tag:blogger.com,1999:blog-63332644566112280972024-02-01T20:44:33.131-08:00KaOtiCo NeUtRaLAugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-6333264456611228097.post-21121187617605339672015-12-17T11:16:00.000-08:002017-10-12T10:52:13.963-07:00Samsung Smarttv and Printers weak password SoftAP wpa2<div class="MsoNormal">
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><u><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 24.0pt;">Samsung SoftAP weak default password</span></u></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Many devices created by Samsung has an special way to
interact called in some cases wifi-direct and in other cases softAP this
feature is only some kind of access point with an DHCP server integrated. For
example if some user want to print a document using this functionality just
must search the SSID of the printer then join his PC or cellphone to it and
send the document. With Smarttv occurs something similar but it will show an
image or will reproduce video or music.</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><u><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">The vulnerability</span></u><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Let’s see how look like a password of Softap
functionality from a smarttv</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<u1:p></u1:p>
<br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><u1:p></u1:p><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">If you see this the password always will be a number
under 100000000</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: large;"><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwUJ-EKeeRBltEUR7624LeOSw-iGK7EvPoCPgR5JWqTys8oGab6EhTAV_4XbMxi8elKzgGs1khw4jd8q_EvwZOYQ0dKmbI5lV9wWBcs7-b8tbWNscDnVBg8mUmgXh4RyuTsbDk3Op_4gqn/s1600/11111111.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwUJ-EKeeRBltEUR7624LeOSw-iGK7EvPoCPgR5JWqTys8oGab6EhTAV_4XbMxi8elKzgGs1khw4jd8q_EvwZOYQ0dKmbI5lV9wWBcs7-b8tbWNscDnVBg8mUmgXh4RyuTsbDk3Op_4gqn/s640/11111111.jpg" width="640" /></a></b></span></div>
<br />
<br />
<br />
<div class="MsoNormal">
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Here you can see the same example in a printer</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
</div>
<div class="MsoNormal">
<span style="font-size: large;"><b><br /></b></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc9xM9yIinG5ko221ET71rvjBZ-64duKOqKbHNWlXWtbWUiMYCyiEPCY16ODGgZR_ah6qJoQLlHmf78u8_LBhTQqgBdpJaAGYaTkpLaFdkrnIyDYb2AMBS_EyENjjY7gEFz0hvr_fwf_L7/s1600/22222222.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><b><img border="0" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc9xM9yIinG5ko221ET71rvjBZ-64duKOqKbHNWlXWtbWUiMYCyiEPCY16ODGgZR_ah6qJoQLlHmf78u8_LBhTQqgBdpJaAGYaTkpLaFdkrnIyDYb2AMBS_EyENjjY7gEFz0hvr_fwf_L7/s640/22222222.jpg" width="640" /></b></span></a></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br /></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br /></b></span></span></div>
<div class="MsoNormal">
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Always the security of the softap uses WPA2 but if you
capture a handshake using aircrack just sniffing in the air is 100% possible
crack the password in less than 14 hours using a modern desktop computer.</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">So you can send content to the printer and smart tv
without anything can stop it.</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">This code will generate an 800 MB dictionary</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">dictgen.py</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
</div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b>---------------------------------------------------------------------------<o:p></o:p></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br />
<span style="background: white;">count = 0</span></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br />
<span style="background: white;">while (count < 100000000):</span></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br /><span style="background: white;"> print str(count).zfill(8)</span></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br /><span style="background: white;"> count = count + 1<o:p></o:p></span></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><span style="background: white;"><br /></span></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b>---------------------------------------------------------------------------------<o:p></o:p></b></span></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , sans-serif; line-height: 107%;"><span style="font-size: large;"><b><br /></b></span></span></div>
<div class="MsoNormal">
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Just run this:</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">python dictgen.py >dictionary.txt</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;"><u1:p> You can download a sample
pcap with a handshake from a printer </u1:p></span></b><b style="background-color: white; color: #222222; font-family: Arial, sans-serif; font-size: x-large; line-height: 17.12px;"><span style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 24.0pt;"><a href="https://drive.google.com/file/d/0Bz0H758VKC9kdndUTlNqUno5bGs/view?usp=sharing"><span lang="EN-US">here</span></a></span></b><b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 24.0pt;"> </span></b><b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;"><u1:p>or smarttv from </u1:p></span></b><b style="background-color: white; color: #222222; font-family: Arial, sans-serif; font-size: x-large; line-height: 17.12px;"><span style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 24.0pt;"><span lang="EN-US"><a href="https://drive.google.com/file/d/0Bz0H758VKC9kRU9tdFQyQjlpajQ/view?usp=sharing" target="_blank">here</a></span><span id="goog_551176103"></span><span id="goog_551176104"></span><a href="https://www.blogger.com/"></a></span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">
</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">If you want to test it use
aircrack-ng with the previously generated dictionary</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">The syntax is the following:</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">aircrack-ng printer.pcap –w
dictionary.txt</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">Now you need to wait a little bit
more than a half day to get the password</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="background: white; color: #222222; font-family: "arial" , "sans-serif"; font-size: 18.0pt;">When finish you will see something
like the following image</span><u1:p></u1:p></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
</div>
<div class="MsoNormal">
<span style="font-size: large;"><b><br /></b></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmCyoOYUU__xxsNKSHEbsMOZFTQ5KIqyYzUq5I1D5PTZykGW6xCLx64WpXqDguSxqP9buE0muDQQ8C0dtExJj0bH_fq2x1vU-K4gQtLv8kHmcnZ42iKdwFu-JVce4TQw4FBVyS4oWwKYy/s1600/3333333.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><b><img border="0" height="315" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmCyoOYUU__xxsNKSHEbsMOZFTQ5KIqyYzUq5I1D5PTZykGW6xCLx64WpXqDguSxqP9buE0muDQQ8C0dtExJj0bH_fq2x1vU-K4gQtLv8kHmcnZ42iKdwFu-JVce4TQw4FBVyS4oWwKYy/s640/3333333.jpg" width="640" /></b></span></a></div>
<div class="MsoNormal">
<span lang="EN-US"><span style="font-size: large;"><b><br /></b></span></span></div>
<div class="MsoNormal">
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Now you have ip
connectivity with the tv or printer and the clients</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">You could
intercept all files in transit, in the case of printers could have important
information as contracts, confidential documents, etc. </span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Also you could
reproduce arbitrary content in some cases on the smarttv using some dnla/upnp
software.</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br />
</span></b><b><u><span lang="EN-US" style="font-size: 24pt;">Fix and workaround</span></u></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b style="font-size: x-large;"><span lang="EN-US" style="font-size: 24pt;">Any of the
following options could be used.</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 24pt;"><br />
</span></b><b><u><span lang="EN-US" style="font-size: 18pt;">Option 1- Make your password stronger:</span></u></b><span class="apple-converted-space"><b><span lang="EN-US" style="font-size: 18pt;"> </span></b></span><b><span lang="EN-US" style="font-size: 18pt;">It's a
good idea change the password using lowers, CAPS and numbers with 8 to 15
characters.</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br />
<u>Option 2- Shutting down the service:</u><span class="apple-converted-space"> </span>If
you don't use this functionality just disable it.</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><u><span lang="EN-US" style="font-size: 18pt;">Option 3-
Download official patch:</span></u></b><b><span lang="EN-US" style="font-size: 18pt;"> It depends of
your model.</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Go to<span class="apple-converted-space"> </span></span></b><b><span style="font-size: 18pt;"><a href="http://www.samsung.com/"><span lang="EN-US">http://www.samsung.com</span></a></span></b><b><span lang="EN-US" style="font-size: 18pt;"> search
your patch according your model (if it's available) </span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br />
</span></b><b><span style="font-size: 18pt;">Vulnerable models</span></b><span style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<div style="clear: both; text-align: center;">
<b><span style="font-size: 18pt;">SmartTVs</span></b><span style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
<br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br /></div>
</div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcDHXQKGjmOq7wkhwo4Fqo5vdxUCmQcnSJe1mvTDdQsIHfa6i4LodeNI7dv9c_VecsvUlTaGB2bOp6bWaaqE6lIo9mo-ndj5OrLAW8ZhfJcAgcxu9XXcixXMuGgBjEhd2rX7vwdrEtGC3e/s1600/modelos.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcDHXQKGjmOq7wkhwo4Fqo5vdxUCmQcnSJe1mvTDdQsIHfa6i4LodeNI7dv9c_VecsvUlTaGB2bOp6bWaaqE6lIo9mo-ndj5OrLAW8ZhfJcAgcxu9XXcixXMuGgBjEhd2rX7vwdrEtGC3e/s640/modelos.jpg" width="259" /></a></div>
<span style="font-size: large;"><b><br /></b></span>
<span style="font-size: large;"><b><br /></b></span><br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Printers</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br />
May be all Xpress series </span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Confirmed in
M288OFW</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<br />
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br />
It could affect more models than listed here</span></b><span lang="EN-US" style="font-size: 13.5pt;"><o:p></o:p></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">-------------------------------------------------</span></b></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;">Samsung give me a reward :) </span></b></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br /></span></b></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<span lang="EN-US" style="font-size: 24px;"><b>https://samsungtvbounty.com/HallofFame.aspx</b></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<span lang="EN-US" style="font-size: 24px;"><b><br /></b></span></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<b><span lang="EN-US" style="font-size: 18pt;"><br /></span></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg154yRFJHc3vNtpEDEpa5Xpkobxec5eJTz3-20eT5YicEk01XxaSQ3JGh1UGxo1sX3UE6CsZTsyNkXC8jKhPwx231SlNTQIEBudE0wFOHVrfNxQmu8ajC-ppDU0Vxvb9LUFlP4xCbsMCfP/s1600/Samsung.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg154yRFJHc3vNtpEDEpa5Xpkobxec5eJTz3-20eT5YicEk01XxaSQ3JGh1UGxo1sX3UE6CsZTsyNkXC8jKhPwx231SlNTQIEBudE0wFOHVrfNxQmu8ajC-ppDU0Vxvb9LUFlP4xCbsMCfP/s640/Samsung.jpg" width="640" /></a></div>
<div style="margin-bottom: .0001pt; margin: 0cm;">
<br />
<br /></div>
</div>
AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.comtag:blogger.com,1999:blog-6333264456611228097.post-91366775242723781162013-09-30T19:16:00.000-07:002013-10-01T18:12:14.972-07:00How use your smart phone like as a wardriving station<h2>
</h2>
<div>
Why people do wardriving<u> </u>wi<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">th a no</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tebook? </span></div>
<div>
<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">I</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t can be done wi</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">th a smar</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tphone wi</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">th android jus</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;"> following 10 simple s</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">teps</span></div>
<div>
<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">1- download wiglewifi from google play</span></div>
<div>
<u><br /></u></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ9isG_ZHfb3X2-Lj8j54VJHRPaShmpGK7KN2N4wn1OWM5DJceu8Ix9F1zDngouK9l0L3e8SS0P1ZD35gR5oSTRaIBMotGS6CLT5pN8oH9fji-BfEORErRnNyz8CGzRIS3aVHJWG6WJdjP/s1600/Screenshot_2013-09-30-22-33-44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ9isG_ZHfb3X2-Lj8j54VJHRPaShmpGK7KN2N4wn1OWM5DJceu8Ix9F1zDngouK9l0L3e8SS0P1ZD35gR5oSTRaIBMotGS6CLT5pN8oH9fji-BfEORErRnNyz8CGzRIS3aVHJWG6WJdjP/s320/Screenshot_2013-09-30-22-33-44.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
2- Af<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">ter ins</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">talla</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tion is comple</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">te ac</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tiva</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">te GPS</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpKiXjx80eN_Hj3YcErmgXS4k_fbYVqLkGUiOieyHFi_jI9_zx2riipNvUXz22hF6KzjPfI8eAOgpj9HO1a31VpkiHfyJjZ1Gq-rJbC7dg-Gk_b057yRrB-nZ8ozWNgwd7GiHB8T1QoRwI/s1600/Screenshot_2013-09-30-22-33-55.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpKiXjx80eN_Hj3YcErmgXS4k_fbYVqLkGUiOieyHFi_jI9_zx2riipNvUXz22hF6KzjPfI8eAOgpj9HO1a31VpkiHfyJjZ1Gq-rJbC7dg-Gk_b057yRrB-nZ8ozWNgwd7GiHB8T1QoRwI/s320/Screenshot_2013-09-30-22-33-55.png" width="192" /></a></div>
2- When you run i<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t, </span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">this app will s</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tar</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t cap</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">ture all ssid of </span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">the wifi around us</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkxNHVyUzoCq92YTv7BxDGcK7kGHUZU38Rs0KzxmwbLwLjeT48VjwQ5jXFPEZxk-YnAuC87MdoNft3jTMx-xm-bLexgTHKXpdi9L8YmDWrc7XT9oR1R_2Rh6XM9gJN8i31LpIHS-S8h1K8/s1600/Screenshot_2013-09-30-22-34-12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkxNHVyUzoCq92YTv7BxDGcK7kGHUZU38Rs0KzxmwbLwLjeT48VjwQ5jXFPEZxk-YnAuC87MdoNft3jTMx-xm-bLexgTHKXpdi9L8YmDWrc7XT9oR1R_2Rh6XM9gJN8i31LpIHS-S8h1K8/s320/Screenshot_2013-09-30-22-34-12.png" width="192" /></a></div>
4- In <span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">the op</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tion MAPA you will see every wifi ne</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">twork on his po</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">ti</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tion in </span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">the map (i don'</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t show my cap</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">ture of my ne</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tworks because i don'</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t wan</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t show where i live)</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI-5aSMH-TPP-sb-AKNKX92J7GkF26BP-QQCdGfj-n3eg9ZbebfBPEEyXtPU5vwcYEx6fHhSPQ_6RU-x6k_Fqd6MX00hApg7ttoBIXRyKpZYutNLaKRf-l1FbbZW5D6aj8yyoiGxLZl0vK/s1600/Screenshot_2013-09-30-22-35-39.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI-5aSMH-TPP-sb-AKNKX92J7GkF26BP-QQCdGfj-n3eg9ZbebfBPEEyXtPU5vwcYEx6fHhSPQ_6RU-x6k_Fqd6MX00hApg7ttoBIXRyKpZYutNLaKRf-l1FbbZW5D6aj8yyoiGxLZl0vK/s320/Screenshot_2013-09-30-22-35-39.png" width="192" /></a></div>
<br />
<span style="font-family: Verdana, Arial, Helvetica, sans-serif;"><span style="font-size: 12px;">5- In </span></span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">the op</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tion RESUMEN we can see values of </span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">the cap</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tures</span><br />
<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJydEMM8OHAV3o1mHRj5EIcw_YGFmWrjQNWsat4MJvZSdBl580GGrfakNEWbQP1TgYe_h5g0xmbe53Ss4e4wjGBhx7lI-ox6RF_NYTZ-ZIXNSiZL5lEfCaAWgtjcxaAmrJANJyrDtG98WK/s1600/Screenshot_2013-09-30-22-35-48.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJydEMM8OHAV3o1mHRj5EIcw_YGFmWrjQNWsat4MJvZSdBl580GGrfakNEWbQP1TgYe_h5g0xmbe53Ss4e4wjGBhx7lI-ox6RF_NYTZ-ZIXNSiZL5lEfCaAWgtjcxaAmrJANJyrDtG98WK/s320/Screenshot_2013-09-30-22-35-48.png" width="192" /></a></div>
6- We can expor<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">ts all our cap</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">tures (KML forma</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">t is my favori</span><span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">te)</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTCE1dBrAtqqChpXxIphdAQY3ujcScH9_jqJWEuXH8EdiGPHIhJqiet2ReQ9y3_YHV2jgNGDkHP4aM0Qh7G40cKI6e607UVhKJXOCcIUTgDbILe8MvL-zoFPCjPLyIw3ramQYqD-8Bl1oz/s1600/Screenshot_2013-09-30-22-36-09.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTCE1dBrAtqqChpXxIphdAQY3ujcScH9_jqJWEuXH8EdiGPHIhJqiet2ReQ9y3_YHV2jgNGDkHP4aM0Qh7G40cKI6e607UVhKJXOCcIUTgDbILe8MvL-zoFPCjPLyIw3ramQYqD-8Bl1oz/s320/Screenshot_2013-09-30-22-36-09.png" width="192" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0-tsY_f-0Mkf4KrnQPK27KR4WuIf6bD95UQqJ2duD27F8uAxUj-1PB6M1fmWRZGNMnH7f7GglNCEhjSx4mz07E7giduOZYOWBSTcB5iWxAojSY9Yb9vNs8LQccfvnTomfWVOwekY_5X7k/s1600/Screenshot_2013-09-30-22-36-12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0-tsY_f-0Mkf4KrnQPK27KR4WuIf6bD95UQqJ2duD27F8uAxUj-1PB6M1fmWRZGNMnH7f7GglNCEhjSx4mz07E7giduOZYOWBSTcB5iWxAojSY9Yb9vNs8LQccfvnTomfWVOwekY_5X7k/s320/Screenshot_2013-09-30-22-36-12.png" width="192" /></a></div>
<div>
7- Download google ear<span style="background-color: white; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;">th here </span><a href="http://www.google.com/earth/download/ge/agree.html">http://www.google.com/earth/download/ge/agree.html</a><br />
<br /></div>
8- run i<a href="http://www.google.com/earth/download/ge/agree.html">t</a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Hv4NrR_YXdE/Ukouv2ifcKI/AAAAAAAAIE8/g2eosYfqpIo/s1600/ge1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="http://1.bp.blogspot.com/-Hv4NrR_YXdE/Ukouv2ifcKI/AAAAAAAAIE8/g2eosYfqpIo/s320/ge1.jpg" width="320" /></a></div>
9- Choose your kml file ex<a href="http://www.google.com/earth/download/ge/agree.html">t</a>rac<a href="http://www.google.com/earth/download/ge/agree.html">t</a>ed from your celphone<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSEKvRVBPD1G_ylZ7a-eGqRYugOsa-r52Rbfhw6Ep8UzR_UPI1F5tXi7PKkVYXFNKNv_fdD4W4I3o8YR8aQamziWR0wyzGf_GErZZGu76t5eSGqaIkttASM076vILy4HyBCsdg6g4siQ0f/s1600/ge2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSEKvRVBPD1G_ylZ7a-eGqRYugOsa-r52Rbfhw6Ep8UzR_UPI1F5tXi7PKkVYXFNKNv_fdD4W4I3o8YR8aQamziWR0wyzGf_GErZZGu76t5eSGqaIkttASM076vILy4HyBCsdg6g4siQ0f/s320/ge2.jpg" width="320" /></a></div>
10- Look wha<a href="http://www.google.com/earth/download/ge/agree.html">t</a> you cap<a href="http://www.google.com/earth/download/ge/agree.html">t</a>ure in <a href="http://www.google.com/earth/download/ge/agree.html">t</a>he map<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-8f6bJbsM4cM/UkovBA50U9I/AAAAAAAAIFE/MnTEt7kL3GE/s1600/ge3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/-8f6bJbsM4cM/UkovBA50U9I/AAAAAAAAIFE/MnTEt7kL3GE/s320/ge3.jpg" width="320" /></a></div>
<br />
EnjoyAugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com0tag:blogger.com,1999:blog-6333264456611228097.post-84203537461348730462013-09-27T15:12:00.000-07:002013-09-30T18:32:27.568-07:00How to make pishing using an smartphone <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc-38HLpa0GDsjcQqnulbQV3WanxrzNigbs1KenNihgnTjEA49VEVGYf1hsH55QMuI8078nBGGbFK0a1ZPpqAcBzzWw4cCcoJF5XqNjJgrQUF7Ale_I8zIKwTXCLV3uipkR-YfErxW-hHJ/s1600/pocketfisherman.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="259" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc-38HLpa0GDsjcQqnulbQV3WanxrzNigbs1KenNihgnTjEA49VEVGYf1hsH55QMuI8078nBGGbFK0a1ZPpqAcBzzWw4cCcoJF5XqNjJgrQUF7Ale_I8zIKwTXCLV3uipkR-YfErxW-hHJ/s320/pocketfisherman.JPG" width="320" /></a></div>
<br />
<br />
<br />
Hi everybody:<br />
<br />
I want to show you how share your internet connection of your smartphone and take all passwords of the clients who use it<br />
<br />
<br />
This is the way how it works<br />
Minimum Requirement<br />
<br />
Android 4.0.4 or less (after 4.0.4 change the way of tetthering in android 4.1.2 so all this tool is useless after this version)<br />
Rooted Smartphone dual core or +<br />
<br />
<br />
<br />
Instalation.<br />
<br />
1) Root your device (it must have dual core)<br />
2)Download complete linux installer from google play<br />
3)Dowload console from google play<br />
4)<a href="https://docs.google.com/file/d/0Bz0H758VKC9kQzFZaF9HVVVmbjg/edit?usp=sharing">Download Mobile Fisherman</a> and uncompress it into your external sd of your smartphone<br />
<br />
Configuration<br />
<br />
1)Start Complete Linux installer<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtCHjaEHYc-4jV9nUybGh3Vw8txZSS-iZFWgrT9hR-yAo6On956riMK69baSDILl1J4JQ5dbf4x4hIe-LaIEIDw5wwfZC-SNjgg9ufi-vNEtRbRwynPgozEFVMh-nfLp1Rkd6rahu2O6kz/s1600/Screenshot_2013-07-15-18-09-17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtCHjaEHYc-4jV9nUybGh3Vw8txZSS-iZFWgrT9hR-yAo6On956riMK69baSDILl1J4JQ5dbf4x4hIe-LaIEIDw5wwfZC-SNjgg9ufi-vNEtRbRwynPgozEFVMh-nfLp1Rkd6rahu2O6kz/s320/Screenshot_2013-07-15-18-09-17.png" width="192" /></a></div>
<br />
2)Run it<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGhy5ArTUJILHaUEX0tv_k1sYfYW_5ilFhIaAwMKmoAIkJzQ8aQ3_IqHZgJWKat1WHe3rprgJclzXhDaAqPXP7x4r-fFcea3XnNwRw-nJdyld4X9uwJGMb3ukL3-3RvOM4g8FrL2kS0-Bq/s1600/Screenshot_2013-07-15-18-09-43.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGhy5ArTUJILHaUEX0tv_k1sYfYW_5ilFhIaAwMKmoAIkJzQ8aQ3_IqHZgJWKat1WHe3rprgJclzXhDaAqPXP7x4r-fFcea3XnNwRw-nJdyld4X9uwJGMb3ukL3-3RvOM4g8FrL2kS0-Bq/s320/Screenshot_2013-07-15-18-09-43.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
3) Select the image downloaded of Mobile Fisherman</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQx7S19hAeKOxbfQ5VGI0Y5WJt1EZAPkor5LeVIBi1wFOR4oArI6axI661W6jn8ZBaNWkhSwuW7ZgkP9UdIvcEwSjHgIrdPTawW3t3Mg_1o6IEa0Mc5WIO8J7MkP8gQy-9suSFSeYZTZz2/s1600/Screenshot_2013-07-15-18-09-56.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQx7S19hAeKOxbfQ5VGI0Y5WJt1EZAPkor5LeVIBi1wFOR4oArI6axI661W6jn8ZBaNWkhSwuW7ZgkP9UdIvcEwSjHgIrdPTawW3t3Mg_1o6IEa0Mc5WIO8J7MkP8gQy-9suSFSeYZTZz2/s320/Screenshot_2013-07-15-18-09-56.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Choose a Name for example Mobile Fisherman</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsvwWz7TC92GmFEfSh-XTHyhte-Vls36jbt61QYHUgJ_MpxfYRiwwQkH8tw8fHmNLx0SbvTTExT6byri-usgFuV96pDmdwnPMHIBzjMAF-qjjNHT1M53UPQxfIJ6pLlnu_uQ4V_aAHZXQH/s1600/Screenshot_2013-07-15-18-10-42.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsvwWz7TC92GmFEfSh-XTHyhte-Vls36jbt61QYHUgJ_MpxfYRiwwQkH8tw8fHmNLx0SbvTTExT6byri-usgFuV96pDmdwnPMHIBzjMAF-qjjNHT1M53UPQxfIJ6pLlnu_uQ4V_aAHZXQH/s320/Screenshot_2013-07-15-18-10-42.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Choose the image downloaded of our Ubuntu Mobile Fisher</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTDh1O0GZ9MDHAx-IRtqeRyNSlkhCPkKYJd7-abwRO4K-MmA9JYn1915pan6PmfQAPVHju7LPHyDwMo416G-PSvBGSk6OiR3zhz3Zfl0o6GubPaldcPbMobQJ5mQaAOoRIPV4zzlxDfP0f/s1600/Screenshot_2013-07-15-18-10-50.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTDh1O0GZ9MDHAx-IRtqeRyNSlkhCPkKYJd7-abwRO4K-MmA9JYn1915pan6PmfQAPVHju7LPHyDwMo416G-PSvBGSk6OiR3zhz3Zfl0o6GubPaldcPbMobQJ5mQaAOoRIPV4zzlxDfP0f/s320/Screenshot_2013-07-15-18-10-50.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
When the following image are displayed save everything</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbxCYuVoSXLCpd2WqCByKyGURWD9NXErZeaA73InlAqmv3QT_Pw1VieMrE1N7VTr3iikf9oh3glkWdnV4OIlkhFGEnEV7ifYOc38nAU1o53z-7xLPSwAzsxYu9vMJ7ARHy4s-Wzda0s7LI/s1600/Screenshot_2013-07-15-18-10-59.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbxCYuVoSXLCpd2WqCByKyGURWD9NXErZeaA73InlAqmv3QT_Pw1VieMrE1N7VTr3iikf9oh3glkWdnV4OIlkhFGEnEV7ifYOc38nAU1o53z-7xLPSwAzsxYu9vMJ7ARHy4s-Wzda0s7LI/s320/Screenshot_2013-07-15-18-10-59.png" width="243" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
We are ready to run it so do it</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO9MN8ByiftODCVEZ_IOm9V0CzJRgehrGQOE7aqtKjyMvs41_gQSLiQDoIcxbu2Xrg5mTRozOfEsJYu0-0-pnWxBjEyro82KggMfQm_QG9ROgbuQ-NjCne_CWaX9VrZt9DDA3rkwy8pRpU/s1600/Screenshot_2013-07-15-18-11-08.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO9MN8ByiftODCVEZ_IOm9V0CzJRgehrGQOE7aqtKjyMvs41_gQSLiQDoIcxbu2Xrg5mTRozOfEsJYu0-0-pnWxBjEyro82KggMfQm_QG9ROgbuQ-NjCne_CWaX9VrZt9DDA3rkwy8pRpU/s320/Screenshot_2013-07-15-18-11-08.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Runing the attack</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
This is the screen when its starting ubuntu <br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS7S2tNEIqmFmtB4DNoLLliXxj-Vpi7KG0gQzgfoyNaYgEzIGtY6uTH1JoHaj_afQr0AzqYqcph0Vb9yunrm8Uw-hvNUmLqUrnoSE-2Bl3ywJ9VjLyM92p-buu0V452FmfUVI15H23aA7F/s1600/Screenshot_2013-07-15-18-11-37.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS7S2tNEIqmFmtB4DNoLLliXxj-Vpi7KG0gQzgfoyNaYgEzIGtY6uTH1JoHaj_afQr0AzqYqcph0Vb9yunrm8Uw-hvNUmLqUrnoSE-2Bl3ywJ9VjLyM92p-buu0V452FmfUVI15H23aA7F/s320/Screenshot_2013-07-15-18-11-37.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
When Ubuntu is starting it let you choose wich GUI you want but its not important. Just press enter</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaseFPrsCXo14YYuuuoT6xHC1oTsd_KS3cDS38Os72yQyuu47lplMDSObjzDqUiE2onA81CeJ5Jl0rMqOYQis0iGJ4HXjWnQ2eq3K6sTeWa3doDC1p6bvqJWGcGJ3jpIwm4oNs2rTbSnYT/s1600/Screenshot_2013-07-15-18-11-46.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaseFPrsCXo14YYuuuoT6xHC1oTsd_KS3cDS38Os72yQyuu47lplMDSObjzDqUiE2onA81CeJ5Jl0rMqOYQis0iGJ4HXjWnQ2eq3K6sTeWa3doDC1p6bvqJWGcGJ3jpIwm4oNs2rTbSnYT/s320/Screenshot_2013-07-15-18-11-46.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
Run ./m.pl</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWnnWR74ZY4i4L62C-reQEKd8zcphPg1vwhKC4BgqkKQXopudjRwxQFQkk-NWebGmEh-BFNwNFzLa_uIMuPoMj0F7uizdTi8btrJ0nY4bJ0hSVt4UNlcmO4S3NY6gQysGfPCDZ4Zt9bb-q/s1600/Screenshot_2013-07-15-18-12-01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWnnWR74ZY4i4L62C-reQEKd8zcphPg1vwhKC4BgqkKQXopudjRwxQFQkk-NWebGmEh-BFNwNFzLa_uIMuPoMj0F7uizdTi8btrJ0nY4bJ0hSVt4UNlcmO4S3NY6gQysGfPCDZ4Zt9bb-q/s320/Screenshot_2013-07-15-18-12-01.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Wellcome to menu<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnnEogaBSyLyAsLsrewpzYHeP7-r33AgcGmzGbQJUyARph7MoCPZAlSZRXHhCXo2HuTD2Af1Ycqyugs3I6vNZhJLXCTdZV6oSI8W8r-H0YGqpb1AnRZV1bssZsI6ngFto4N_TFZV395GCP/s1600/Screenshot_2013-07-15-18-12-07.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnnEogaBSyLyAsLsrewpzYHeP7-r33AgcGmzGbQJUyARph7MoCPZAlSZRXHhCXo2HuTD2Af1Ycqyugs3I6vNZhJLXCTdZV6oSI8W8r-H0YGqpb1AnRZV1bssZsI6ngFto4N_TFZV395GCP/s320/Screenshot_2013-07-15-18-12-07.png" width="192" /></a></div>
<div class="" style="clear: both; text-align: left;">
If you select 1 you will start ssl strip attack </div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4gIPuXh4qNEELD5vXVOzZ-baNim9y682ONCrUoelomO065Ofb-BRFDfzjNDKFx4RkfKTVYg-v7mybluaSQgXwcoiaDvws-Jld1aVAthCczd2zdhr1gHT8zd2LqyLLPHHth47aAyvLCvXT/s1600/Screenshot_2013-07-15-18-14-19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4gIPuXh4qNEELD5vXVOzZ-baNim9y682ONCrUoelomO065Ofb-BRFDfzjNDKFx4RkfKTVYg-v7mybluaSQgXwcoiaDvws-Jld1aVAthCczd2zdhr1gHT8zd2LqyLLPHHth47aAyvLCvXT/s320/Screenshot_2013-07-15-18-14-19.png" width="192" /></a></div>
<br />
Start tettering on your smartphone (it's teorically posible start tettering from ubuntu but iwconfig don't let me use master mode and i was trying to use airbase-ng but it's not working)<br />
You must enter in Wi-Fi Zone and modem USB<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH85dbNgkdFw-TrtM9iNdTFbXzWeEi9N7J4QXvPNsMiYery23gpOpRPzgWO3Cl-ZPCpWlz569l5LsB5pySnG8o6t5sd9DSFZaZmofspjmuL8kmrS88cNy5939aCK3ctzfuz26XUQaSKKd_/s1600/Screenshot_2013-07-15-18-12-43.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a></div>
<div style="text-align: left;">
<img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH85dbNgkdFw-TrtM9iNdTFbXzWeEi9N7J4QXvPNsMiYery23gpOpRPzgWO3Cl-ZPCpWlz569l5LsB5pySnG8o6t5sd9DSFZaZmofspjmuL8kmrS88cNy5939aCK3ctzfuz26XUQaSKKd_/s320/Screenshot_2013-07-15-18-12-43.png" width="192" /></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="text-align: center;">Choose a name of your fake access point. Use for example something like link$y$. You know what i mean. (:P) or use the name of your "laboratory" for example some attacker could use the same ssid of the wifi of the place where he is right now to take credentials of the attracted clients to his fake access point</span></div>
<div style="text-align: left;">
<span style="text-align: center;"><br /></span></div>
<div style="text-align: left;">
<span style="text-align: center;"><br /></span></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-ETogESHxSHQSHdMsyVSsmbqldw27DqW_udvwK9Q48w55i4oD2MVghA8_ZvyTs8DPnIeGZo-wYf7-GIBljsvEkhxALQ71xKG5_muZQhblbmLbtK7ThDDD-UpTOF4A1MDrulKWIBidDaXG/s320/Screenshot_2013-07-20-12-40-55.png" width="192" /> </span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQbj6u_RTT4sVnFso8yiEWYEqpL9Nyqsejx5rfEi2SB-86i9QbuVAUZNUEAzsisCjkBGEC8vMuQVpw4i5GedbdNKsvLAD1j-MO4xQN-q5M_XlGpOffKREDJx44Ssyl-wChHaGoLx2cGWI/s1600/Screenshot_2013-07-15-18-13-47.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a>
<br />
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hTwIRu_InipJcOkqHZLGV-LJ_d9XKYY5thGRFADSuD38LuOO53LRKEPZ_DPMHaOgZ4fOFGV2PvYd4IF3D8sQgSYjkXDig2Xwxd51qJyqOJQg7rl9vU3W1yREuL7o5LANIxVbsS-6VZ6Y/s1600/Screenshot_2013-07-15-18-13-26.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hTwIRu_InipJcOkqHZLGV-LJ_d9XKYY5thGRFADSuD38LuOO53LRKEPZ_DPMHaOgZ4fOFGV2PvYd4IF3D8sQgSYjkXDig2Xwxd51qJyqOJQg7rl9vU3W1yREuL7o5LANIxVbsS-6VZ6Y/s320/Screenshot_2013-07-15-18-13-26.png" width="192" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Start the access point</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQbj6u_RTT4sVnFso8yiEWYEqpL9Nyqsejx5rfEi2SB-86i9QbuVAUZNUEAzsisCjkBGEC8vMuQVpw4i5GedbdNKsvLAD1j-MO4xQN-q5M_XlGpOffKREDJx44Ssyl-wChHaGoLx2cGWI/s1600/Screenshot_2013-07-15-18-13-47.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img alt="" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQbj6u_RTT4sVnFso8yiEWYEqpL9Nyqsejx5rfEi2SB-86i9QbuVAUZNUEAzsisCjkBGEC8vMuQVpw4i5GedbdNKsvLAD1j-MO4xQN-q5M_XlGpOffKREDJx44Ssyl-wChHaGoLx2cGWI/s320/Screenshot_2013-07-15-18-13-47.png" title="Start the access point" width="192" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
<div>
<div>
<br /></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
Now you can press any key to start the attack you must just wait</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrwCbvVaYxYEFv_wBYR56aQVJ8qHN46mfYGEabcq0jK4EmrW4c62Z7POJMR7YI2JzgLpqg1u2rNOXlrYOBPp6CQmVM0gyOnpw6mxWqc9X8DAAy1Zs9ZMqT3MY4lz7oU90bU5jWSaI9B6cG/s1600/Screenshot_2013-07-15-18-14-19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrwCbvVaYxYEFv_wBYR56aQVJ8qHN46mfYGEabcq0jK4EmrW4c62Z7POJMR7YI2JzgLpqg1u2rNOXlrYOBPp6CQmVM0gyOnpw6mxWqc9X8DAAy1Zs9ZMqT3MY4lz7oU90bU5jWSaI9B6cG/s320/Screenshot_2013-07-15-18-14-19.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In this capture you can see the many mac address asking to our evil dhcp</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR1hyphenhyphenGGsV6YBklw2uJ_nCm1VjPjTiGOv0TXw35wmWOPsZ30nXnZSJI00mDJvuVbfyitA09ZhNyeG_iKvPXLspAGeNEGrb22Ki13XVFGK5_rmQer_2WetS3rjIyxIbXMww1_m2dZFgQJhWb/s1600/Screenshot_2013-07-15-18-14-31.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR1hyphenhyphenGGsV6YBklw2uJ_nCm1VjPjTiGOv0TXw35wmWOPsZ30nXnZSJI00mDJvuVbfyitA09ZhNyeG_iKvPXLspAGeNEGrb22Ki13XVFGK5_rmQer_2WetS3rjIyxIbXMww1_m2dZFgQJhWb/s320/Screenshot_2013-07-15-18-14-31.png" width="192" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
When the victim login into a web application and send his credentials it will be logged into our smartphone in /external_sd/atlogs/sslstrip/</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyNi413XUFSat88RJpx1VK1aYbC0Iyx7PNLaUQ6NoEgD8WtV6uPj8Oqd28ZrV4ONKTaedzHFvEtMzISFdbpGIocOLhSjL5HPeeMmWUkUYCswv-vU4TaaqviI04ZihQG9p_81rbUHqGznAR/s1600/Screenshot_2013-07-20-18-30-49.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyNi413XUFSat88RJpx1VK1aYbC0Iyx7PNLaUQ6NoEgD8WtV6uPj8Oqd28ZrV4ONKTaedzHFvEtMzISFdbpGIocOLhSjL5HPeeMmWUkUYCswv-vU4TaaqviI04ZihQG9p_81rbUHqGznAR/s320/Screenshot_2013-07-20-18-30-49.png" width="192" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
If you open the log i will see something like this<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA6IvKwj6yIq_m42zSyk85td2pXYEmtWj1o19IId84oNzTTNEKhkz_IY5bYDcJh8JkSI_Gt8m4Kw_gmDsfnp_oGAaUbV-2VV6cTPZNlxb78kkYuUJsac43T-lNnVxpsGyUOhjtfVlZ1ud3/s1600/captura+del+log.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA6IvKwj6yIq_m42zSyk85td2pXYEmtWj1o19IId84oNzTTNEKhkz_IY5bYDcJh8JkSI_Gt8m4Kw_gmDsfnp_oGAaUbV-2VV6cTPZNlxb78kkYuUJsac43T-lNnVxpsGyUOhjtfVlZ1ud3/s640/captura+del+log.JPG" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
</div>
AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com2tag:blogger.com,1999:blog-6333264456611228097.post-71187310870292252662011-09-10T20:53:00.000-07:002011-09-15T07:40:21.671-07:00Using QR tags to Attack SmartPhones (Attaging)<div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke;"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"></span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">If someone told you that a computer attack can be launched from a printed paper. Do you think it's possible?<br />
<br />
And if I told you that your smartphone is a device that can be attacked by this kind of source? Could you believe it?<br />
<br />
Well, I will tell you. This is possible!<br />
<br />
Probably if we know in some depth to use some of the advanced uses that can be made from these kind of devices, we will be familiar with bar codes or bidimentional code (Qr) .An example of this kind of code is the picture shown below.<span style="background-color: white;"><o:p></o:p></span></span></span></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9XD1-dD3Seaqv2FD81K625e6R0FwiS13FqAPXon6yOjCSAQlL34xDUxP86ITk_9Va1DvOd6eh2T301jhejEfAbEzgKbWbYDzbXrKto590r-Gfo5xpSqOEwosPH9CKbshpcPBX-YDQloxH/s1600/qr.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9XD1-dD3Seaqv2FD81K625e6R0FwiS13FqAPXon6yOjCSAQlL34xDUxP86ITk_9Va1DvOd6eh2T301jhejEfAbEzgKbWbYDzbXrKto590r-Gfo5xpSqOEwosPH9CKbshpcPBX-YDQloxH/s1600/qr.JPG" /></a></div><div class="separator" style="clear: both; text-align: center;"><span class="Apple-style-span" style="background-color: white; color: #333333; font-family: Arial;"><br />
</span></div><div class="separator" style="clear: both; text-align: center;"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"></span></div><div class="MsoNormal"><br />
</div><span class="Apple-style-span" style="color: #333333; font-family: Arial;"> </span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">This kind of code can transmit many type of information to the smartphones, Some things that can be transmitted are, web links, phones numbers, sms, text, etc.<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps"><br />
People are unable to distinguish what is stored inside de image until it is scanned by our smartphone. Some software like ScanLife software redirects the user without showing where you are going. This is a serious problem since this is the equivalent of clicking a link with your eyes closed. In some cases where the software displays the contained info before the connection will be made can be corrected with a little of social engineering. For example we can put a code in a fake advertising, you can also get a domain related to the fake advertising in dyndns.<br />
If you stand watching some code that is placed in a supermarket will be many people scanning it.<span style="background-color: white;"><o:p></o:p></span></span></span></div><br />
<div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke;"><span class="hps"><span lang="EN" style="background-color: white; color: #333333; font-family: Arial;"><br />
</span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMyBnsIrNRuFHaKKjP7F7lBVUyyZ9IWloJN9FGl22Fte0gMappfQbSMbcVEpSAFvuYfHrrdCXjeYOCb82aZ99XsEqiu_6p0FfKZYv2q0Se9wmFL1K5k8sk_tagk203nTdI5RHfarTCkbQe/s1600/underground-qr-shopping.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMyBnsIrNRuFHaKKjP7F7lBVUyyZ9IWloJN9FGl22Fte0gMappfQbSMbcVEpSAFvuYfHrrdCXjeYOCb82aZ99XsEqiu_6p0FfKZYv2q0Se9wmFL1K5k8sk_tagk203nTdI5RHfarTCkbQe/s1600/underground-qr-shopping.jpg" /></a></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke;"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"></span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">Almost the people scan every code they see just to see it, without interest for the safety of their phones.<br />
Taking advantage of the user currently ignores the danger of his actions<span style="background-color: white;"><o:p></o:p></span></span></span></div><span class="Apple-style-span" style="color: #333333; font-family: Arial;"> </span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">Some of the possible attacks include:<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps"><b><u>Attaging+ metasploit</u></b><span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">One way to attack using metasploit and attaging consist in put a metasploit listening some port in the attacker’s machine. Later you must create a Qr tag with a url inside pointed to the evil server listening with metasploit.<br />
<br />
To attract some victims, for example, we can put up posters offering to participate in a sweepstakes or cheat the user telling him “come on Download the latest mp3 of Shakira or scan this code and win a coke, etc, etc. When the user scans the code is taken to the attacker trap.<br />
<br />
<br />
<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">To setup metasploit to accomplish this, you must to do the next steps:<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps">. /msfconsole<br />
<br />
Once the console is running, you must type this<br />
<br />
use gather/android_htmlfileprovider<br />
<br />
set FILES system/etc/hosts<br />
This is the file we're going to steal of the phone. For example, we get the hosts file (if it’s not set this exploit will try to obtain this files /proc/version /proc/self/status, /data/system/packages.list)<br />
<br />
set URIPATH /<br />
<br />
set SRVPORT 80<br />
If this value is not set this will star listening on port 8080<br />
<br />
run<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps"><span style="background-color: white;">We set up a dyndns domain and attach it to our internet router for example kocakola.dyndns.tv<br />
<br />
Now we must publish to internet our metasploit's port in our internet router.<o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps"><span style="background-color: white;">For example should looks like this:<o:p></o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #333333; font-family: Arial;"><span class="hps"><b>METASPLOIT: 8080 <----ROUTER:80<---------INTERNET <-----SMARTPHONE READER OF QR</b><span style="background-color: white;"><o:p></o:p></span></span></span></div></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke; vertical-align: top;"><b><span style="background-color: white; color: #222222; font-family: Arial; font-size: 10pt;"><br />
</span></b></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuK-h-s_lPO_v-avwLIwednvhAtDYFVVg5vw2p8Egq7v-JSPuXte1pPbg0-pzqID01aJP8bAC6gLyY3Ebt2L59wrAhSmCmqwYKCTrvD31aFX0jzX1MjWk5LlNkieq3ZBYT9P7zMALL5dmK/s1600/drdiag.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuK-h-s_lPO_v-avwLIwednvhAtDYFVVg5vw2p8Egq7v-JSPuXte1pPbg0-pzqID01aJP8bAC6gLyY3Ebt2L59wrAhSmCmqwYKCTrvD31aFX0jzX1MjWk5LlNkieq3ZBYT9P7zMALL5dmK/s1600/drdiag.JPG" /></a></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke; vertical-align: top;"><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"></span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"><span class="hps">The next step is build a qr that the people can scan with their smartphone. So we must go to the following url:<span style="background-color: white; font-weight: bold;"><o:p></o:p></span></span></span></div><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"> </span><br />
<div class="MsoNormal" style="font-weight: bold;"><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"><br />
</span></div><div class="MsoNormal" style="font-weight: bold;"><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"><span class="hps"><a href="http://qrcode.kaywa.com/"><span style="text-decoration: none;">http://qrcode.kaywa.com/</span></a><span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal" style="font-weight: bold;"><span class="Apple-style-span" style="color: #222222; font-family: Arial; font-size: x-small;"><br />
</span></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinVF39oPkNhLaTzMxbk1C8qtLiXM4JnbNpjHrH3LqXayk5vkASjTpucn8RbImgL_YZY-tBFna9g840aDUSu8OWO8T_NSXNDm7iRa1VzEYWB5Pj7ZBXB4QrqjiPEfaFlqyEYgVXtL-FbZQ8/s1600/qr2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinVF39oPkNhLaTzMxbk1C8qtLiXM4JnbNpjHrH3LqXayk5vkASjTpucn8RbImgL_YZY-tBFna9g840aDUSu8OWO8T_NSXNDm7iRa1VzEYWB5Pj7ZBXB4QrqjiPEfaFlqyEYgVXtL-FbZQ8/s640/qr2.JPG" width="640" /></a></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke; vertical-align: top;"><span class="Apple-style-span" style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"><br />
</span></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke; vertical-align: top;"><span class="Apple-style-span" style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"></span></div><div class="almost_half_cell" closure_uid_1wuuj7="166" id="gt-res-content"><div closure_uid_1wuuj7="165" dir="ltr"><br />
<div class="MsoNormal"><br />
</div><div class="MsoNormal"><span class="hps"><span style="background-color: white;">Once we have the site up, we must generate the label pointed to our evil site (in this example the tag is pointed to http://kokakola.dynds.tv/)<br />
<br />
Now is the moment to get in action, so we must put our posters advertising that convinces people to read our code with their scanners. They can be stickers, stamps and more effective advertising with false promises, for example: "Participate in a raffle for a house scanning this code!"<o:p></o:p></span></span></div><div class="MsoNormal"><br />
</div></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvrjDYhsJsQooTFpodpbgFhuAsByzF4Kwpv1dpJX1Aq6s33SDLJjbT7l9N2BRkkahqqxg92ltWKxgqaGmd1s9_iDK0GlnwTzXpd3dFF-_oaZSjuDEQrM5K62-Rwkt2RhgSxZMuBz7-sJ-O/s1600/qr2pegatina.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="295" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvrjDYhsJsQooTFpodpbgFhuAsByzF4Kwpv1dpJX1Aq6s33SDLJjbT7l9N2BRkkahqqxg92ltWKxgqaGmd1s9_iDK0GlnwTzXpd3dFF-_oaZSjuDEQrM5K62-Rwkt2RhgSxZMuBz7-sJ-O/s400/qr2pegatina.JPG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke; vertical-align: top;"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 18px;"></span></span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><span class="hps"><b><u>Attaging + malware</u></b><br />
<br />
</span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><span class="hps">The infrastructure is similar to that described above, the only thing that changes is inviting the victim cheating him to download a malicious application (trojans keyloggers, etc.) and instead of using metasploit we must use a webserver to host the malicious files. This is effective when the device is to enable debug mode in the case of android.<br />
