Ⓛⓔⓣⓢ Ⓢⓣⓐⓡⓣ
The attack
1) The fatal error that allowed sensitive information to be stolen is possible when an end user is not properly educated in an easy-to- make and well-known SSL - SSL MITM exploit format :
> The hacker goes to the cafeteria and connects to the same Wi - Fi network to which it is connected. Direct a series of utilities to redirect
2) the data of other users through your machine. He manages a number of other public services to sniff the data, act as an SSL server certificate and be the man - the-middle.
so your SSL Banking session should work under normal conditions, and how it would work during an attack
3) The first thing he would do is turn on fragrouter, so your machine can perform IP forwarding
> shell console > type :
fragrouter (+your ip)
4) After that, he will want to direct his Wi - Fi network traffic to his machine instead of his data traffic going directly to the Internet . This allows you to be the " Man-in - the-middle" between the computer and the Internet. Using arpspoof , a way easy real to do this , it determines its direction IP is 192.168.1.15 and the default gateway of the network Wi - Fi is 192.168.1.1
> or Type ifconfig to get as well
5) The next step is to enable DNS Spoofing through dnsspoof
>Since it is going to replace the Bank or the valid certificate of the online store with its own fake one , you will have to activate the utility so that your system is the Man- in-the- Middle for web sessions and handle certificates . This is done through webmitm
> again in console type :
webmitm -d
6) At this point , it is set up and ready to go , you must now begin to actively smell your data pass through the machine, including access information and credit card information. You choose to do this with Ethereal
> https://download.cnet.com/Ethereal-Network-Protocol-Analyzer/3001-2085_4-10492160.html
Old Stable Version
> then save your capture :
>click save simply
7)You now have the data, but it is still encrypted with 128-bit SSL . No problem, since he has the key . What he simply has to do now is decrypt the data using the certificate he gave you . It does it with Dump SSL:
> ssldump -r Bankcapture -k webmitm.crt -Bankoutput
8) The data is now decrypted and executes a cat command to see the SSL information now decrypted . Note that the username is " Bankusername" and the password is (BankPassword)
> Conveniently, this dump also shows the Banking site as National City . FYI , better, the most secure banking and websites stored online will have connect for the first time to another, ( join @Vampyr squad 4.0) which precedes page via SSL before connecting to the page where confidential information such as bank credentials or credit card numbers is entered
9) With this information , you can now access your bank account online with the same access and privileges as you
Enjoy! Follow us for more...
The attack
1) The fatal error that allowed sensitive information to be stolen is possible when an end user is not properly educated in an easy-to- make and well-known SSL - SSL MITM exploit format :
> The hacker goes to the cafeteria and connects to the same Wi - Fi network to which it is connected. Direct a series of utilities to redirect
2) the data of other users through your machine. He manages a number of other public services to sniff the data, act as an SSL server certificate and be the man - the-middle.
so your SSL Banking session should work under normal conditions, and how it would work during an attack
3) The first thing he would do is turn on fragrouter, so your machine can perform IP forwarding
> shell console > type :
fragrouter (+your ip)
4) After that, he will want to direct his Wi - Fi network traffic to his machine instead of his data traffic going directly to the Internet . This allows you to be the " Man-in - the-middle" between the computer and the Internet. Using arpspoof , a way easy real to do this , it determines its direction IP is 192.168.1.15 and the default gateway of the network Wi - Fi is 192.168.1.1
> or Type ifconfig to get as well
5) The next step is to enable DNS Spoofing through dnsspoof
>Since it is going to replace the Bank or the valid certificate of the online store with its own fake one , you will have to activate the utility so that your system is the Man- in-the- Middle for web sessions and handle certificates . This is done through webmitm
> again in console type :
webmitm -d
6) At this point , it is set up and ready to go , you must now begin to actively smell your data pass through the machine, including access information and credit card information. You choose to do this with Ethereal
> https://download.cnet.com/Ethereal-Network-Protocol-Analyzer/3001-2085_4-10492160.html
Old Stable Version
> then save your capture :
>click save simply
7)You now have the data, but it is still encrypted with 128-bit SSL . No problem, since he has the key . What he simply has to do now is decrypt the data using the certificate he gave you . It does it with Dump SSL:
> ssldump -r Bankcapture -k webmitm.crt -Bankoutput
8) The data is now decrypted and executes a cat command to see the SSL information now decrypted . Note that the username is " Bankusername" and the password is (BankPassword)
> Conveniently, this dump also shows the Banking site as National City . FYI , better, the most secure banking and websites stored online will have connect for the first time to another, ( join @Vampyr squad 4.0) which precedes page via SSL before connecting to the page where confidential information such as bank credentials or credit card numbers is entered
9) With this information , you can now access your bank account online with the same access and privileges as you
Enjoy! Follow us for more...
No comments:
Post a Comment