Sign in to follow this  
Followers 0
Chiron

My First Project

5 posts in this topic

I am problem jumping in way over my head but I don't know any better way to learn. I have done some simple programming in Java and HTML. I don't know if it what I propose will be possible and I have a lot of research to do in order to write the code I would have to use to make this work.

Basically, what I want to do is create a spoofed web page that when someone attempts to get out of their router by clicking on Internet explorer my web page comes up instead of the generic goggle.com site. (I know this would have to be modified to spoof whatever the default web page was) My web page would basically invite the user to download a "Security Client" that would protect them when they utilize the web page i spoofed. They would be asked to Download the client.

Once they have downloaded the self executing program the program will run a script to change the settings on their Router/ modem. I was think I would design it to be used against a generic comcast modem with the default username and pass.

I have to research a lot of this and so I would like some suggestions about how I would go about,

creating the web page with an executable (I have only created some very basic HTML pages www.w3schools.com)

What language should i write the scripts and how can i make them self executing?

Can I even change settings on generic routers beneath the application layer?

Before I get flamed like a noob. I am aware that hacking is about construction not destruction. This would only be used as a test within a lab and possibly as a demonstration to show the possibility during security awareness presentations.

Any suggestions helps or links that would help me learn a little more about those topics would be very much appreciates.

Thanks in advance.... :D

Edited by Chiron
0

Share this post


Link to post
Share on other sites

Apart from the fact that you're trying to scratch yourself behind the left ear with your right hand with the router setting changing malware, Java and HTML are totally unrelated to what you're trying to achieve. (that's not to mention you're aiming way above your level and don't have any idea about this whatsoever)

I suggest you read up on spoofing and then come back.

0

Share this post


Link to post
Share on other sites

I wasn't suggesting that I would use either Java or HTML. I was just listing those as things that I had some experience with. I also understand that this project is above my current level.

The idea was to pick something to work toward, a goal. If I have to learn a new language or several I was prepared for that. I have read up on spoofing since that is what you suggested, by read up i mean ran a few searches to make sure that I understood the basic concepts. If you had some links that would give me a better understand of the technical background I would appreciate it.

I am still a little fish in a big sea. I was hoping to get some help finding some resources that would teach me why this was implausible.

If my idea isn't plausible please let me know. Can you give me a definative reason why? Is it just easier to do a more traditional spoof attack and their is a way to foreword malware without the user authorizing it then please let me know.

Edited by Chiron
0

Share this post


Link to post
Share on other sites

The plausibility of this depends on the level of access you already have against the user, and the idiocy of the user.

Note, much of what is said below is illegal in many places, do not attempt, this discussion is theoretical!

If you are on the user's local area network (coffee shop, open wireless router, etc) you can spoof certain network packets to redirect their traffic through your box, from there you can alter traffic to redirect them to you're download page. If you aren't on the local network, the options become much more limited. If you happened to know of an unpatched exploit in the user's browser, you could take advantage of that, but if you knew an unpatched exploit really you could just use that to download and execute your program anyway. If they are still using Internet Explorer 6 (or less?) there is a javascript method of retrieving and altering the homepage, but Microsoft realized that this was idiotically vulnerable and so it was removed in IE7.

Once you have them on your download page, they still have to download the executable and run it. This would necessitate both a very professional delivery page that looks real (Perhaps while sniffing their packets, you could have it detect their real homepage and then redirect them to a different payload that relates to their homepage) and a very security lax user (sadly these are in good supply). If they have security software installed it might realize what your app is doing, and even then some security lax users might put 2 and 2 together.

The actual application to login and start messing around with the router settings wouldn't be that hard if you assume its a certain router and has default settings. Obviously, the more complex you wanted the application to be, the more difficult it would be to program.

Again, this is all theoretical, don't try it on a live network, the repercussions could be worse than just your target user. If you don't know what you're doing, redirecting and spoofing packets is a very easy way to DoS an entire network.

Edited by n3xg3n
0

Share this post


Link to post
Share on other sites

Thanks, nexgen you gave me a lot to think about.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0