Skip to main content

How to hack anything inside a wifi?

Tutorial - How To Use zANTI2 for hacking?

zANTI2 is a new app that came from the Zimperium and Simone Margaritelli, the dSploit author. zANTI comes with a bunch of amazing features, including metasploit exploits, packets sniffing, session and password hijacking and many more. But how do you use them? See this tutorial!

Ready to hack? Let's go.


First off, (if you haven't already), download the zANTI app from dsploit.net
You can register if you want and you're good to go.

Alright, now connect to the WiFi and start scanning.

Screenshot 2015 01 29 10 06 34Screenshot 2015 01 29 10 07 15

Wait for the scan to be finished. You will see connected devices with open ports. As you can see on the image above, there are a few devices including one HTC device running Linux (Android) and two printers.

You can now choose which of the devices you want to attack. I will go ahead and select the HTC. If you want to attack all of them, you can select the entire network.

If you open up the device, you'll see a few options popping up.


  • Scan
  • Connect to remote port
  • Password complexity audit
  • MITM
  • Vunlerabilities check (shellshock, SSL poodle)
Let's explain them. The scan option will perform another, more advanced scan on the target. You can specify the typea of scan and it will be more accurate on the target.

Connect to remote port is a very interesting option that lets the attacker connect to the open port and estabilish the connection to the victim. If you open up this option, you will see the available ports. In most cases, it would be 80, that is HTTP port. However, there can be more ports available. For example, I attempted to connect to my laptop - I have a password on it, if I didn't have any password set on my laptop, I could easily view everything available in the C:/ drive - pictures, folders, files and many more. Really cool, really spooky; conclusion - secure your laptop with a password, even if there's nobody you know that could possibly break into your device.

We're not done with this option, it brings much more stuff when there is a vunlerability that can be exploited on the victim's PC.


I've found this nice video by Adam Alio demonstrating the power of Zetasploit. He exploits a vulnerability in the victim's PC that allows to connect to remote host via VNC - the virtual network computing, a graphical desktop sharing system that allows to connect to monitor and control your PC using your Android phone, just like as you were running Windows XP.


Then he ran a Cloud exploit and connected to the console. He then took power over the computer and shut it down using shutdown command. Pretty nice and pretty easy. Also pretty scary, isn't it?



Let's skip the password complexity audit and jump right into the MITM section, which will be the most interesting one. MITM stands for man in the middle and what this basically means, is that by triggering an MITM attack, all the traffic goes through your device (you are becoming the man in the middle), thus you can easily view and modify the traffic requests.

To perform this MITM attack, simply select the target and then tap on "Man in the middle" button. A new tab will pop up.

Screenshot 2015 01 30 18 45 59

Firstly, choose which functions do you want to enable during the MITM attack. There is a SSL Strip option, which is very important because it removes the HTTPS protocol by redirecting it to a HTTP. You will not be able to hijack a session when there is a HTTPS protocol so SSL Strip is essential for hacking accounts.

SSL Strip cannot redirect a direct HTTPS, only when victim goes from HTTP to HTTPS. Means that if a victim opens up Facebook (which is HTTPS), SSL Strip will not work as there is a direct request to a HTTPS protocol. I suggest you keeping this enabled the entire time hacking.

Redirect HTTP - 
This option redirects a website to another one. Simply choose the URL and enable the function.¨

Replace images -
Choose an image which will be replaced with all the images your victim browses through.

Capture download - 
Choose which types you want to capture and enable the function to save all the files your victim downloads. You can also Intercept download by pushing another file to the victim.


Enable the MITM and wait a few whiles. If your victim doesn't use the net (web traffic), you'll have to wait till he/she opens up a browser, downloads a file or just use the network. If everything goes right, a little window saying "IP is vulnerable to MITM attack [or something like that]" should pop up. This means your victim is vunlerable to sniffing, session and password hijacking and many more functions zANTI has to offer.

To see what your victim browses through, see the "logged requests" option. You can also see logged images.

Screenshot 2015 01 30 18 48 59

Image above shows logged requests, you can hijack the session by tapping on one of the requests.


To allow each HTTP request individually, use the zPacketEditor. By swyping to the left, you can easily modify the request and send it to the victim.


Alright, now you should know the basics of MITM spoofing attacks, have fun playing!
Just one more thing, always be responsible for what you're doing, don't share private stuff of your victims, After all, it is not that difficult to find out the spoofer across the network.

Comments

Popular posts from this blog

How to Bypass Right Click Block on Any Website??

How to Bypass Right Click Block on Any Website?? How to Bypass Right Click Block on Any Website Bypass Right Click Block You might remember an experience where you tried to right-click on a web page but got a pop-up message saying that the “right-click functionality has been disabled”. Sometimes you may be trying to copy an image or view the source of a web page but when the right-click is disabled, these things would seem impossible. Bank websites and other sites that require a secure transaction such as a payment gateway are the ones to impose this kind of limited functionality on their pages. In this post, I will show you the ways by which you can easily bypass right-click block feature on any website.In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to str...

Need For Speed Most wanted Tools Cheats

Need For Speed Most wanted HAcKK,Tools NFS:MW Tools & Utilit NFS:MW Tools & Utilities (47 NFS:MW tools | 492,900 total downloads) File Name Downloads Author NFS:MW Rival CHALLENGE Save Games 42,788 WIL BMW M3 GTR Tuned(changed lights) 5,340 Tiago Comlete savegame 4,639 Tanvir Money hack trainer 4,382 tanvr ModLoader 5,703 GameNet.com e FelipeReset07 NFSMW +4 trainer 2,613 WerderCanuck Trainer and car unlocker 8,376 [t@nvir_4u] BMW M3 GTR RIMS 1,055 N/A nfs carbon cross vinyl for mw 1,427 viveksreenair New BMW M3 GTR (hero car) Textures 1,444 LP Force 100% Game Complete by SilentH 1,947 Game 100% Complete by SilentH Lancerevo8 tokyo drift vinyl 1,802 darshit999 Bull save game 728 Arif NFSMW resolution hack, new effects. 4,159 NFSCoder Razor Race 99% save game 4,373 Nimish cobaltss cross vinyl 1,120 marendra BMWM3GTR-STACKED-DECK 888 LEXUS-LEE-159 100% completion game 1,210 veeres karthi nfsmw save with 43 cars 3,170 n/a Tight Security - Cop cars ...