Tag: Google

Weaponizing the Nokia N900 – Part 3.6 – Portable Rogue AP Point

by on Feb.26, 2011, under Code, Posts

With continuing the series of weaponizing the N900 and hoping that Infosec Island will continue with their series as well, I have successfully setup my N900 as a rogue AP point.

Firstly, to effectively deploy it you want to make sure your cell phone service (3G for the N900) is quite strong. You may even want to try pinging google or the like and see what the delay is. With a good connection, it will very for me between 70 and 90 milliseconds.

Second, you want to survey the site you’re going to deploy your portable rogue ap point. Luckily, you can run kismet on the N900. Once you have surveyed the site for other AP points, take note of the MAC addresses of each AP point that is specific to the area and also take note of the names of the AP points. With this mac address you can spoof your wlan0 interface to something that is very similar:

ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX

You will need to have the extra repos enabled to install an application called mobilehotspot. You will also need prior to this, to install the custom kernel for the N900. You will also need ettercap and sslstrip to carry out this attack. See my earlier post for notes on the two: http://zitstif.no-ip.org/?p=451

1.) Get sslstrip up and running, and make sure you have iptables. For steps on using sslstrip check out:
http://www.thoughtcrime.org/software/sslstrip

2.) Spoof your wlan0 hardware address to what is appropriate for the site.

3.) Run the mobilehotspot application.

4.) Wait for a few seconds

5.) Run ettercap by doing so (modify as needed):
ettercap -i wlan0 -q -T -p -u // //

The reason why we don’t have ettercap forward packets, is because the kernel is already doing so due to the mobilehotspot application.

That is pretty much it. You could also do dnsspoofing to send your victims to a server under your control to do drive by attacks.

6 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , more...

Updated Section and Other Matters

by on Jan.19, 2011, under Posts

I haven’t had much time or energy to work on my website due to work, having a more than usual social life (odd), and school. I’m gong to make an honest effort to keep this website up to date at a higher frequency than what I’ve been doing.

This post is mostly in regards to my reconnaissance websites section. I’ve updated it and organized the websites by category. I’ve also added a link Samy’s geolocation page, which is great for finding actual (or close) locations of AP points, thanks to Google doing ‘legal’ wardriving.

Also, I’m planning on obtaining a Nokia n900, which I plan to ‘weaponize’ it in an original manner, and I will post steps to doing so on my website. I also have some meterpreter script ideas that I’m planning on working on. Additionally to that, I have a meterpreter script that has been laying around that utilizes an old trick for maintaining access to a compromised server, that I will plan on posting for metasploit users to use.

Here’s to a new year in information security! What will 2011 bring? 🙂

More to come as usual..

1 Comment :, , , , , , , , , , , , , , , , , , , , , , , more...


Blippy FAIL rant

by on Apr.24, 2010, under Posts

mashable.com/2010/04/23/blippy-credit-card-numbers/

Alright, sharing information is nothing new, along with sharing information online. We as a society aggregate massive amounts of data for companies to use for targeted marketing and the like.

With that being said, you must ask yourself, “Our we willingly sharing too much information?” Is there such a thing as a too much information? Some would argue no and for the most part I would have to agree with them. Despite this being true, I still strongly believe that reasonable forms of denial are a useful tool for coping with everyday life.

Twitter, facebook, myspace.. and even the faded out xanga, are all websites that are used for basically spying on our social lives. With this being said, Blippy steps up the ante by spying on our buying habits and having a space for us to publicly share this information.

Was I a little surprised to find out about the latest ‘Blippy fail’ ? A little, but the more I took into consideration and remembered how Google can be used in such a way, it wasn’t very hard for me to fathom.

Is there an easy mend for this issue? You have to ask yourself, especially if you’re a Blippy user, “Do I really need to share this information, with this company and the realm of the internet?”.

My mantra on disclosing information is, ‘share information as felt necessary’. I hope more people start taking this into consideration, but it seems that people tend to like to live in the view of the public to an extent via social networking mediums. I believe for some individuals, it gives them a sense of identity and self importance.

Do I really care about who broke up with such and so? Is it necessary for me to learn about unnecessary information about yourself? I don’t think so, but social networking websites seem to think it’s necessary, but it’s also part of their business model.

Consider this simple logic: The more websites that I share personal information with, the more likely a privacy breach of information that I did not intend to disclose will occur.

More to come..

3 Comments :, , , , , , , , , , , , more...

Google doesn’t want you to see certain things..

by on Jan.16, 2010, under Posts

I wonder if I’m the only one who has taken notice of this:

Google-Chrome error page:
http://zitstif.no-ip.org/chrome.jpg

Firefox error page:
http://zitstif.no-ip.org/firefox.jpg

I blurred out the website name for the safety of it. Also, I hope you see the big difference between the two screen shots.

I made the same request to the same web server, but one time with google-chrome and the other time with firefox.

Apparently the company that knows too much information about you, doesn’t want you to know too much information about web servers..

Intriguing.

3 Comments : more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!