Results 1 to 10 of 31

Thread: [Script] [Video] metasploit-FakeUpdate (v0.1.1)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Lightbulb [Script][Video] metasploit-fakeUpdate[v0.1.4].sh

    Watch video on-line:
    Download Script (metasploit-fakeUpdate[v0.1.4].tar.gz):

    What is this?
    This is a bash script to automate 'Manning in the Middle' to 'pwn' whoever it can, via giving them a "Fake Update" screen. The attack is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!), VNC (remote desktop) or whatever the attacker wishes to use.

    How does this work?
    > Sets up a DHCP and web server
    > Creates an exploit with metasploit.
    > Waits for the target to connect, download and run the exploit.
    > Once successfully exploited it grants access to allow the target to surf the inter-webs.
    > Uploads a backdoor; SBD or VNC, via the exploit
    > The attacker has the option to run a few 'sniffing' programs (from the dnsiff suite) to watch what the target does!

    What do I need?

    > A network with client
    > An Internet connection (though you could modify it so its non transparent)
    > dhcpd3, apache, metasploit, dnsiff suite --- All on BackTrack
    > The script! metasploit-fakeUpdate[v0.1.4].tar.gz (489 KB, SHA1: aac4554f2d09e2a3f1b1061abe3759d445771b5e)

    Whats in the tar.gz?

    > --- Bash script
    > www/index.php --- The page the target is forced to see before they have access to the Internet.
    > www/sbd.exe --- SBD Backdoor> www/winvnc.exe, vnchooks.dll, vnc.reg --- VNC Backdoor
    > www/Linux.jpg, OSX.jpg, Windows.jpg --- OS Pictures
    > www/favicon.ico, animated_favicon1.gif --- FavIcons
    How to use it?
    1.) Extract the tar.gz file (via tar zxf metasploit-fakeUpdate[v0.1.4].tar.gz).
    2.) Copy the "www" folder to /var/www (cp www/* /var/www/)
    3.) Make sure to "Start Network" and to have an IP address. (via start-network and dhclient [Internet Interface])
    4.) Edit with your "internet"interface. (You can view your interfaces via ifconfig and use kate to edit the file.)
    5.) bash (don't forget to be in the correct folder!)
    6.) Wait for a connection...
    7.) ...Game Over.

    tar zxf metasploit-fakeUpdate\[v0.1.4\].tar.gz
    cd metasploit-fakeUpdate\[v0.1.4\]
    cp www/* /var/www

    • Based on fakeAP_pwn.
    • The video uses v0.1
    • It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
    • I'm running BackTrack 4 Final in VM, The target is running Windows XP Pro SP3 (fully up-to-date 2010-05-13), with no firewall and no AV.
    • The connection is reversed - so the connection comes from the target to the attacker, therefore, as the attacker is the server, it could help out with firewalls...
    • As you can see in the code, one day I plan for this to also "affect" Linux and/or OSX...but its taken me this long to update it - so don't hold your breath!

    + Added arguments
    + Can detect and uses broadcast address if needed
    + Checks for superuser
    + Checks interfaces/paths/files exists
    + Randomizes ports each time
    + Reversed the VNC connection
    + Stops and removes any existent backdoors
    + Stops any services and/or programs currently running
    + Uses “msfencode” - to prevent detection
    + Webpage now has a "favicon"
    > Fix a few minor features - Couple of silly typos
    > General code improvements
    > Improved "clean up" code
    > Improved checking the targets IP Address
    > Renamed the backdoor files
    > Renamed the output windows
    > Updated the help message
    > Waits a little bit longer in places

    + Fix Gateway Bug
    + Checks for other index files. And acts on it.
    + Checks to make sure user copied www/. Else acts on it.
    + Added more tools to "extra".
    + Added extra settings
    > Aligned the output windows
    > General code improvements
    > Improved debug info
    > "Started" work on allow a custom backdoor *Needs more work*
    - Removed Linux/OSX *was confusing people*

    + First public release
    Last edited by g0tmi1k; 03-05-2011 at 02:24 PM. Reason: Updated to v0.1.4
    Have you...g0tmi1k?

Similar Threads

  1. [Video] Messing with Metasploit
    By g0tmi1k in forum BackTrack Videos
    Replies: 15
    Last Post: 10-10-2010, 05:14 PM
  2. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  3. [Video] Messing with Metasploit
    By imported_g0tmi1k in forum OLD BackTrack 4 Howto
    Replies: 1
    Last Post: 03-19-2010, 12:30 PM
  4. Metasploit latest video
    By imported_mzer0 in forum OLD Pentesting
    Replies: 5
    Last Post: 09-14-2009, 09:43 PM
  5. metasploit vunerablilty script?
    By luca662 in forum OLD Pentesting
    Replies: 6
    Last Post: 10-05-2008, 01:58 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts