EvilZone

I see, looks like you are not forwardig traffic over port 443 thus the app falls back to HTTP (-S)
Could be wrong and short on time.

Could be that's if stumbled upon an error with their app that could be exploited? Unfortunately i don't have a Crapple phone to test it on.

Hi all,

I got the following output from ettercap on a wifi network.

HTTP : 157.56.121.XXX:443 -> USER: XXXXXXXXX@hotmail.co.uk  PASS: datasafe3929  INFO: dub402-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXX@hotmail.co.uk&DeviceId=ApplXXX

HTTP : 134.170.0.XXX:443 -> USER: XXXXXXXXX@hotmail.com  PASS: jordan60  INFO: blu403-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXXXX@hotmail.com&DeviceId=ApplDXXX

HTTP : 157.56.121.XXX:443 -> USER: XXXXXXXXX@live.co.uk  PASS: Liverpool5891  INFO: dub402-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXXX@live.co.uk&DeviceId=ApplDXXXX
What's your opinion on this? Do you think their hotmail app is using plain text rather that ssl?

Obviously i've changed some of the info to protect the victims.

Comm4nd0

So..to wrap it up... Hackers performing 'good deeds' is certainly not a new thing at all and I, for one, encourage it.

thanks for the reply, really interesting read.

I think i have to point out that i wasn't saying it's a new idea that i've just pulled out of my ass. I asked if anyone has ever considered hacking to do good. and wanted to know people on this forums thoughts on it.

and i will of course now look up EHAP.

Many thanks for that!

Comm4nd0

yeah most of the time you hear about them in the news they have just done a DOS attack on some website to piss them off.

I was thinking more along the lines of a group that would target an individual because he was doing wrong. to the goal of getting him arrested or just ruining what he/she is trying to do. i guess like immortalghost said, it's illigal. but then isn't what we do already illigal?

Are you serious???

You clearly have a lot to learn about "hacking". There are plenty of hackers out there that dedicate their lives to "doing good". This is not some revolutionary concept you have just thought of.

CLEARLY i do! no need to be a dick about it.

i thought grey hat was just hacking anyone but then not causing damage and also, you might let them know about it, anon of course. that's what i've done in the past. i mean't specifically targeting people who are doing wrong.

Are there groups out there that do this kind of thing? working outside the law to take down people who are breaking the law.

I don't personally think hacking is something you can just learn. I look at it like this...

Take a pen for example. you know how to hold it and write with it but you don't know how it really works. Once you do know how it really works you will then understand how to take it apart and look at the ink inside, change the spring for a different one or add new parts to it.

To be able to hack something you need to truly understand how it works in the first place. Because you need to know what should/shouldn't be there. If you can change or add parts to it to an end goal.

Let me give you a real life example. On a local network, devices are constantly learning where other devices are. So if a computer wants to go to facebook.com the network will know exactly where to direct the traffic. If you know that then you might think as a hacker, 'why can't i redirect their traffic somewhere else'... So, you can set up an ARP spoof to redirect traffic to where you want it to simply by sending out the wrong, but right for you information on the network. now, when someone types facebook.com in their internet browser their traffic is redirected to you because of what you did.

Now you see, by understanding what is going on on the network you're able to change, add, access, view etc etc as you have a better view of what's going on and how you can manipulate it.

Hope that helps.

Comm4nd0

My notes on de-hashing passwords...

 use: hash-identifier
 to find out the hash type.
 
 use: hashcat
 hashcat -m 0 -a 1 /root/Desktop/Hashing/hashes.txt /root/Desktop/(path to password file) -r /usr/share/oclhashcat-plus/rules/rockyou-30000.rule

This all seems a bit strange but the way i would go about it is, identify the software that monitors what you're running. Next step would be to ether try to dissable the software or find a work around for it. Do you know what the software is called?

Chances are that if your company is running software like that then they have probably dissabled the abilty to install software of your own. So that would be another hurdle to get around.