newbi3 Posted October 15, 2012 Share Posted October 15, 2012 I've been working on this program I call Mmrgh for about 5 months now and after this weeks episode of Hak.5 when they were talking about stealing cookies I decided to automate the process in my program. I was really surprised how easy it was to do! Chrome hasn't even attempted to put security on theirs and it looks like Firefox tried to but it was really easy to get around. Anyways here's a video of my work if you want to see it. https://www.youtube....eature=youtu.be And you guys can go ahead and add me on Facebook if you saw my name :P Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted October 15, 2012 Share Posted October 15, 2012 It'd be hard to secure cookies. Even if it could encrypt the cookie and decrypt it at run time, then the attacker would look for the encryption key or info leading to the encryption key instead. Was that a custom protocol? Be interesting to hear how it was done in java (assuming it's in java since I saw the ide in your video). Quote Link to comment Share on other sites More sharing options...
digip Posted October 15, 2012 Share Posted October 15, 2012 Looks like a RAT that just copied back the cookies from the victim pc to the attacker's PC, but I could be wrong. When I saw the topic, I was thinking more of a new sidejacking tool or such, like Hamster and Ferret or that one POC tool someone made for FF as an addon. This just looks like straight up RAT tool though, so if you have access to the users environment, I'm going to assume you can copy off any files, cookies probably not even needed since you could probably just keylog their passwords from any sites they visit anyway. What kind of detection rate does the tool get on things like Virus Total though? Have you tested this with any of Anti-Virus software out there? Whats the process of getting the java attack files on the victim's PC, and for me, since I don't run Java at all, what do you do then? Quote Link to comment Share on other sites More sharing options...
newbi3 Posted October 15, 2012 Author Share Posted October 15, 2012 (edited) Looks like a RAT that just copied back the cookies from the victim pc to the attacker's PC, but I could be wrong. When I saw the topic, I was thinking more of a new sidejacking tool or such, like Hamster and Ferret or that one POC tool someone made for FF as an addon. This just looks like straight up RAT tool though, so if you have access to the users environment, I'm going to assume you can copy off any files, cookies probably not even needed since you could probably just keylog their passwords from any sites they visit anyway. What kind of detection rate does the tool get on things like Virus Total though? Have you tested this with any of Anti-Virus software out there? Whats the process of getting the java attack files on the victim's PC, and for me, since I don't run Java at all, what do you do then? Yeah it is a RAT and I do have support to upload any file from the victim but I thought since I want to get in and out quickly I would go ahead and make it automatically grab it for me. As far as Anti Virus is concerned I have yet to get detect by anything, I have done multiple tests with Malware Antibytes, and I have tested it with Avira and AVG. Not only that but one of my more tech savy zombies thought they had a virus (because I popped up a message that said they were over heating when they weren't) so they ran kaspersky and it didn't detect it. I think traditional black listing AV's don't pay much attention java or I just haven't done anything to set it off yet. At the moment I have been keeping my attack spectrum very narrow incase something goes wrong I don't lose a whole bunch of zombies. But the attack is very simple, I just go around to open or WEP encrypted networks, get access, fire up ettercap and apache and I spoof websites to look like their browsers error page when it can't connect and preform a Java Rhino attack from that which downloads and executes Mmrgh then the user will usually disconnect from the network and reconnect (so I don't have to flush their cache my self) and once they reconnect I have access to that machine. Edited October 15, 2012 by newbi3 Quote Link to comment Share on other sites More sharing options...
SYMBIOTE Posted June 8, 2014 Share Posted June 8, 2014 Nice, Does this still work? Quote Link to comment Share on other sites More sharing options...
newbi3 Posted June 8, 2014 Author Share Posted June 8, 2014 Yes you can still copy someones cookies but I no longer develop this software Quote Link to comment Share on other sites More sharing options...
SYMBIOTE Posted June 9, 2014 Share Posted June 9, 2014 what a pity, The overall idea was nice... I guess you will create something better then Quote Link to comment Share on other sites More sharing options...
L3arn3r Posted November 23, 2014 Share Posted November 23, 2014 This video is unavailable. Why is that so? lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.