"Guide" This article from a black guest readme: When the next door girl router, when I do the router to rub on the network, I will have the risk of being black? In fact, this question can be used to understand: after the net, what can be done? In life, many people's gossip mind is very strong, So strong that it even scares people. The following article hopes to let you have a understanding of the rub net.
==============================
You can actually understand this question: what can you do when you rub the net?
Fragment 2: They are always quietly peeping at the secrets that are not known behind them.
Many people's gossip is intense, intense and even frightening. So many people would like to read some of the more gossip articles, similar to the "How to look at others gracefully?" This。
Generally such an article of the rate of attention will be very high, because many people like to see or even see never tire of.
With the recent routing security Buzz, I can flip through my Weibo public history article to view the article on routing security and the CCTV interview. In view of the right and wrong, and finally I successfully staged in real life such a wonderful show, in order to satisfy the people's desire, I wrote a story. What else can we do when we think about rubbing the net?
Statement: This is a fictional story, the pictures are all evil mosaic.
———————
Memory next door is a pretty good sister, that day Z came to me when happened to meet, came into the house and ran to my ear said: "Next door that sister you can not to the micro-letter, I think it is very good ~"
So three vulgar scene unexpectedly happened to my side, I said wait two days I give you the news.
Entrance
Since it is the young people living next door, the inevitable is the router, so I intend to start this journey from the router as a portal, the WiFi opened after the discovery of three signals, I first choose this name is very unique route: * * Love * *
According to the name * * Love * * can probably see two names, should be boyfriend, think of this heart for z June cool half.
Find the location of the other side of the entrance to say it, turn out the MINIDWEP (a Linux cracked wifi password tool) to import some password dictionary, start blasting. Because the other side uses the WPA2 encryption method, therefore only uses the brute force to break the way to enter, the WEP can now directly crack the password, therefore the crack WPA2 encryption Way's route basically depends on the hacker hand dictionary size.
After a cup of coffee came back, found that the password has been out: 198707**, so happy to join in.
Difficult
After successfully connecting to the other route, all I need to do is connect the routed Web management interface (you can then tamper with routing DNS, view DHCP client connection devices, and various features after entering the Web routing management Interface).
After viewing the network segment began to access the router Web management interface, found that the goddess unexpectedly clever modified the default login account password.
TP w89841n, by routing device vulnerabilities into failure, it must be only the use of violence aesthetics.
By crawling the login router request, and then traversing the account password send request to see the return packet size to determine whether the login success, caught GET request as follows:
Where: authorization:basic ywrtaw46ywrtaw4 = account password for login
Using B as e 64 to decrypt open view content: Admin:admin
So I wrote a Python script that combines the password in the dictionary with "admin:" and then base64 and encrypts it. The 11-point bell rang and found that the password had been successfully exploded and successfully logged in:
View the list of device connections and find that only a lone self, it seems that the goddess has rested, waiting for the time.
Time
The next day after dinner, login to the routing management interface, there are already several devices, the time has come:
Client Name
android-b459ce5294bd721f
android-44688379be6b9139
IPhone
-ipad
Pc
I counted the equipment for two Android devices, an iphone, an ipad, and a personal PC.
From the name of IPHONE\IPAD\PC, I began to speculate is true, * * is indeed the name of the route owner, intuition tells me very large possible this route is the owner of Z's favorite goddess.
First Test two Taian equipment, found that one of the open port a lot of faint feeling is a millet box or Baidu Shadow stick this product, so things become interesting, because the control of television can have the opportunity.
Using ARP to sniff an Android open port for more devices, it sure is a movie box:
Finally, the basics: Television use of video boxes, Iphone,ipad and a personal computer.
For
Found so many interesting things, but I still did not forget Z asked me to help, so I began to sniff the iphone.
Sniffing around and finding something interesting, the goddess's picture was sniffed as she looked at her album, so I sent it to Z, and he was excited to be incoherent.
Then I was still waiting for the opportunity to find the other person's micro-letter so that I can complete Z's wish, Hope appears.
When I looked at the traffic log, I found out that she was refreshing the Weibo, so it was convenient to find the microblog by URL:
See birthday reminds me of the WiFi connection password, originally is her birth date, thought to find the micro-letter can let Z peace of mind.
Through the goddess Sina Weibo personalized domain name address and access to information to combine, began to guess the micro-letter account, and soon it was done:
After the z's wish is finished, it turns out that there are still a lot of interesting things to do and how to end it easily.
TV
With the development of the Times, the Internet has gradually come to the network of things, from TV using a variety of smart boxes can be seen. Film and television box is usually to facilitate debugging and open the remote debugging port, the box is safe?
Tencent safe to send the millet box last year let me have a good study, scan the port found a wide variety of ports open, the most interesting is the 5555-port (ADB remote debugging), using the ADB connect IP directly connected to the device for remote debugging.
Although the goddess of Z, but I think can also ridicule, so I have written an android APK program.
The ADB connects remotely to the box, then the ADB install the Remote installation APK, and finally uses AM start-n * * to remotely boot.
I use Genymotion to build the Android simulator for testing:
When the input AM stat-n * * * * Hit Enter the moment, the mind had imagined thousands of species of goddess expression.
But I never put up with my heart to play love action movies on TV.
Account
Micro Bo, everyone, Taobao and so on all the accounts after the account is hijacked, through the hijacked account and can see many things on the surface.
So of course the account was hijacked, and I did not go to read anything, the prying desire has long been paralyzed.
Contact
I think it's time to do an end, and of course there are many interesting and wonderful things in the story that can't be expressed in words.
So I didn't maliciously send a message to her microblog: hey,test
Through the MITM middleman I also injected JavaScript into the Web page, presumably like this: alert (/early rest, qq:***/);
Of course this QQ is I in order to obtain the final contact of the other party registered:
—————————
Traced back to the source, in fact, is a very common rub net, connect WiFi after the device is in the same LAN, so can do so many interesting things, above this story I have not had malicious and DNS hijacking, then I through the route to control or get what information:
Weibo
Wechat
Renren
QQ number
Mobile phone number (Taobao get)
Photo
TV
More
Often said not to connect to the unfamiliar public WiFi, a little security awareness. There is no way to black you, just you have not been black value.
But people do not care, often say I have no value. The person who gives up treatment gives you a headache.
Defense
As a small white user, the more you do below, the safer you will be:
1, router connection password to be more complex, such as testak47521test than the ak47521 much better
2, hurriedly the router management background of the account number and password to get rid of. 90% of lazy people still in admin admin
3, do not tell the person who is not trusted your Wi-Fi password.
4, Mobile Equipment do not break out of prison root,root/prison equipment equals the bus casually on
5, often log into the router management backstage, to see if there is no connection to the equipment connected to the Wi-Fi, and some words disconnected and sealed off the MAC address. After sealing, immediately modify the Wi-Fi password and router background account password.
6. Binding IP MAC Address
7, more
Above these methods are searched to, defensive arp hijacking sniff is very simple, the computer installed a basic killing soft, the attack will pop-up warning when hijacked, but people are not the slightest thing, the box will kill soft to turn off, continue surfing the Internet.
As for the mobile phone on the soft, there is really no use, hijacking sniffing everything does not intercept.
Finally Z invited me to have a big meal--dry noodles