[Script] [Video] metasploit-FakeUpdate (v0.1.1)

[g0tmi1k]

having a problem
my setup bt4 final VM with current updates
xp pro with all updates

now do I set the interface (wlan0 in my case) and that is it?
I have tested it with my windows 7 box and got a 404 not found error page but my xp box does nothing, can still surf.

update I was using vnc but switched back to sbd and now my xp box has the 404 not found.

If your target is connected to you on wlan0, then use wlan0!
Have you check the arp table on the targets?
Are you trying to attack a computer which is hosting the VM? I had problems when doing this. Try in another VM, or a whole new PC.

and when you say "404" error, what URL are you trying to view? Because it only works with top level domain. You will need to modify apahce2 I believe if you want it to work with sub-domains, subfolders kinda deal! *its on the to-do list*

[g0tmi1k]

v0.1.4

+ Added arguments
+ Can detect and uses broadcast address if needed
+ Checks for superuser
+ Checks interfaces/paths/files exists
+ Randomizes ports each time
+ Reversed the VNC connection
+ Stops and removes any existent backdoors
+ Stops any services and/or programs currently running
+ Uses “msfencode” - to prevent detection
+ Webpage now has a "favicon"
> Fix a few minor features - Couple of silly typos
> General code improvements
> Improved "clean up" code
> Improved checking the targets IP Address
> Renamed the backdoor files
> Renamed the output windows
> Updated the help message
> Waits a little bit longer in places

[erdmaennchen]

Sry but your script doesn't work for me. I think the exploit u use in the script doesn't work anymore, because instead of a dialog if i want to download the "update" i get from both browsers, firefox and ie, a dialog to save a file which is only 1kb big and has no fileformat. The site with the windows update warning doesn't appear.

Tested with WINXP SP3, with all updates, no av, no fw, newest firefox, newest ie.

Any idea?

greets

[g0tmi1k]

Sry but your script doesn't work for me. I think the exploit u use in the script doesn't work anymore, because instead of a dialog if i want to download the "update" i get from both browsers, firefox and ie, a dialog to save a file which is only 1kb big and has no fileformat. The site with the windows update warning doesn't appear.

Tested with WINXP SP3, with all updates, no av, no fw, newest firefox, newest ie.

Any idea?

greets

What if you open the file up with notepad?
What if you type in: http://[IP address]/Windows-KB183905-x86-ENU.exe <--- Could be a DNS fault.

[erdmaennchen]

Hey.

The file is empty, so think anything happens wrong while the attack.
It could be a dns fault, can't test now, but i wonder that I don't see this fake website. For you understanding, I work with Virtualbox, and bridged both machines (BT4 & WINXPSP3), so that I have direct network access. The dnsspoof seems to work because my real WIN7 machine was redirected when I open up a website e.x. in firefox. So that works.

Greets

[g0tmi1k]

Hey.

The file is empty, so think anything happens wrong while the attack.
It could be a dns fault, can't test now, but i wonder that I don't see this fake website. For you understanding, I work with Virtualbox, and bridged both machines (BT4 & WINXPSP3), so that I have direct network access. The dnsspoof seems to work because my real WIN7 machine was redirected when I open up a website e.x. in firefox. So that works.

Greets

Hello,
What file is empty? The file that the target downloads? Hmmm
Could you open it with notepad? Could you check in BackTrack that its there.
This script is due for a huge update - just gotta do a few other things first...

[Corleone]

I think i found the problem.
There isnt a index.html file in the metasploit-FakeUpdate www map.

c

[Corleone]

When i try using explorer or firefox i also get a dialog box asking me to safe a file.
Opening it with notepad shows the source of the index.html (php)

When entering http://[IP address]/Windows-KB183905-x86-ENU.exe on the victims machine, you get the exe download and it gets executed.

A session is created and shell.So that works perfectly.

Hows the update goin?

c

[g0tmi1k]

I think i found the problem.
There isnt a index.html file in the metasploit-FakeUpdate www map.

c

That would be a problem!

When i try using explorer or firefox i also get a dialog box asking me to safe a file.
Opening it with notepad shows the source of the index.html (php)

When entering http://[IP address]/Windows-KB183905-x86-ENU.exe on the victims machine, you get the exe download and it gets executed.

A session is created and shell.So that works perfectly.

Hows the update goin?

c

I can remember fakeAP_pwn 0.2 having the same issue, though right now, I cant remember the fix
Anyway - this script will soon being replace!
*I was waiting on fakeAP_pwn 0.3 to be done before I carried on with the update to this! Its next on my todo list! *

[RexBudman]

Hello,

I am actually having the same issue I had with previous scripts, which led me to apply the whole thing manually, which I am certainly not opposed to, but the scripts you make, GotM1ilk, are quite nice and I do enjoy the way they are coded, quite nice work.

My issue is that once the "target" downloads the file, and a response on my BTBOX acknowledges that the application has been run and sending stage, it just gets stuck there.

Using the VNC tool for the file to upload.