Many people’s gossipy heart prying desire is still very strong, strong to let a person fear. So many people like to read some gossip articles, such as: How to spy on others gracefully?
Usually such articles are easy to catch on because many people like them and never get tired of reading them.
In the end, I managed to put on such a good show in real life, in order to satisfy the desire of the people, I wrote a story. What else can we do after we’ve been trolling?
Disclaimer: this is a fictional story, the pictures are all evil Mosaic.
In my memory, there was a nice girl next door. When Z came to see me that day, she happened to meet me. After entering the room, she ran to my ear and said, “Could you get wechat from the girl next door?
Such three vulgar scene actually happened in my side, I said wait two days I give you the news.
The entrance
Since I am a young man living next door, the router is indispensable, so I decided to start the journey from the router as the entrance. After turning on the wIFi, I found three signals. I first chose the route with a very unique name: ** LOVE **
According to the name ** LOVE ** can probably see two names, should be boyfriend, think of this in the heart for Z jun cool half.
It’s easy to find a possible entry point, pull out Minidwep, import part of the password dictionary, and start blasting. Because the other party uses WPA2 encryption, it can only be accessed through brute force cracking, while WEP can directly crack the password at present. Therefore, the success rate of cracking WPA2 encryption routes basically depends on the size of the dictionary in the hands of hackers.
Drink a cup of coffee back, found that the password has come out: 198707**, so happy to connect to go in.
difficult
After connecting to the peer route, I need to connect to the WEB management page of the route (after entering the WEB management page, I can modify the DNS of the route, view the connection between the DHCP client and the device, and perform various functions).
After checking the network segment, I started to visit the WEB management interface of the router, and found that the goddess had tactfully changed the default login account password.
Tp-link W89841N, after failed to enter through routing device vulnerability, presumably can only use violence aesthetics.
By capturing the request for logging in to the router, and then iterating the account password to send the request and checking the size of the returned packet, we can judge whether the login is successful. The caught GET request is as follows:
Authorization: BasicYWRtaW46YWRtaW4= indicates the password of the login account
Decrypt using Base64
So I wrote a Python script that combined the password in the dictionary with “admin:” and base64 encryption to crack it. Eleven o ‘clock bell rings, found that the password has been successfully blasted out, successful login:
Checking the device connection list, I found myself alone. It seems that the goddess has already rested and waited for the opportunity.
The timing
The next day after dinner, I logged in to the ROUTING management interface. By this time, I had several devices, and the time came:
The client name
android-b459ce5294bd721f
android-44688379be6b9139
**********iPhone
******-iPad
******-PC
I counted two Android devices, an Iphone, an iPad and a PC.
From the name of iPhone \ iPad \ PC, MY initial guess is correct, ** is indeed the name of the route owner, and my intuition tells me that it is very likely that the owner of this route is the goddess that Z likes.
First, we tested two Android devices and found that one of them had a lot of open ports, vaguely resembling a Xiaomi box or A Baidu shadow stick. Then things got interesting, because there was a chance to control the TV.
Use ARP to sniff android open port more devices, sure enough is a movie box:
Finally, get the basics straight: TV uses a movie box, aN iPhone, an iPad and a personal computer.
Looking for
I found so many interesting things, but I still hadn’t forgotten what Z had asked me to do, so I started sniffing the iPhone.
The sniffer soon found something interesting. The photo of the goddess was detected when she was checking her album, so I sent the photo to Z, who was excited and incoherent.
After that, I was still waiting for the opportunity to find the wechat of the other party so that I could fulfill my wish of Z. Hope appeared.
When I checked the traffic log, I found that she was refreshing the wave microblog, so I found the microblog conveniently according to the URL:
Seeing the birthday reminded me of the wifi connection password, which turned out to be her birth date. I thought that finding wechat would ease Z’s mind.
By combining the personalized domain name address of the goddess on Sina Weibo and the information obtained, she began to guess the wechat account, and was soon done:
After completing Z’s wish, I looked back and found that there were still many interesting things to do. How could it be so easy to end it?
TV
With the progress of The Times and the development of science and technology, the Internet has gradually reached the level of the Internet of Things, which can be seen from the use of various smart boxes on TV. Film and television box is usually open remote debugging port for convenient debugging, is the box safe?
Last year, I had the honor to have a good study of the Mi box that Tencent gave me safely. After scanning the ports, I found that various ports were open, among which the most interesting port was 5555 port (ADB remote debugging), which can be directly connected to the device for remote debugging using ADB Connect IP.
Although is the goddess of Z, but I think can also make fun of some, so I conveniently wrote an Android APK program.
Adb connects to the box remotely, then ADB install remotely installs APK, and finally launches remotely using am start -n ***.
I used Genymotion locally to build an Android emulator for testing:
When I typed am stat -n *** and hit enter, I imagined a million goddesses’ faces.
But I never had the stomach for a romantic action movie for television.
account
Weibo, everyone, Taobao and so on all login after account hijacking, after hijacking account and can see a lot of surface can not see things.
So all the accounts of course were hijacked, and of course I didn’t go through anything, numb to prying.
contact
I think it’s time to wrap it up, but there’s a lot more to the story that’s interesting and wonderful than words can say.
So I innocently took her micro blog and sent a message: Hey,test
Through the MITM middleman I injected javascript into the page, something like this: alert(/ go to bed early, QQ:***/);
Of course, this QQ is for me to get the last contact with each other to register:
Tracing back to the source, in fact, it is nothing more than a very common rub network. After connecting wifi, the device is in the same LAN, so that so many interesting things can be done. In the above story, I did not have malicious or DNS hijacking, so what information did I control or get through routing?
renren
QQ number
Mobile phone Number (obtained from Taobao)
photo
TV
More
Often said that do not connect strange open WIFI, a little security awareness. Not can’t black you, but you have no black value.
But people don’t care. They say I’m worthless. People who give up treatment like this give you a headache.
defense
As a user, the more you do the following, the safer you will be:
Testak47521test is better than ak47521
2, quickly change the account and password of the router management background. 90% of lazy people are still admin admin
3. Don’t give your Wi-Fi password to untrusted people.
4, mobile devices do not jailbreak do not ROOT, ROOT/ jailbreak after the device is equal to the bus casually
5. Often log in the router management background to see if any unknown device is connected to Wi-Fi. If so, disconnect and seal the Mac address. Change the Wi-Fi password and router background account password immediately after sealing.
6 or More
These methods are searched above, defense ARP hijacking sniffer is very simple, the computer installed a kill soft basic is about the same, be attacked when hijacking will pop up warning, but people do not have the slightest improper thing, there is a box to kill soft to turn off, continue to surf the Internet.
As for the phone on the kill soft, really no use, hijacking sniffer everything does not intercept.
Finally Z treated me to a big meal – hot and dry noodles.