Главная » Статьи » Мои статьи

Spying on everyone

In this review we will look at how using Yandex.Metro you can spy on people, determining their location.

Russian search engine Yandex, apparently, is not going to close your spy bug for this, we will try to actively use it. This bug allows us to determine the physical location of the user. Using the well-known XSS or CSRF vulnerabilities in the firmware of home routers, we can determine the MAC address of the router user (aka BSSID Wi-Fi network). If you have direct access to the user's PC, it is enough to view the ARP cache on the PC with the command "arp-a". Usually the first line in the cache is the MAC address of the gateway by default, which is the desired BSSID. After receiving the BSSID can be pasted into a query that refers Yandex.Metro. Output mypolicy data that you can see in the screenshot.

 

The response packet contains the coordinates of the requested wi-fi access point, carefully collected and stored by Yandex. You can drive them in Google Maps and find the right house for you. Coordinates are not always accurate, but as a starting point for searches amiss.

 

Code to use in the terminal with CURL command:

curl -i -s -k -X 'POST' \
-H 'User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.0.1; Nexus 5 Build/LRX22C)' -H 'Content-Type: application/x-www-form-urlencoded' \
'http://mobile.maps.yandex.net/cellid_location/?clid=1866854&lac=-1&cellid=-1&operatorid=null&countrycode=null&signalstrength=-1&wifinetworks=
000000000000:-65&app=ymetro'

 

 

Категория: Мои статьи | Добавил: d1gger (06.01.2017)
Просмотров: 2563 | Комментарии: 2 | Теги: cutl, Spy, bssid, routers, Linux, Mac, Geolocation | Рейтинг: 0.0/0
Всего комментариев: 2
avatar
0 Spam
1
Got ERROR bro! :^(

HTTP/1.1 400 Bad request
Server: nginx/1.8.1
Date: Mon, 09 Jan 2017 15:36:49 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 97
Connection: keep-alive
X-YaRequestId: b6156320-821b-4c81-8cb9-22869054513d

<?xml version="1.0" encoding="utf-8"?>
<error code="7">Empty parameters (or all invalid)</error>
avatar
0 Spam
2
How do I fix it ????

HTTP/1.1 404 Not found
Server: nginx/1.8.1
Date: Mon, 30 Jan 2017 10:18:35 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 73
Connection: keep-alive
X-YaRequestId: 137d923a-75e6-4bb0-afe6-c39c2edfa620

<?xml version="1.0" encoding="utf-8"?>
<error code="6">Not found</error>
avatar
Investigationes
CHARLES S. ANDREWS
3139 Brownton Road
Long Community, MS 38915



+7 495 287-42-34 info@ucoz.com
Mirum
sample map