Tuesday, April 5, 2011

Can You Donate Blood If You Have A Fungal Toe



Phishing + ITM University

some months back had the curiosity to see how vulnerable it may be the university where I study, so testing a bit between XSS

,
"I never liked this kind of bugs, has a lot of social engineering that takes a lot to me my-, so I will use them to see if they ever learn. XD. Use [+ Phishing XSS] .
This is a research project to see how far I can go with an XSS
and a little imagination see
DISCLAIMER.

WHEN STARTED FROM THIS MINI-PROJECT
started the today (April 5, 2011), with the collaboration of some people such as my good friends:
DarioHxC
, Yoyahack and the big sissy Progressive Death (is a fag from here to China maybe after some # FAIL's place I made this queer HDP). I EXPECT TO GET IT?
As I said before I never liked this type of vulnerability, I thought I could not get anything unless they successfully apply social engineering to steal user sessions. I always saw him as a low-level bug.
MAINLY FOR MAKING THIS MINI-PROJECT
The main feature at 100% is to get more users and passwords of students from my university to keep track of security implemented in this institution.

DAY 1:

(April 5, 2011)
Introduction to the operation and construction of the building on the XSS phishing site exists.
    Creation file server that housed the reception Information Phishing Page
  • (As is a free hosting I need to wait 24 hours for activation)
  • . Creating
  • email which is sent from the method of social engineering. (Although I have no idea what message they send to try to cause the access of each student)
  • Creating malicious files (data reception, storage and passwords)
  • .

Day 2:

(April 6, 2011) It had planned to create an HTML identical to the original to avoid suspicion. So using JavaScript and HTML page was created successfully Phishing, but when some tests sending and receiving data, the server stopped working free for the amount of characters in the POST request, so I think of play and the only option I found was to make an iframe and call Phishing page that was hosted on my free server. It looks a little more for the scroll of the iframe but just as important is not try to hide it or you do not leave like that. Looking at some post
    sent by the university administration in a higher average was addressing the issue of a survey. So try to get me on that side to see if students fall into the trap: D
  • would not be as evil receiving mail, you may not reach your Inbox but the spam. So on second thought I'll leave this option in the background and try to get me one of the institution itself. If I can not get it I'll leave it as I had initially thought.

Day 2:

(April 6, 2011 - 03:00 PM)
At 3 pm on April 6, 2011, we began the first general test of Phishing.
    As said, the malicious mail sent comes the SPAM folder, filter-
  • "Damn, I sent it yet as I managed to get the bill.

Day 2:

(April 6, 2011 - 09:15 PM)
I lingered a while, perhaps a few days, but I see some people review constantly SPAM folder. I have at least approximately 87 records
-Some repeatedly-
    , wait 5 more days to see what else I can get accounts.

Day 3:

(April 7, 2011 - 02:25 PM)
So far no update.
    I will publish the method used. Here [Explanation Phishing
  • ITM]
  • Day 4:

(April 8, 2011 - 11:43 PM)

    So far no update.
  • send e-Phishing again.

Day 5:

Only one record more.

NOTE:
As far as I can not get this research will tell you here and I always argue, I am not responsible for the disclosure of information by you to complete the project. Is an important step to validate the reliability of the data.

0 comments:

Post a Comment