Godfather950 Posted July 30, 2010 Share Posted July 30, 2010 Does anyone know how its possible to view the live screen of the victim of the karma attack. This video reports that it is possible however I am not sure what software the Pen Tester is using to demo this capability. http://videoilanlarturkiye.tk/video/Bad-Ka...s-Get-Your-Info Any thoughts? Thanks, JD Quote Link to comment Share on other sites More sharing options...
Netshroud Posted July 30, 2010 Share Posted July 30, 2010 Haven't seen the video, but at a guess, Metasploit + windows/vncinject ? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 30, 2010 Share Posted July 30, 2010 (edited) Look into Hamster/Ferret combo. http://www.erratasec.com/research.html I don't think there is a way to see their screen as keys are being pressed, that is a lil bit much to believe unless stated before they VNC inject them. pcap files alone give you enough info. That and they said only stuff sent on un-encrypted channels would be seen. Well as we know not so with SSL Strip. Karma is just a MITM (Man-in-the-middle) tool. Like the Jasager/Pineapple. Edited July 30, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 31, 2010 Share Posted July 31, 2010 Does anyone know how its possible to view the live screen of the victim of the karma attack. This video reports that it is possible however I am not sure what software the Pen Tester is using to demo this capability. http://videoilanlarturkiye.tk/video/Bad-Ka...s-Get-Your-Info Any thoughts? Thanks, JD Found this tutorial on the The Ethical Hacker, that demonstrates how to do a VNCinjection and watch the victims computer screen in real time. http://www.ethicalhacker.net/content/view/81/24/ Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 31, 2010 Share Posted July 31, 2010 (edited) There are scripts out there to make it easier than that link shows. But that is the web interface way to do it. I prefer the command line interface. But that is just preference. That site shows examples of exploiting OS Vulnerabilities. You can also exploit browser vulnerabilities as well to get a VNC injection. Since you are MITM you can re-route an add on a page or the whole page to your malicious server to infect the machine. Browser Vulnerabilities :D Edited July 31, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
digininja Posted August 7, 2010 Share Posted August 7, 2010 To do that they would have had to exploit the victims machine and get a VNC connection. This is way beyond the scope of the standard Jasager setup. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.