to increase the effectiveness you can add the application to the android market, this allows you to install malware without having enable the debug mode. It will not be the first malware hosted in the market.<span style="background-color: white;"><o:p></o:p></span></span></span></div><div class="MsoNormal"></div><div class="MsoNormal"></div><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"> </span><br />
<div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><span class="hps"><span style="background-color: white;"><o:p><br />
</o:p></span></span></span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><br />
</span></div><div class="MsoNormal"><span class="Apple-style-span" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><span class="hps"><span style="background-color: white;"><b><u>Defacement of posters</u></b> <br />
After such a kind of attacks exist defacement of posters printed on paper is now possible, the way to do this is replacing a legitimate advertising code printed on a poster, with a sticker overlay that will redirects the user to another site controlled by an attacker.<br />
An example might be a famous Argentinian appliance store</span> were i found this tag over a refrigerator where I took</span> the following picture:<o:p></o:p></span></div></div><div class="almost_half_cell" closure_uid_1wuuj7="166" id="gt-res-content"><div closure_uid_1wuuj7="165" dir="ltr"><span a="undefined" c="4" closure_uid_1wuuj7="164" id="result_box" lang="en" td="null"><span class="hps" closure_uid_1wuuj7="630" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;" td="null"><br />
</span></span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_yXsKB8wtyDQKmttivCj5NNYA6xkXAdb-Pns_U2EfMjPxqRLs50Ssu-ONDfYRtl8badqXPhwYCuP7DUZGGHkg6TBsjnf0QlOGYgjQiBSo7H8vKUbaqCxdessvT4PKChgux3PzbKaiK33r/s1600/qrarg.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_yXsKB8wtyDQKmttivCj5NNYA6xkXAdb-Pns_U2EfMjPxqRLs50Ssu-ONDfYRtl8badqXPhwYCuP7DUZGGHkg6TBsjnf0QlOGYgjQiBSo7H8vKUbaqCxdessvT4PKChgux3PzbKaiK33r/s320/qrarg.JPG" width="320" /></a></div><span a="undefined" c="4" closure_uid_1wuuj7="164" id="result_box" lang="en" td="null"><span class="hps" closure_uid_1wuuj7="630" style="color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;" td="null"><br />
</span></span></div></div><div id="spell-place-holder" style="display: none; height: 44px;"></div><span class="Apple-style-span" style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"></span><br />
<div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><span class="hps" closure_uid_1wuuj7="889" td="null">So</span> <span class="hps" closure_uid_1wuuj7="890" td="null">be careful with all what you</span> <span class="hps" closure_uid_1wuuj7="891" td="null">scan</span> <span class="hps" closure_uid_1wuuj7="892" td="null">!.....</span> <span class="hps" closure_uid_1wuuj7="893" td="null">there may be someone</span> bad <span class="hps" closure_uid_1wuuj7="894" td="null">waiting for you</span><span closure_uid_1wuuj7="896" td="null">.</span><br />
<span class="hps" closure_uid_1wuuj7="897" td="null">More</span> <span class="hps" closure_uid_1wuuj7="898" td="null">news</span> in a few days.</div><br />
<br />
<div class="g-unit" closure_uid_1wuuj7="493" id="gt-src-c"><div closure_uid_1wuuj7="492" id="gt-src-p"><div closure_uid_1wuuj7="491" id="gt-src-wrap"><div closure_uid_1wuuj7="490" style="width: 100%;"><br />
</div></div></div></div><div class="g-unit" closure_uid_1wuuj7="170" id="gt-res-c"><div closure_uid_1wuuj7="169" id="gt-res-p"><div closure_uid_1wuuj7="168" id="gt-res-data"><div closure_uid_1wuuj7="167" id="gt-res-wrap"><div class="almost_half_cell" closure_uid_1wuuj7="166" id="gt-res-content"><div closure_uid_1wuuj7="165" dir="ltr"><div class="MsoNormal"><span class="hps"><span style="background-color: white;">I hope</span> you liked</span><o:p></o:p></div><div class="MsoNormal"><span class="hps"><span style="background-color: white;">I always say "my english sucks" (thanks to google translator) :P <o:p></o:p></span></span></div><div class="MsoNormal"><span class="hps">Augusto Pereyra<o:p></o:p></span></div><div class="MsoNormal"><span class="hps">apereyra (at) gmail.com<o:p></o:p></span></div><div class="MsoNormal"><br />
</div></div></div></div></div></div></div><br />
<div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke;"></div><div class="MsoNormal" style="background: none repeat scroll 0% 0% whitesmoke;"></div>AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com5tag:blogger.com,1999:blog-6333264456611228097.post-49970557868272545532011-09-09T13:04:00.000-07:002011-09-15T07:41:07.274-07:00Using QR tags to Attack SmartPhones (Attaging)<div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Si alguien te dijera que puede disparar un ataque informático desde un papel impreso? Pensarías que es posible?</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Y si te dijera que tu smartphone es uno de los dispositivos que pueden ser atacado de esta forma ¿ Lo creerías?</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Bueno si es posible!</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Probablemente si conocemos en con cierta profundidad a utilizar las funciones que pueden realizarse desde este tipo de dispositivos, estaremos familiarizados con los códigos de barras o con sus primos los códigos bidimensionales o QR. Un ejemplo de esto es la imagen que se muestra a continuación</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxyi3zM425_ADSgj6y8EDZpnq6sygpnVR8BWfNokORqNtuAyQuQGa4aKWKTBFo_8fEsRTD37r2b2d3Y667rFHVlIiI_R3WQqHJU7jDISS_G5kXTiMBkruc_DfJ-x3Kcz6ioHZ_aA1p46Vy/s1600/qr.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" nba="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxyi3zM425_ADSgj6y8EDZpnq6sygpnVR8BWfNokORqNtuAyQuQGa4aKWKTBFo_8fEsRTD37r2b2d3Y667rFHVlIiI_R3WQqHJU7jDISS_G5kXTiMBkruc_DfJ-x3Kcz6ioHZ_aA1p46Vy/s1600/qr.JPG" /></a></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Este tipo de código permite transmitir información a los smartphones de muchos tipos, entre las cosas que se pueden transmitir existen links web, teléfonos, sms , textos, etc.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Las personas somos incapaces de distinguir a simple vista a donde nos llevara o que tipo de información contiene este tipo de código hasta que es escaneado por nuestro smartphone. Algunos software como el soft ScanLife redirige el usuario sin mostrarle a donde se esta dirigiendo. Esto es un serio problema ya que esto es el equivalente a hacer clic a un link con los ojos cerrados. En aquellos casos en los que el software muestra en pantalla a donde se dirigirá puede corregirse con un poco de ingeniería social más. Por ejemplo lo podemos colocar en una publicidad falsa y armamos un dominio en dyndns que sea similar a la publicidad.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"> Si se paran frente aun código que esta pegado en un centro comercial verán a muchas personas escaneándolos.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgawpQ2RF6iUpzRdSBopE5N_kzijovfczk9FpGKMGbFK1YNReu7XyQYHxCh3LCTPUEcmcn0KkUVqWPOK1-Ipn5PNHw1VTy26CYP6gxq5kfVRk6vdC6BMIGsaqbSYZmT7mDA-wifZAwwgwhM/s1600/underground-qr-shopping.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" nba="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgawpQ2RF6iUpzRdSBopE5N_kzijovfczk9FpGKMGbFK1YNReu7XyQYHxCh3LCTPUEcmcn0KkUVqWPOK1-Ipn5PNHw1VTy26CYP6gxq5kfVRk6vdC6BMIGsaqbSYZmT7mDA-wifZAwwgwhM/s1600/underground-qr-shopping.jpg" /></a></div></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Casi lo escanean simplemente para ver que es, sin interesarles mucho la seguridad de sus Celulares.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Aprovechando que el usuario actualmente ignora la peligrosidad de sus acciones, sumandole que muchos lectores redirigen automaticamente y sumando un poco de ingenieria social se pueden disparar una variedad de ataques distintos.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Algunos de los ataques posibles son los siguientes:</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><u>Attaging + metasploit: </u></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Este ataque consiste en levantar metasploit escuchando en una ip y un puerto en la maquina de un atacante y crear una etiqueta que lleve al smartphone a la maquina del atacante. </div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Algunos pensaran que nadie scanearia un QR por motu proprio, pero esta técnica permite fácilmente engañar al usuario. Para motivarlo, como ejemplos podemos pegar carteles que ofrezcan participar de un sorteo o bajate el ultimo tema de Shakira, ganate una cocacola scaneando este código, etc ,etc. Cuando el usuario escanea el código es dirigido al metasploit y ya pueden imaginarse como continua.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Para preparar el escenario levantamos metasploit con de la siguiente forma:</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong>./msfconsole</strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Una ves en la consola tipeamos lo siguiente</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong><span lang="EN-US">use gather/android_htmlfileprovider</span></strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong><span lang="EN-US">set FILES system/etc/hosts</span></strong><span lang="EN-US"></span></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Esto es el archivo que vamos a robar del celular. Por ejemplo podemos sacar el archivo host (si no es setado intenta obener /proc/version,/proc/self/status,/data/system/packages.list)</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong>set URIPATH /</strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong>set SRVPORT 80 </strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Esto si no es setedo se pone a escuchar en el puerto 8080</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong>run</strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Configuramos un dominio en dyndns y lo asociamos a nuestro router de internet por ejemplo: kocakola.dyndns.tv</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Publicamos mediante un port forwarding en nuestro router la direccion interna de nuestro metasploit con su respectivo puerto.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">por ejemplo deberia quedar asi:</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><strong>METASPLOIT: 8080 <----ROUTER:80< ---------INTERNET <-----SMARTPHONE QUE LEE QR</strong></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Graficamente quedaria algo asi (no dibuje el router)<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCrXbqqm-K5h13W5o_VMNjyzZG2PUJjhVtkSwAR5TrT3kvLKI5QAJAv7Gp9NEuExFZkauvJ__4kwMhMogGf1VtJ-W1wOgGZTudZ7oWgAFk2vb9zBXo_kEgh5XgJIwgp41t17UMOgFvArLm/s1600/drdiag.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" nba="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCrXbqqm-K5h13W5o_VMNjyzZG2PUJjhVtkSwAR5TrT3kvLKI5QAJAv7Gp9NEuExFZkauvJ__4kwMhMogGf1VtJ-W1wOgGZTudZ7oWgAFk2vb9zBXo_kEgh5XgJIwgp41t17UMOgFvArLm/s320/drdiag.JPG" width="245" /></a></div><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
Lo siguiente es armar una etiqueta que la gente pueda scanear, para eso nos dirigimos a:</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><a href="http://qrcode.kaywa.com/"><span style="color: purple;">http://qrcode.kaywa.com/</span></a></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu5ePtLjfaJ6wEig0iMZsGy2kLxHEIUosk0zlbMTB9VK3xZV1RDcr0uM1hovlAgzbyCryZGypVXJd8e2m8kKBDN6_pFT6yiF5OcJCuT5gpu5W97KZiNKCkcsEAkiQV5BJtsuKYgU4Fv6yj/s1600/qr2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" nba="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu5ePtLjfaJ6wEig0iMZsGy2kLxHEIUosk0zlbMTB9VK3xZV1RDcr0uM1hovlAgzbyCryZGypVXJd8e2m8kKBDN6_pFT6yiF5OcJCuT5gpu5W97KZiNKCkcsEAkiQV5BJtsuKYgU4Fv6yj/s640/qr2.JPG" width="640" /></a></div><div class="MsoNormal" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Una vez que estamos en el sitio generamos la etiqueta de nuestro sitio (en el ejemplo se creo la etiqueta para <a href="http://kokakola.dynds.tv/">http://kokakola.dynds.tv/</a>)</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Lo que falta hora es ponerlo en un cartel publicitario, que convenza a la gente a scanear nuestro código. Pueden ser calcomanías, sellos y los mas efectivos publicidades con falsas promesas, por ejemplo participe de un sorteo por una casa escaneando este código.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; margin: 0cm 0cm 0pt;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-4cte6NLeO0w/TmpuuQ-SclI/AAAAAAAAAC8/yUxd3-X_LJk/s1600/qr2pegatina.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="295" nba="true" src="http://1.bp.blogspot.com/-4cte6NLeO0w/TmpuuQ-SclI/AAAAAAAAAC8/yUxd3-X_LJk/s400/qr2pegatina.JPG" width="400" /></a></div><div class="MsoNormal" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><u>Attaging + malware</u></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">La infraestructura es similar a la descripta en el punto anterior, lo único que cambia es que se invita a la victima mediante engaños a que descargue una aplicación maliciosa (troyanos keyloggers, etc) y en vez de usar metasploit usamos un webserver, hosteando los archivos maliciosos. Esto es efectivo cuando el dispositivo se encuentra con el debbug mode enable en el caso de android. </div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">En ultima instancia para sumarle efectividad se puede subir la aplicación al market, esto permite instalar el malware sin que tenga el debug mode enable. No va a ser la primera vez que suben aplicaciones maliciosas al market.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><u>Defacement de carteles publicitarios</u></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Después de este tipo de ataques nacen los defacement de carteles impresos en papel, y consiste en reemplazar un código legítimo de una publicidad impresa en algún cartel publicitario, con una calcomanía superpuesta que dirija al usuario a otro sitio controlado por un atacante. </div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Un ejemplo puede ser las heladeras de una famosa empresa de electrodoméstico de donde se extrajo la siguiente imagen:</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-dWxuCkS_Hdg/TmpvyLUZV7I/AAAAAAAAADA/11wzq8I7DPU/s1600/qrarg.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" nba="true" src="http://4.bp.blogspot.com/-dWxuCkS_Hdg/TmpvyLUZV7I/AAAAAAAAADA/11wzq8I7DPU/s320/qrarg.JPG" width="320" /></a></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
<br />
<br />
Asi que cuidado con lo que escaneas!..... puede haber alguien malo esperandote.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Mas novedades en estos dias.</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
Espero les haya gustado</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">Augusto Pereyra</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;">apereyra (at) gmail.com</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"></div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div><br />
<div class="MsoNormal" style="border-bottom: medium none; border-left: medium none; border-right: medium none; border-top: medium none; margin: 0cm 0cm 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0cm 0cm 0pt;"><br />
</div>AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com3tag:blogger.com,1999:blog-6333264456611228097.post-30132923890201474192011-05-16T12:49:00.000-07:002011-05-16T12:49:07.967-07:00Como desbloquear un android protegido con patron observando la grasa de los dedosLos usuarios de android que medianamente están preocupados por la seguridad de sus equipos, no tengo duda que conocen el sistema de protección que bloquea la pantalla hasta que se dibuja un patrón determinado como en la pantalla que se ve a continuación. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA7a4gejMrLLcn20AU2q9gtaT9ZXj_4u8_UvW4ZilLjuvluXUQzbRP_IkMdkJCfYHnOopY3UAZrRLmOkBLFkkIHGTLcGOVgDpPCN5yynwWnP83Mjf9HTZMsdyGsXjuzd5vbkSbA5ucLAcq/s1600/inicio1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA7a4gejMrLLcn20AU2q9gtaT9ZXj_4u8_UvW4ZilLjuvluXUQzbRP_IkMdkJCfYHnOopY3UAZrRLmOkBLFkkIHGTLcGOVgDpPCN5yynwWnP83Mjf9HTZMsdyGsXjuzd5vbkSbA5ucLAcq/s320/inicio1.jpg" width="213" /></a></div><br />
Como todos sabemos los humanos dejamos huellas en las pantallas y mas de una vez nos la pasamos limpiando las mismas.<br />
La idea es aprovechar estas marcas para poder determinar la figura que se debe dibujar para desbloquear la pantalla.<br />
<br />
Lo que se debe hacer observar las marcas, en algunos casos se ve a simple vista. Los extremos de la figura pueden verse claramente porque son las partes donde las lineas terminan o empiezan aunque todavía no se sabe cual es el principio y cual es el fin de la figura. Para poder determinar donde comienza la figura se observa los vertices de cada parte de la figura aunque observando solo uno se puede determinar la dirección hacia donde se desplazan los dedos.Para explicar en mas detalle esto se debe observar la figura que se ve a continuación (Con el fin de que se vea claramente resalte las marcas dejadas por los dedos con rojo) <br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVr9O8em7vu6FDbr-AKFEIiDpD9pGSKIxfsU6V9XfHMcWctrEYMws6GzAhY4-8Sc2ZRyFLBR6Z6fJJK06dvtL1LEKg_fcGH5ocIucRFo5AltI365JS1ubzUPA0bkHyzlkYdNlpz11mfnQU/s1600/inicio.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVr9O8em7vu6FDbr-AKFEIiDpD9pGSKIxfsU6V9XfHMcWctrEYMws6GzAhY4-8Sc2ZRyFLBR6Z6fJJK06dvtL1LEKg_fcGH5ocIucRFo5AltI365JS1ubzUPA0bkHyzlkYdNlpz11mfnQU/s320/inicio.jpg" width="209" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZyKsPjeNJcutj-VzacbQ7yJcVA_sw-jYh6K2yON0ZJpezhHC-hjWwxrFc0S34xU8wHOxZnIJifD7qOnVqdRn8bfAiV3ruSqG-eIdV8LztZukKjof7SI7RZTCcKX7GiWwEgDAjNAV8_Ofs/s1600/inicio.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br />
</a></div><div class="separator" style="clear: both; text-align: left;">Los circulos verdes indican el principio o el fin de la figura los circulos amarillos nos dicen la direccion hacia donde se dirigen los dedos. Por ejemplo se ve claramente que la linea 1 esta por debajo de la linea2 (viendo el vertice marcado en amarillo de arriba), eso indica que la linea 1 fue dibujada primero que la linea 2 y viendo el otro vertice se puede ver que la linea 2 se encuentra por debajo de la linea 3.</div><div class="separator" style="clear: both; text-align: left;">Sacando esas concluciones se puede determinar que el dibujo para desbloquer el telefono es el siguiente.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8cyXuLo4knlznGWR1tcmSQVOPPZ782fPBfTCGHSxyguU3tfO5qLpwKacsQD3f3-BQMKS87lgeY9hb3DlOVoBnFWCm4SEs2AJSA1YnEBSvHkIw95azOSaV1wUZ8dA2p7uVkGng35it1mlA/s1600/bien1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8cyXuLo4knlznGWR1tcmSQVOPPZ782fPBfTCGHSxyguU3tfO5qLpwKacsQD3f3-BQMKS87lgeY9hb3DlOVoBnFWCm4SEs2AJSA1YnEBSvHkIw95azOSaV1wUZ8dA2p7uVkGng35it1mlA/s320/bien1.jpg" width="213" /></a></div><div class="separator" style="clear: both; text-align: left;"><br />
</div><div class="separator" style="clear: both; text-align: left;">En definitiva mejor limpiar la pantalla despues de usarlo. Algunos me consideraran un Ladri por publicar esto, pero cuando algo funciona para derrotar un sistema de seguridad, porque no publicarlo. Asi que como siempre gracias por leer mis delirios.</div><div class="separator" style="clear: both; text-align: left;"><br />
</div><div class="separator" style="clear: both; text-align: left;"><br />
</div><br />
<div class="separator" style="clear: both; text-align: left;"><br />
</div>AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com4tag:blogger.com,1999:blog-6333264456611228097.post-86960022099521352302011-05-14T18:04:00.000-07:002011-05-16T13:01:38.090-07:00Es en realidad una vulnerabilidad?Ayer no mas estaba <span class="ev" id="1.sc" role="menuitem" tabindex="-1">enviándoles</span> a los amigos de google una posible <span class="ew" id="2.sc" role="menuitem" tabindex="-1">vulnerabilidad</span> no <span class="ew" id="3.sc" role="menuitem" tabindex="-1">convencional</span> que <span class="ev" id="4.sc" role="menuitem" tabindex="-1">tenían</span> en google <span class="ew" id="5.sc" role="menuitem" tabindex="-1">maps</span> que en <span class="ev" id="6.sc" role="menuitem" tabindex="-1">teoría</span> <span class="ev" id="7.sc" role="menuitem" tabindex="-1">podría</span> permitir escribir y dibujar sobre el mapa que ve todo el mundo texto o dibujos arbitrarios, pero a ellos parece no <span class="ew" id="8.sc" role="menuitem" tabindex="-1">interersarles</span> ya que me dijeron lo siguiente:<br />
<br />
Hi Augusto,<br />
<br />
Thank you for the information. We reviewed it and concluded that this<br />
feature works as intended. However, if we notice any abuse of this<br />
functionality, we will be happy to revisit this decision.<br />
<br />
Regards,<br />
Artur, Google Security Team<br />
<br />
<br />
<br />
La idea de esto no es que salgan todos a tratar de subir <span class="ew" id="13.sc" role="menuitem" tabindex="-1">grafitis</span> a <span class="ew" id="14.sc" role="menuitem" tabindex="-1">googlemaps</span> sino lo que intento demostrar es que los ataques no <span class="ew" id="15.sc" role="menuitem" tabindex="-1">convencionales</span> pueden ser efectivos <span class="ev" id="16.sc" role="menuitem" tabindex="-1">también</span>.<br />
<br />
Como a ellos parece no importarles voy a hacer un <span class="ew" id="17.sc" role="menuitem" tabindex="-1">full</span> <span class="ew" id="18.sc" role="menuitem" tabindex="-1">disclousure</span> de como es lo que les reporte para que cada uno emita su propia <span class="ev" id="19.sc" role="menuitem" tabindex="-1">opinión</span>.<br />
De hecho estoy usando sus mismos servicios para que si ellos lo consideran necesario hagan crema esto que escribo o si son fieles a su <span class="ev" id="20.sc" role="menuitem" tabindex="-1">opinión</span> permitan que siga siendo publicado sin temor.<br />
En la siguiente imagen se muestra un ejemplo de como <span class="ev" id="21.sc" role="menuitem" tabindex="-1">quedaría</span> el ataque una vez completado.<br />
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-J0iQ8Sj7CF8/Tc6_xvJ3ouI/AAAAAAAAAA4/phAJtdpwBgQ/s1600/test.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="http://3.bp.blogspot.com/-J0iQ8Sj7CF8/Tc6_xvJ3ouI/AAAAAAAAAA4/phAJtdpwBgQ/s320/test.JPG" width="320" /></a></div><br />
Esto es posible porque google sube las <span class="ew" id="1.sc" role="menuitem" tabindex="-1">imagenes</span> con la <span class="ev" id="2.sc" role="menuitem" tabindex="-1">información</span> de <span class="ew" id="3.sc" role="menuitem" tabindex="-1">gps</span> con la que <span class="ev" id="4.sc" role="menuitem" tabindex="-1">están</span> <span class="ew" id="5.sc" role="menuitem" tabindex="-1">tagueadas</span>. Si la <span class="ev" id="6.sc" role="menuitem" tabindex="-1">información</span> de <span class="ew" id="7.sc" role="menuitem" tabindex="-1">gps</span> es falsa, igual la suben. Entonces ahora lo <span class="ev" id="8.sc" role="menuitem" tabindex="-1">único</span> que queda es armar las letras.<br />
<br />
Una forma de hacerlo es usando el programa <span class="ew" id="9.sc" role="menuitem" tabindex="-1">fakegps</span> (http://<span class="ew" id="10.sc" role="menuitem" tabindex="-1">droidmill</span>.com/<span class="ew" id="11.sc" role="menuitem" tabindex="-1">fake</span>-<span class="ew" id="12.sc" role="menuitem" tabindex="-1">gps</span>-<span class="ew" id="13.sc" role="menuitem" tabindex="-1">location</span>-182307.html) que se puede bajar del <span class="ew" id="14.sc" role="menuitem" tabindex="-1">android</span> <span class="ew" id="15.sc" role="menuitem" tabindex="-1">market</span> para celulares <span class="ew" id="16.sc" role="menuitem" tabindex="-1">android</span>. Levantas el programa, <span class="ew" id="17.sc" role="menuitem" tabindex="-1">seteas</span> la <span class="ev" id="18.sc" role="menuitem" tabindex="-1">ubicación</span> del primer punto de la palabra que queremos formar y luego sacamos una foto que cumpla con las <span class="ev" id="19.sc" role="menuitem" tabindex="-1">políticas</span> de <span class="ew" id="20.sc" role="menuitem" tabindex="-1">upload</span> que permite google creo que lo <span class="ev" id="21.sc" role="menuitem" tabindex="-1">había</span> <span class="ev" id="22.sc" role="menuitem" tabindex="-1">leído</span> <span class="ev" id="23.sc" role="menuitem" tabindex="-1">acá</span> http://www.<span class="ew" id="24.sc" role="menuitem" tabindex="-1">panoramio</span>.com/<span class="ew" id="25.sc" role="menuitem" tabindex="-1">terms</span>/ sino lo corrijo <span class="ev" id="26.sc" role="menuitem" tabindex="-1">después</span>, repetir la <span class="ev" id="27.sc" role="menuitem" tabindex="-1">operación</span> con los <span class="ev" id="28.sc" role="menuitem" tabindex="-1">demás</span> puntos. La idea es que un grupo de personas se repartan las fotos y las suban todas en un periodo de tiempo determinado que puede ser de una semana. Una vez subida se las pasa para su <span class="ew" id="29.sc" role="menuitem" tabindex="-1">aprobacion</span> donde solo se fijan si es un paisaje o algo que represente la zona aunque vi muchas fotos de desiertos de arena en la <span class="ew" id="30.sc" role="menuitem" tabindex="-1">antartida</span> como por ejemplo esta imagen http://www.<span class="ew" id="31.sc" role="menuitem" tabindex="-1">panoramio</span>.com/<span class="ew" id="32.sc" role="menuitem" tabindex="-1">photo</span>/21038831 que si no la borraron de google <span class="ew" id="33.sc" role="menuitem" tabindex="-1">map</span> <span class="ev" id="34.sc" role="menuitem" tabindex="-1">después</span> de <span class="ev" id="35.sc" role="menuitem" tabindex="-1">habérselas</span> mostrado como ejemplo me <span class="ev" id="36.sc" role="menuitem" tabindex="-1">llamaría</span> mucho la <span class="ev" id="37.sc" role="menuitem" tabindex="-1">atención</span>. Luego hay que pedirles que la pasen a google <span class="ew" id="38.sc" role="menuitem" tabindex="-1">earth</span>. Cuando todas las fotos son subidas van a parar a las <span class="ev" id="39.sc" role="menuitem" tabindex="-1">ubicaciones</span> que nosotros quisimos escribir el texto y cada foto marcara un punto en el mapa que ve todo el mundo que usa http://<span class="ew" id="40.sc" role="menuitem" tabindex="-1">maps</span>.google.com. De esa forma <span class="ev" id="41.sc" role="menuitem" tabindex="-1">podría</span> demostrarse que es posible mandar escribir o dibujar cualquier cosa en google <span class="ew" id="42.sc" role="menuitem" tabindex="-1">maps</span>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"></div><br />
Bueno espero que les haya gustado, seguro va a haber mas de uno que no tome enserio esto, pero como a mi todo me chupa un huevo. Esta todo bien. Saludos y gracias por tomarse el tiempo de leer el ultimo de mis delirios.AugustoPhttp://www.blogger.com/profile/03369445024705200985noreply@blogger.com4