Results 1 to 10 of 31

Thread: [Script] [Video] metasploit-FakeUpdate (v0.1.1)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Script][Video] metasploit-fakeUpdate[v0.1.4].sh

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/3622179
    Download
    video: http://www.mediafire.com/?kz0zyde3gjt
    Download Script (metasploit-fakeUpdate[v0.1.4].tar.gz): http://www.mediafire.com/?gjzzzmzztmz


    What is this?
    This is a bash script to automate 'Manning in the Middle' to 'pwn' whoever it can, via giving them a "Fake Update" screen. The attack is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!), VNC (remote desktop) or whatever the attacker wishes to use.


    How does this work?
    > Sets up a DHCP and web server
    > Creates an exploit with metasploit.
    > Waits for the target to connect, download and run the exploit.
    > Once successfully exploited it grants access to allow the target to surf the inter-webs.
    > Uploads a backdoor; SBD or VNC, via the exploit
    > The attacker has the option to run a few 'sniffing' programs (from the dnsiff suite) to watch what the target does!


    What do I need?

    > A network with client
    > An Internet connection (though you could modify it so its non transparent)
    > dhcpd3, apache, metasploit, dnsiff suite --- All on BackTrack
    > The script! metasploit-fakeUpdate[v0.1.4].tar.gz (489 KB, SHA1: aac4554f2d09e2a3f1b1061abe3759d445771b5e)

    Whats in the tar.gz?

    > metasploit-fakeUpdate.sh --- Bash script
    > www/index.php --- The page the target is forced to see before they have access to the Internet.
    > www/sbd.exe --- SBD Backdoor> www/winvnc.exe, vnchooks.dll, vnc.reg --- VNC Backdoor
    > www/Linux.jpg, OSX.jpg, Windows.jpg --- OS Pictures
    > www/favicon.ico, animated_favicon1.gif --- FavIcons
    How to use it?
    1.) Extract the tar.gz file (via tar zxf metasploit-fakeUpdate[v0.1.4].tar.gz).
    2.) Copy the "www" folder to /var/www (cp www/* /var/www/)
    3.) Make sure to "Start Network" and to have an IP address. (via start-network and dhclient [Internet Interface])
    4.) Edit metasploit-fakeupdate.sh with your "internet"interface. (You can view your interfaces via ifconfig and use kate to edit the file.)
    5.) bash metasploit-fakeupdate.sh (don't forget to be in the correct folder!)
    6.) Wait for a connection...
    7.) ...Game Over.

    Commands:
    Code:
    tar zxf metasploit-fakeUpdate\[v0.1.4\].tar.gz
    cd metasploit-fakeUpdate\[v0.1.4\]
    cp www/* /var/www
    ifconfig
    kate metasploit-fakeUpdate.sh
    bash metasploit-fakeUpdate.sh
    Notes:

    • Based on fakeAP_pwn.
    • The video uses metasploit-fakeUpdate.sh v0.1
    • It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
    • I'm running BackTrack 4 Final in VM, The target is running Windows XP Pro SP3 (fully up-to-date 2010-05-13), with no firewall and no AV.
    • The connection is reversed - so the connection comes from the target to the attacker, therefore, as the attacker is the server, it could help out with firewalls...
    • As you can see in the code, one day I plan for this to also "affect" Linux and/or OSX...but its taken me this long to update it - so don't hold your breath!

    + Added arguments
    + Can detect and uses broadcast address if needed
    + Checks for superuser
    + Checks interfaces/paths/files exists
    + Randomizes ports each time
    + Reversed the VNC connection
    + Stops and removes any existent backdoors
    + Stops any services and/or programs currently running
    + Uses “msfencode” - to prevent detection
    + Webpage now has a "favicon"
    > Fix a few minor features - Couple of silly typos
    > General code improvements
    > Improved "clean up" code
    > Improved checking the targets IP Address
    > Renamed the backdoor files
    > Renamed the output windows
    > Updated the help message
    > Waits a little bit longer in places


    v0.1.2
    + Fix Gateway Bug
    + Checks for other index files. And acts on it.
    + Checks to make sure user copied www/. Else acts on it.
    + Added more tools to "extra".
    + Added extra settings
    > Aligned the output windows
    > General code improvements
    > Improved debug info
    > "Started" work on allow a custom backdoor *Needs more work*
    - Removed Linux/OSX *was confusing people*


    v0.1.1
    + First public release
    Last edited by g0tmi1k; 03-05-2011 at 02:24 PM. Reason: Updated to v0.1.4
    Have you...g0tmi1k?

Similar Threads

  1. [Video] Messing with Metasploit
    By g0tmi1k in forum BackTrack Videos
    Replies: 15
    Last Post: 10-10-2010, 05:14 PM
  2. [Script] [Video] FakeAP_pwn (v0.2.1)
    By g0tmi1k in forum BackTrack Videos
    Replies: 184
    Last Post: 09-02-2010, 11:01 AM
  3. [Video] Messing with Metasploit
    By imported_g0tmi1k in forum OLD BackTrack 4 Howto
    Replies: 1
    Last Post: 03-19-2010, 12:30 PM
  4. Metasploit latest video
    By imported_mzer0 in forum OLD Pentesting
    Replies: 5
    Last Post: 09-14-2009, 09:43 PM
  5. metasploit vunerablilty script?
    By luca662 in forum OLD Pentesting
    Replies: 6
    Last Post: 10-05-2008, 01:58 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •