Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


Man In The Middle attack (M.I.T.M.) for facebook filter_list
Author
Message
Kafyhrer Offline
l337 H4x0r
Twelve Years of Service
Posts: 49
Threads: 4
Reputation: 0

Points: 0NSP
Man In The Middle attack (M.I.T.M.) for facebook 08-24-2013, 01:13 AM #1
Man in the middle is one of the best (in my oppinion) attacks, reffering to local networks.
It works, by interfering between the victim and the web server like so:
[Image: mitm-flow.gif]
In this tutorial, i would like to explain how to execute it, in order to obtain valuable login credentials for facebook.
Then, you can even be able to modify it properly for other websites...
The steps for such an attack are the following:
1) Create a server in the attacker computer.
2) Design and install a fake page that will store the login credentials in a specified text file, before sending them to the web server.
3) Do an APR (ARP Poisoning Routing), in order to make the victim think it's the webserver, and not the attacker talking to it.

Do this here are the instructions:
0) Buy a coffee.
a) Install XAMPP (http://www.apachefriends.org/en/xampp.html)
[Image: xampp_control_panel_win.png]
b) Download and extract this archive (https://docs.google.com/file/d/0Bx34Eemx...sp=sharing)
c) Copy the contents of the fb folder in C:\xampp\htdocs.
d) Go to XAMPP control panel and run the APACHE and MySQL service.
[Image: xampp-control-panel.png]
e) Test if the server is up and working by entering: http://localhost/ in any web browser.
f) Install Cain & Abel (http://www.oxid.it/cain.html)
g) Click the start/stop sniffer.
[Image: P4Y1gZL.png]
h) Choose your interface for sniffing and click OK.
i) Click again the Start/Stop Sniffer to activate the sniffing interface.
j) Go to the Sniffer tab and then click the cross.
[Image: images?q=tbn:ANd9GcRuR0kt-_krOvxr8JVN_JH...tC2I5QZzXK]
k) Leave all hosts in my subnet selected, and press OK.
l) From the list of target ips that come up, find your target.
m) Click the APR tab at the bottom of the window.
n) Click the cross button.
o) Find your victim, click on its ip, select the appropriate gateway and press OK.
p) Find your computers local ip address by running ipconfig in command prompt.
[Image: ipconfig.jpg]
q) Click APR-DNS and then the cross again.
r) Type in facebook.com at the first box and the attacker server ip at the second, and then click OK.
s) Click the Start/Stop APR button.
[Image: ca8.png]
t) Enjoy your coffee, as the victim gets traped.
u) Once he falls for the trap you will have his login details in a txt file inside C:\xampp\htdocs.

I hope you enjoy yourselves doing this...
Few weeks ago I stole 6 facebook accounts, using this method, in my local starbucks, so why wouldn't you do the same??
No piece of machinery or human was harmed using this method, and I made sure that all the login details were changed after i stole them...
[Image: colbert-finger.gif]

Reply

Kafyhrer Offline
l337 H4x0r
Twelve Years of Service
Posts: 49
Threads: 4
Reputation: 0

Points: 0NSP
Man In The Middle attack (M.I.T.M.) for facebook 08-24-2013, 01:13 AM #2
Man in the middle is one of the best (in my oppinion) attacks, reffering to local networks.
It works, by interfering between the victim and the web server like so:
[Image: mitm-flow.gif]
In this tutorial, i would like to explain how to execute it, in order to obtain valuable login credentials for facebook.
Then, you can even be able to modify it properly for other websites...
The steps for such an attack are the following:
1) Create a server in the attacker computer.
2) Design and install a fake page that will store the login credentials in a specified text file, before sending them to the web server.
3) Do an APR (ARP Poisoning Routing), in order to make the victim think it's the webserver, and not the attacker talking to it.

Do this here are the instructions:
0) Buy a coffee.
a) Install XAMPP (http://www.apachefriends.org/en/xampp.html)
[Image: xampp_control_panel_win.png]
b) Download and extract this archive (https://docs.google.com/file/d/0Bx34Eemx...sp=sharing)
c) Copy the contents of the fb folder in C:\xampp\htdocs.
d) Go to XAMPP control panel and run the APACHE and MySQL service.
[Image: xampp-control-panel.png]
e) Test if the server is up and working by entering: http://localhost/ in any web browser.
f) Install Cain & Abel (http://www.oxid.it/cain.html)
g) Click the start/stop sniffer.
[Image: P4Y1gZL.png]
h) Choose your interface for sniffing and click OK.
i) Click again the Start/Stop Sniffer to activate the sniffing interface.
j) Go to the Sniffer tab and then click the cross.
[Image: images?q=tbn:ANd9GcRuR0kt-_krOvxr8JVN_JH...tC2I5QZzXK]
k) Leave all hosts in my subnet selected, and press OK.
l) From the list of target ips that come up, find your target.
m) Click the APR tab at the bottom of the window.
n) Click the cross button.
o) Find your victim, click on its ip, select the appropriate gateway and press OK.
p) Find your computers local ip address by running ipconfig in command prompt.
[Image: ipconfig.jpg]
q) Click APR-DNS and then the cross again.
r) Type in facebook.com at the first box and the attacker server ip at the second, and then click OK.
s) Click the Start/Stop APR button.
[Image: ca8.png]
t) Enjoy your coffee, as the victim gets traped.
u) Once he falls for the trap you will have his login details in a txt file inside C:\xampp\htdocs.

I hope you enjoy yourselves doing this...
Few weeks ago I stole 6 facebook accounts, using this method, in my local starbucks, so why wouldn't you do the same??
No piece of machinery or human was harmed using this method, and I made sure that all the login details were changed after i stole them...
[Image: colbert-finger.gif]

Reply

Kafyhrer Offline
l337 H4x0r
Twelve Years of Service
Posts: 49
Threads: 4
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 08-28-2013, 01:14 AM #3
This reply has only one use: to make my thread climb up, so i can hear some oppinions Wink !!!
[Image: colbert-finger.gif]

Reply

xevenofhearts Offline
freeze means run.
 ***
Registered (Bronze)
Twelve Years of Service
Posts: 739
Threads: 80
Reputation: 0

Points: 25NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 08-28-2013, 04:02 AM #4
(08-28-2013, 01:14 AM)Kafyhrer Wrote: This reply is useless, i just want my thread to climb up, so i can hear some oppinions Wink !!!

Is that so?

Then that useless reply shouldn't be there. Change that.
xevenofhearts

Reply

Kafyhrer Offline
l337 H4x0r
Twelve Years of Service
Posts: 49
Threads: 4
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 08-28-2013, 12:04 PM #5
I changed it...
[Image: colbert-finger.gif]

Reply

ChiefofGrief Offline
Junior Member
Eleven Years of Service
Posts: 3
Threads: 0
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 08-28-2013, 10:39 PM #6
I'll have to do this next time at starbucks lol

Reply

RawkstarA Offline
Junior Member
Eleven Years of Service
Posts: 8
Threads: 1
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 11-22-2013, 05:40 PM #7
Is it working? :/

Reply

RawkstarA Offline
Junior Member
Eleven Years of Service
Posts: 8
Threads: 1
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 11-22-2013, 05:40 PM #8
Is it working? :/

Reply

behehe hacked Offline
Junior Member
Eleven Years of Service
Posts: 10
Threads: 0
Reputation: 0

Points: 0NSP
RE: Man In The Middle attack (M.I.T.M.) for facebook 11-22-2013, 11:43 PM #9
i didnt knew about that . nice guide Biggrin

Reply







Users browsing this thread: 1 Guest(s)