Sheep Shellcode

The hackery blog of Vincent Moscatello.

TV 20 Interview

Now that finals are over its time to update the website with all the things! I forgot to write about it earlier but on November 21st I had the oppurtunity to do an interview with TV-20 correspondent Emily Burris on The Dangers of Public Wifi

The segement came together extremely well! You can watch the entire interview here: http://www.wcjb.com/morning-edition-technology-local-news/2014/11/dangers-free-wifi-your-personal-information-risk

I decided to prepare three demos since I thought they would work well for the segment.

  1. Man in the middle attack: for this demo I setup ssl-strip and used arpspoof from kali to illistrate a simple arp-spoofing attack. I actually had a little bit of trouble with this one since the old windows xp virtualmachine I was using refused to connect to pages that normally used https. The porblem had to do with the recent poodle downgrade attack. Facebook dropped support for IE6 so the solution was to just update the browser

  2. Vulnerable Services: for this demo I just disabled windows firewall on my XP box, fired up metasploit, and exploited ms08_067 everything went smoothly here. I used a meterpreter shell as the payload.

  3. Rogue wifi access point: This one was acutally pretty new to me since it wasn’t something I’ve tried before. I used airbase-ng and set the SSID of the wifi accesspoint to (Evil Wireless)