Jollier
Professional
- Messages
- 1,139
- Reaction score
- 1,185
- Points
- 113
Background.
An average city, let's call it N, was hosting a crypto conference. Let's call the location "MyTarget". So, there were several Wi-Fi access points, vulnerable access points, which was simply a sin not to use. Armed with a laptop with Linux on board, a Wi-Fi adapter (for range), I went in the direction of MyTarget in order to refill my pockets with evergreen.
Stage 1. Preparatory.
I went to a small cafe that was in close proximity to MyTarget. There were no cameras, which undoubtedly played into my hands. I plug in the adapter, go into the system, start AirGeddon.
I choose an adapter, put it into monitor mode, and look for a target (access point). The most interesting. Pixie-Dust Attack!
It allows you to get a password from Wi-Fi using WPS. We launch the attack:
After a short period of time, I received a WPS pin, and thanks to it and Airgeddon, I got the Wi-Fi password.
Stage 2. Main.
Having gained access to the local network, it was necessary to understand who was sitting on it. To do this, I entered the command in the terminal:
Thus, I found out who is on the local network. The most interesting ones turned out to be a laptop with Windows on board, as well as a couple of android smartphones. I decided to stay on a laptop with Windows, then I realized that I was not mistaken.
In addition, I found out the address of the router, which allowed me to go to the admin panel of the router. Everything is standard - admin; admin. I have access to the router. Here came the great idea of infecting the computer by spoofing a DNS request and a 0-day vulnerability in the browser.
I had my own DNS server in Estonia, which I used for exactly this purpose. Instructions on how to set up your DNS server on a VPS and an example DNS spoofing attack:
Before spoofing DNS on the router, I flooded other devices besides the laptop on Windows, so as not to confuse other users and not infect them (this could cause a stir). Excellent! 92% of all work completed.
Stage 3. Final.
Then there was little to do - to wait until the victim entered somewhere and his PC was already infected with my Trojan. Success! Using a vulnerability in older versions of the browser, it was possible to infect the victim!
Then I received logs, wallet.dat from wallets, all text files from the desktop into my admin panel. It remains only to work them out and get a profit.
I went through all well-known crypto-exchanges, leaked balances from there. Surprisingly, 2FA is only installed on 1 of them. Moreover, it was installed on the mail to which I had access (the Trojan was stealing cookies). Thus, I only withdrew $ 12,000 from the exchanges in ether, bitcoin and other altos. There were many coins from all sorts of ICOs, which I also successfully merged.
I checked all payment systems, reached PayPal, the balance of which was about $ 1800.
It remains to process only the cold wallet files. On one of the well-known shadow forums, I found a person who leaked all the money for 40%, I got about $ 3500. And there was also the data of the bank account in the textbook, the man turned out to be a rich foreigner, who very quickly became impoverished. I leaked the data to a friend in exchange for some software (top secret).
Conclusion: set complex passwords, as well as update the software, because if it were not for the vulnerability in the browser, I would hardly have taken so much) And clean the cookies! Don't connect to public hotspots without using DNS-Crypt and VPN.
An average city, let's call it N, was hosting a crypto conference. Let's call the location "MyTarget". So, there were several Wi-Fi access points, vulnerable access points, which was simply a sin not to use. Armed with a laptop with Linux on board, a Wi-Fi adapter (for range), I went in the direction of MyTarget in order to refill my pockets with evergreen.
Stage 1. Preparatory.
I went to a small cafe that was in close proximity to MyTarget. There were no cameras, which undoubtedly played into my hands. I plug in the adapter, go into the system, start AirGeddon.
I choose an adapter, put it into monitor mode, and look for a target (access point). The most interesting. Pixie-Dust Attack!
It allows you to get a password from Wi-Fi using WPS. We launch the attack:
After a short period of time, I received a WPS pin, and thanks to it and Airgeddon, I got the Wi-Fi password.
Stage 2. Main.
Having gained access to the local network, it was necessary to understand who was sitting on it. To do this, I entered the command in the terminal:
Code:
netdiscoverThus, I found out who is on the local network. The most interesting ones turned out to be a laptop with Windows on board, as well as a couple of android smartphones. I decided to stay on a laptop with Windows, then I realized that I was not mistaken.
In addition, I found out the address of the router, which allowed me to go to the admin panel of the router. Everything is standard - admin; admin. I have access to the router. Here came the great idea of infecting the computer by spoofing a DNS request and a 0-day vulnerability in the browser.
I had my own DNS server in Estonia, which I used for exactly this purpose. Instructions on how to set up your DNS server on a VPS and an example DNS spoofing attack:
Before spoofing DNS on the router, I flooded other devices besides the laptop on Windows, so as not to confuse other users and not infect them (this could cause a stir). Excellent! 92% of all work completed.
Stage 3. Final.
Then there was little to do - to wait until the victim entered somewhere and his PC was already infected with my Trojan. Success! Using a vulnerability in older versions of the browser, it was possible to infect the victim!
Then I received logs, wallet.dat from wallets, all text files from the desktop into my admin panel. It remains only to work them out and get a profit.
I went through all well-known crypto-exchanges, leaked balances from there. Surprisingly, 2FA is only installed on 1 of them. Moreover, it was installed on the mail to which I had access (the Trojan was stealing cookies). Thus, I only withdrew $ 12,000 from the exchanges in ether, bitcoin and other altos. There were many coins from all sorts of ICOs, which I also successfully merged.
I checked all payment systems, reached PayPal, the balance of which was about $ 1800.
It remains to process only the cold wallet files. On one of the well-known shadow forums, I found a person who leaked all the money for 40%, I got about $ 3500. And there was also the data of the bank account in the textbook, the man turned out to be a rich foreigner, who very quickly became impoverished. I leaked the data to a friend in exchange for some software (top secret).
Conclusion: set complex passwords, as well as update the software, because if it were not for the vulnerability in the browser, I would hardly have taken so much) And clean the cookies! Don't connect to public hotspots without using DNS-Crypt and VPN.
