] #url , .you can replace 'href' with any attribute name inside the selected tag to read the value of that attribute

And thats pretty much it , all I did after that is check the title for types of phones that i’m looking for and check the price , if its within budget and the time is less than 6 minutes then it’ll play a warning and print the ad on screen.

here is the full program (make sure you put an mp3 file called ‘alert.mp3’ to play when a match is found)

[Video] Cracking WPA/WPA2 using reaver

Ok so this method is not new its been around for more than a year now , but since I never updated Wi-fEye for more than a year it doesn’t contain this attack , so while I was making a module to do this attack automatically I thought it might be a good idea to explain how to do it manually first.

Using reaver we don’t need any clients to be connected to the target network , we also don’t need to use a dictionary to brute force the WPA/WPA2 key,  This method depends on brute forcing  the WPS pin for the network , therefore it will only work on networks that use WPS pins. Cracking a WPS pin is much more easier than cracking a WPA or a WPA2 key as WPS pins only contain numbers , therefore using brute force its a matter of time (up to 10 hours) till we guess the correct pin , once we have the pin reaver can retrieve the WPA or WPA2 key from it.