Hacking the Hacker

April 4, 2017 | Views: 11075

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This story begins in the fall of my first-year cyber security class. We were put into groups during our “cyber spookhouse” the point of the activity was to show and inform our fellow students, from different industrial fields, to coerce them into hardening their security. I was placed into the MITM group with four others and we decided to use an image scraping tool to pull the images from network traffic. I finished setting up the wireless access point. Then I began to practice using drift net to my network traffic analyzer. I specified the interface I wanted it to listen on, which is wlan0, (which is my wireless dongle). It sends and receives all the traffic before the router (man in the middle). At this point, I then ran Ettercap on Kali Linux and specify the file location that will hold all the pictures that drift net captures so that Ettercap can make them graphical instead of being network data. I had everything set up so I decided to test it by connecting to my rogue access point and then searched through amazon. Most images will show up but if HTTPS is enabled, it will not be able to pull the images because the data is encrypted. So, we made sure to hide our weaknesses and only inspect HTTP websites for our display. Then something interesting happened. My bssid was so similar to the original, and my signal was stronger, that I had kids t joining my network left and right. Then I realized that one was in my class! I found this out because another group was finding vulnerabilities in webcams and the webcam software, so there was unencrypted traffic coming from his webcam. Knowing this, I had a delayed live action feed coming from his IP address. He had made the mistake of joining an unsecured network as well as not sandboxing his environment before he intentionally dropped an exploit in it. All of that to say, he basically opened the door for me to eavesdrop on him. Now, keep in mind that this is completely for educational purposes. I had permission to do this by the administrators and no malicious activity took place. I then proceeded to take a picture and inform my classmate of his mistake so that he can harden it if possible. All in all, it was a great learning experience considering that I had never done an MITM attack, nor had I ever intercepted webcam network traffic. Our group project turned into a huge success and I could not have felt more accomplished considering this was the beginning of my cyber security program.

 

Thanks for reading! Comment below or direct message me if you have any questions 🙂

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. bro plzz can you give me your email addrees

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel