PDA

View Full Version : Whitehat MAC address spoofing

spakman
10-31-2005, 03:51 AM
*LINK* (http://fabrice.bellard.free.fr/qemu/)
You know how once you get crak-jacked and that changing your ip address, or place of residence doesn't do $h!t cos they still have ur MAC address and can find you again the second you get back online - even if you like move to a different country?

I came along this app ¨qemu¨, that lets you emulate a different pcs with different Mac Addresses.

Here´s a snip of the man page below. Check out the Network options. Look at the second line. Pretty dope.

Hope this helps anyone who can´t afford to buy new hardware to change MAC Addresses once they've been hijacked over and over again by a blackhat tracing your hardware through cyberspace.

**********************************************
Network options:
-nics n simulate 'n' network cards [default=1]
-macaddr addr set the mac address of the first interface
-n script set tap/tun network init script [default=/etc/qemu-ifup]
-tun-fd fd use this fd as already opened tap/tun interface
-user-net use user mode network stack [default if no tap/tun script]
-dummy-net use dummy network stack
**********************************************

peace d=^)
anibal187
10-31-2005, 05:24 AM
Edit: My reply was dumb. Now that I read the Qemu page I understood what it does.
kaiser_pro
10-31-2005, 12:27 PM
using a registry hack you can change your Ethernet MAC address, if you have the right card.

but why would you want to? the mac address is only visible on the immediate network, noone on the other side of your gateway can see it. so if you move outside of the network all they can see is you IP address
spakman
11-01-2005, 03:54 AM
Edit: My reply was dumb. Now that I read the Qemu page I understood what it does.

No worries. Did a quick search. am posting the first link I clicked on. It confirms the Whitehat MAC address spoofing in a round-about way.

http://lists.gnu.org/archive/html/qemu-devel/2004-05/msg00010.html

Edit: Here's the line I'm referring to, way near the bottom.

"The MAC address doesn't change between QEMU instances, unless overriddenon the command line, so a changing MAC isn't the cause."

peace d=^)
spakman
11-03-2005, 03:25 AM
using a registry hack you can change your Ethernet MAC address, if you have the right card.

but why would you want to? the mac address is only visible on the immediate network, noone on the other side of your gateway can see it. so if you move outside of the network all they can see is you IP address

Incorrect. You are talking about a specific info communications protocol. Screengrabs do an end around the protection you've mentioned. It's the reason why your passwords always look like asterisks - so the screengrab doesn't reveal anything.

You could prolly make or see if OSX comes with an Applescript that, oh say, waits until you type "Linksys" or whatever, then does a screen grab, of ur info, and sends the graphic back to the blackhat in question.

Funky things, when you mix BSD with Applescript. Dunno about windows, couldn't get past my dumbed downed MMC. :banghead:

L8
M@DM@X
11-03-2005, 05:50 PM
well i dunno about finding the mac address on a pc but i know people over the net can very very easly spoof the mac address of cable modems and as to my knowledge adsl modems.
i only know this about cable modems because my cable supplier had to replace my cable modem because the mac address got spoofed i didnt have any net for about a week before i phoned them.
CGTalk Moderation
11-03-2005, 05:50 PM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.