Many people want to pry into gossip heart is still very strong, strong enough to make people fear. So many people like to look at some gossip article, such as: how elegant spy on other people?
Usually this article is very easy to fire up, because a lot of people like to watch and never get tired.
In view of the favorable factors, the last of my success in real life staged such a wonderful play, in order to meet everyone's desire, I write stories. After you pondering pondering rub network, what can we do?
Disclaimer: This is a fictional story, the pictures are added to the mosaic of all evil.
Next door is the memory of a fairly good sister, Z came to me that day happened to encounter, and went into the house after my ear, said: "sister next door that you can go to the micro-letter, I feel very good it ~ "
So three popular scene actually happened in my side, I said wait two days I'll give you a message.
Entrance
Since it is a young man living next door, it is the indispensable necessity router, so I intend entrance from the router as the beginning of this journey, the wIFi open and found the three signals, I first chose this name very unique routing: ** LOVE **
According name ** LOVE ** can probably see two names, should be the boyfriend, think of this as my heart is cold half Z Jun.
Suspected find other places entrance like that, and pulls out minidwep (wifi password cracking tool under a linux) to import part of the password dictionary, started blasting. Because the other side using WPA2 encryption, so only use brute force way into, WEP is currently crack the code directly, so break routing WPA2 encryption method is basically the success rate depends on the size of the hands *** dictionary.
Drink a cup of coffee back and found the password has come out: 198,707 **, so pleasant connection inside.
difficult
After a successful connection to the other routes, Now I need to do is connect the WEB management interface routing (enter the WEB management interface routing after routing DNS can be tampered with, see DHCP client connected devices and various functions).
After a review of network access router WEB management interface to start, find the goddess even witty modify the default login account password.
TP-LINK W89841N, after entering the failure by routing device vulnerabilities, presumably only use the aesthetics of violence.
By requesting fetch the Router, and then traverse the account password transmission request to see the return packet size is determined whether the login is successful, caught GET request as follows:
其中:Authorization: BasicYWRtaW46YWRtaW4=为登录的帐号密码
使用Base64解密开
于是我编写了一个python脚本将字典中的密码与“admin:”进行组合然后进行base64加密,进行破解。十一点的钟声响起,发现密码已经成功爆破出来,成功登录:
查看设备连接列表,发现只有孤零零的自己,看来女神早已歇息,等待时机。
时机
第二天晚饭过后,登录路由管理界面,这时已经有好几个设备了,时机到了:
客户端名
android-b459ce5294bd721f
android-44688379be6b9139
**********iPhone
******-iPad
******-PC
我统计了一下,设备为两个安卓设备、一部Iphone、一个ipad、一台个人PC。
从iphone\ipad\pc命名来看,我开始的猜测没错,**确实是路由主人的名字,直觉告诉我非常大的可能这个路由的主人就是Z所心仪的女神。
首先测试两台安卓设备,发现其中一台开放端口很多,隐隐约约中感觉是一台小米盒子或者百度影棒这种产品,这样事情就变得有趣了,因为控制电视可就有机会了。
使用ARP嗅探安卓开放端口较多的设备,果然是一个影视盒子:
最后基本摸清:电视使用影视盒子,iphone,ipad以及一台个人电脑。
寻找
找到了那么多有趣的东西,但我仍然没有忘记Z让我帮忙的事情,于是便开始对iphone进行了嗅探。
嗅探不一会便找到了有趣的东西,女神的照片在她查看自己相册的时候已经被嗅探到,于是我将照片发给了Z,他已经激动的语无伦次了。
之后我仍然在等待机会,寻找到对方的微信以便我完成Z的愿望,希望出现了。
查看流量日志的时候我发现她在刷新浪微博,于是根据URL很方便的找到了微博:
看到生日让我想起了wifi连接密码,原来是她的出生日期,心想把微信找到就可以让Z安心了。
通过女神新浪微博个性化域名地址和获取到信息加以组合,开始猜测微信帐号,很快便搞定了:
将Z的心愿完成后,回过头发现还有很多有趣的事情没做,怎能轻易结束。
电视
随着时代的进步科技的发展,互联网逐渐到了物联网层度,从电视使用各种智能盒子便可以看出。影视盒子通常为了方便调试而开启远程调试端口,盒子究竟安全吗?
去年腾讯安全送的小米盒子让我有幸好好研究一番,扫描端口后发现各种各样的端口大开,其中最有趣的就是5555端口(adb远程调试),使用adb connect ip 直接可连接设备进行远程调试。
虽然是Z的女神,但是我想也可以调侃一番,于是我随手写了一个安卓APK程序。
adb远程连接到盒子,然后adb install远程安装apk,最后使用am start -n ***进行远程启动。
我本地使用Genymotion建立android模拟器进行测试:
当输入am stat - n *** 敲击回车的那一刹那,脑海中曾想象过千万种女神的表情。
但我始终没有忍下心来给电视播放爱情动作片。
账户
微博、人人、淘宝等等凡是登录过后的帐号全部劫持,通过劫持后的帐号又能看到许多表面看不到的东西。
于是理所当然的账户全部被劫持掉了,当然我并没有去翻阅什么东西,窥探欲早已麻痹。
联系
我想是时候做一个结束了,当然故事过程中还有很多有趣而又精彩的东西实在无法用言语来表达。
于是我没有恶意的拿她的微博发了一条消息:hey,test
通过MITM中间人我又向网页中注入了javascript,大概是这样的:alert(/早点休息,QQ:***/);
当然这个QQ是我为了取得对方最后联系而注册的:
追溯源头,其实无非就是很常见的蹭网,连接wifi之后设备处于同一个局域网中,于是才能做出那么多有趣的事情,上面这个故事中我未曾有过恶意以及DNS劫持,那么我通过路由究竟控制或者得到了哪些信息:
微博
微信
人人网
QQ号码
手机号(淘宝获取)
照片
电视
More
常说不要连接陌生公开WIFI,有点儿安全意识。不是没办法黑你,只是你没有被黑的价值。
但是人们总是毫不在意,常说我本来就没啥价值。这样放弃治疗的人令你头疼。
防御
As white users, the more the following points do, the more secure you:
1, connect the router password to be a bit more complex, such as testak47521test a lot better than ak47521
2, quickly put the router management background username and password to get rid of. 90% are still lazy admin admin
3, do not tell your staff can not be trusted Wi-Fi passwords.
4, mobile devices do not escape ROOT, after the device ROOT / jailbreak equal casually on the bus
5, often landing router management background, to see if there is no connection device is not connected to the understanding of the Wi-Fi, and disconnect any sealing of the Mac address. Immediately modify the Wi-Fi router admin password and account password after complete closure.
6、More
Above all else to search, defense ARP hijacking sniffing is very simple, basic computer to upload a soft kill almost been hijacked *** warning will pop up, but people did not seriously children, appeared to put bombs kill box soft to turn off, and continue to surf the Internet.
As for the soft kill on the phone, really futile, not to intercept hijacked sniffing everything.
Finally, Z invited me to eat a big meal - dry noodles.