Skip to content

farolfo/IOL-Hacker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
lib
lib
 
 
src/main/java/org/app
src/main/java/org/app
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
iolHacker.jar
iolHacker.jar
 
 

Repository files navigation

IOL Hacker (DEPRECATED)

( THIS APP HAS EVOLVED TO THE https://github.com/farolfo/uCracker )

A simple Java program that sniffs the network and displays the DNIs and passwords that are exhibit in the plain text of a POST HTTP req to the ITBAOnLine(IOL) page.

This implementation uses the jpcap lib, provided by SourceForce. Besides, jpcap uses the libpcap library, that must be installed and well configured to work.

Installation

  1. Make shpure you have installed Java 1.6 or another upgraded version.
  2. Install the libpcap library (WinPcap for Windows users).
  3. Now you need the jpcap native methods implementations. For this step I recommend you to copy the jpcap library already compilled that it's provided in the folder utils. You must to copy the file that you need for you operating system:
  • jpcap.dll for Windows users. (NOT YET IN THIS REPO)
  • jpcap.so for Linux users. (NOT YET IN THIS REPO)
  • jpcap.jnilib for Mac users.

Copy this file to your Java's library path. If you don't know what path that is, run

java -jar displayLibraryPaths.jar

This will display where your Java will search for the lirbaries that it needs (displayLibraryPaths.jar jar file is on the utils directory). Now, just copy the library you had downladed to one of those folders.

Another option for step 3 it's to install by yourself the jpcap library from the jpcap page.

Execution

Download the runnable jar iolHacker.jar and, in the directory where it's placed, run

java -jar iolHacker.jar [-i interface] [-l loggingLevel]

You can sepcify an interface in command line with -i, it must be the name of the device you want to capture passwords from(i.e. eth0, eth1). If you don't specify it, the program will choose one, AND THERE IS NO GUARANTEE THAT INTERFACE IS ACTIVATED.

Also you may enable three kinds of logging with the -l parameter, and it's values might be:

  • TRACE : Will display a detail of each operation that the program does, besides the normal output of the application. (TRACE will also display ERROR).
  • ERROR (default) : Will display a message when an error occurred.
  • OFF : Disables the logging system.

If you have any problem, take a look to the logs.

NOTE: As this application is still under development, we suggest that you provide an interface to sniff. You may now your interfaces with the commands ipconfig (Windows) or ifconfig (Unix).

###Example

Sniffing interface en1

~$ java -jar iolHacker.jar -i en1
PacketCapture: loading native library jpcap.. ok

_____________________       ______  __            ______              
 ____  _/_  __ \__  /       ___  / / /_____ _________  /______________
  __  / _  / / /_  /        __  /_/ /_  __ `/  ___/_  //_/  _ \_  ___/
___/ /  / /_/ /_  /___      _  __  / / /_/ // /__ _  ,<  /  __/  /    
 /___/  \____/ /_____/      /_/ /_/  \__,_/ \___/ /_/|_| \___//_/ v1.0
-----------------------------------------------------------------------
--       IOL Hacker v1.0 - the ITBA sniffer application !
-----------------------------------------------------------------------
---
--       Remember, this is not a malware application, my goal here
--    is to show you why YOU MUST CHANGE YOUR PASS PERIODICALLY !!
--    and DON'T REPEAT PASS BETWEEN YOUR ACCOUNTS  !!
---
--       Also remember that this are ATTEMPTS that a user does 
--    to IOL, so some of this passwords might be wrong if the user 
--    that has typed it did it wrong.
---
---
--     The results will be displaied as 
--			 'dni' | 'password' 
--
-----------------------------------------------------------------------
 '36985142' | 'mypass'
 '15427896' | '123456'
 '35856142' | '14257863165413'
 '35214569' | 'chukNorrisWasHere'

Why did I do this?

My main goal here is to highlight two things:

  • CHANGE PERIODICALLY your passwords in your accounts.
  • DON'T REPEAT your passwords between your accounts.

There are many leaks and bugs in the secutiry systems of many applications, such as passing passwords as plain text, and you'll have a better result if you have some conciderations each both.

Further reading about this development

The libcap site (you can also find the tcpdump, powerful command-line packet analyzer)

http://www.tcpdump.org/

The jpcap project

http://sourceforge.net/projects/jpcap/

https://github.com/jpcap/jpcap

Some tutorials about jpcap and libcap

http://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf

http://eecs.wsu.edu/~sshaikot/docs/lbpcap/libpcap-tutorial.pdf

Another library similar to jpcap

http://jnetpcap.com/

An HTTP analyzer

http://httppp.g76r.eu/

THE sniffer

http://www.wireshark.org/

Happy hackin' !

About

(THIS APP HAS EVOLVED TO THE "uCracker" https://github.com/farolfo/uCracker )A basic IOL (ITBA-On-Line) hacker, a program that sniffs the network and shows the plain text in the POST HTTP requests.

github.com/farolfo/uCracker

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages