Printable View
guy, I'm experimenting with browser_autopwn from metasploit, and I wonder if there's anyway to redirect the remote host to my http server using Man-in-Middle... the other way would be poisoning dns and that's out of the question.
any help appreciated
thanks
You are trying this within a local network?
yes, I am! setup: Lan and vms. I found that ettercap has a plugin called dns_spoof which is excellent for this. However, the box I'm attacking is a win7, and so far I haven't been able to compromise it, and I've launch several exploits at it. It doesn't have any updates or apps installed, just win7 and IE7, with shares: 139, 445 open. I've tried "smb" exploits, and "browsers" exploits, yet I'm not able to get a shell.... in this case when you're looking for an exploit for win7, how would you go about it? Do you search the internet for 0 day exploits, or just try different ones...Oh, Metasploit is up to date!Quote:
Originally Posted by lupin
thanks for the help
ARP spoofing.