Hello everyone, as it seems that a lot of you guys seem to be in high school and want to be like the "War Games" hackers I figured I'd write a tutorial on how to steal logins for online grading systems.
If you're school still uses paper to write down and keep track of grades this tutorial is not for you!
Please remember to be careful with this information, this is not for you to use only to understand that this is a posibility Wink
The main problem with this is that most sites that do "Online Grading" encrypt their data before sending it to the router so that this attack is thwarted.
The solution
Using software like "Cain & Abel" you can get around this problem. This is done by spoofing the SSL certificate for the vlctim, however this can not be done completely as the vlctim will get a "SSL certificate error" warning message. Luckily in the most used version of Internet Explorer this message is just a simple "blalla error, click here to continue" and most users just ignore this and click ok. Now they are connected to the website but you can still see what they are doing!
Congrads, you now (kinda) get how an ARP Cache Poising attack works & SSL Spoof attack.
A nice warning you'll be doing all this on a school computer, please be careful not to get caught (what if someone actually knows what you're trying to do?! Oh noes!)
No you're going to need to install Cain & Abel for doing this attack! This is a Windows hacktool with all sorts of fun built
in!{{{DOWNLOAD HERE)))}}}
Great! Now install the thing (I'm not going to hold your hand on this as it's really straightforward, just say yes to installing everything)
Eventually you install everything and you start up Cain, please be sure you've allowed it internet accept if Windows prompts you for it
This has started the "sniffing" process where your computer will capture any traffic that it sends/receives. At this point this is only the websites you visit but you want to see everyone else's internet activity aswell!
Great! Now you need to select some computers to poison.
Click the "+" button to add some computers to your list
The default settings are perfectly fine, so scan everyone on your current subnet (which means everyone who's behind the same router/switch as you)
Wait for it to finish scanning, once it's done move on to the next step.
Step Four - Poising some ARP Caches!
You are now going to direct everyone's traffic through your own computer so you can see what they are doing and steal their online passwords!
Click the following tab: (Bottom left)
Now you're going to want to select the first IP address on the left, this is the router address so you can capture all data being sent to the router.
Then select EVERYTHING in the right column.
(Read the warning in the image above about selecting to many vlctims to poison!)
Then click "OK"
You are now intercepting all data on the network! Pat yourself on the back! You're screen should look like this
Code:
<input name="txtTeacherUsername" id="txtTeacherUsername" size="18" value="" class="gaia le val" type="text">
<input type="hidden" name="txtTeacherPassword" id="txtTeacherPassword" size="18" value="" class="gaia le val" type="text">
As you can see the two fields are "txtTeacherUsername" and "txtTeacherPassword"
So now go back to Cain and add those field names in by inputting the field names and clicking the plus button
And click "OK"
A nice little warning is that anyone who is connecting to a website via SSL will see this most will just click to continue
Congrads! You are now capturing only the school grading system logins (unless multiple websites share the same field name!)
Then remember the logins, go home (hide behind a proxy!) and login on the website and change your grades
say thankx by - Ms