ae3erdion Posted July 1, 2018 Share Posted July 1, 2018 I would like to know your ideas on what to do to a router to gain access and persistence on the network even when you leave the network. I was thinking in redirect the access of one site to a fake site that I control to infect every machine that connect to that network. Quote Link to comment Share on other sites More sharing options...
Joe2525 Posted July 10, 2018 Share Posted July 10, 2018 If you uses dns spoof well and know what are you doing i'm sure you will have what you want. This the main thing i do and of course you can go with the basic things like sslstrip then capture packages but you won't be able to capture phone's app data. There is another thing i used to do long time ago but i don't know if it still working i was able to gain access to facebook account (or other accounts) of the devices thag are connected to the same network with me. It was very easy that i didn't even need a laptop nor wifi adapter just my rooted android phone with droidsheep app installed on it and with just a click you are in. Note ( worked for me on android kitkat but when i upgraded to lollipop it stoped working because of a new security added to the lollipop and i don't know if the next Android versions work or not) Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 11, 2018 Share Posted July 11, 2018 On 7/9/2018 at 8:26 PM, Joe2525 said: If you uses dns spoof well and know what are you doing i'm sure you will have what you want. This the main thing i do and of course you can go with the basic things like sslstrip then capture packages but you won't be able to capture phone's app data. There is another thing i used to do long time ago but i don't know if it still working i was able to gain access to facebook account (or other accounts) of the devices thag are connected to the same network with me. It was very easy that i didn't even need a laptop nor wifi adapter just my rooted android phone with droidsheep app installed on it and with just a click you are in. Note ( worked for me on android kitkat but when i upgraded to lollipop it stoped working because of a new security added to the lollipop and i don't know if the next Android versions work or not) Pretty sure those exploits stopped working four or five years ago. Quote Link to comment Share on other sites More sharing options...
Joe2525 Posted July 12, 2018 Share Posted July 12, 2018 22 hours ago, barry99705 said: Pretty sure those exploits stopped working four or five years ago That what i thought as i said this was long time ago and i didn't look for it again Quote Link to comment Share on other sites More sharing options...
r3plic4tor Posted July 13, 2018 Share Posted July 13, 2018 I did notice a few new (late model) router exploits and payloads in Kali's latest msf console repository updates. I think most were D-Link related, but it may be worth a look see! ? Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted July 18, 2018 Author Share Posted July 18, 2018 Thanks guys. What I did what to setup a man in the middle attack to listen to the traffic and study it Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted July 19, 2018 Share Posted July 19, 2018 On 7/11/2018 at 10:31 PM, barry99705 said: Pretty sure those exploits stopped working four or five years ago. Well, the exploits you're thinking of, anyway. On 7/2/2018 at 8:16 AM, ae3erdion said: I would like to know your ideas on what to do to a router to gain access and persistence on the network even when you leave the network. I was thinking in redirect the access of one site to a fake site that I control to infect every machine that connect to that network. Tell the router to accept VPN connections based on their IP or whatever? That's provided the router can do VPN. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.