The word payload comes from the idea of delivery and is used in hacking to explain the package of malicious code that is delivered to a victim’s computer for the purposes of attack.
I have worked through some sites and tutorials, trying to understand Heap Spraying (as you may have seen from my earlier post). I’m now at the point where I have code injected into the memory of a computer and just need a trigger to make the code run. Continue reading
The DD-WRT displays some hotspot services on its Services/Hotspot page. Most are on-line systems that allow remote administration of multiple hotspots globally.
There are many on-line hotspot services where it would be useful for a chain of stores/cafés to offer lots of WiFi Hotspots across a large area: As most services offer on-line management systems for a collection of Hot Spots and a lot of them are full featured have lots of control and reporting to enable a decent service for their clients. These on-line services also allow the the customer to charge their clients for the Wi-Fi services, which is useful but not helpful in my project. It could also be a legal issue if drive-by download code was used on the captive portal templates these systems provide. As the drive-by download code can be considered as malicious it would more than likely set off alarms or cause concern to these hotspot providers and these on-line systems will be avoided:
The other services on the list are software that can be downloaded and hosted locally, this would cover the possible legal and moral concerns about hosting malicious code on-line. However this software is likely to come with some pre-set templates for captive portals, or worse restrictions that only allow an image to be display on the pre-generated captive portal page. These systems need looking into to discover if one of the solutions can be moulded for the projects purpose.
HTTP Redirect
The redirect option is going to be the most customisable system that would mean setting up a machine on the network that would host the redirect page. The concern with just a HTTP redirect is that is may not be as captivating as a captive portal should and may let users browse the web after dismissing the redirect page.
I’m continuing my research into these services and will update on how I get on!
Andy Cronin - Ethical Hacking Honours Project - Drive-by Healing 