SET credential harvester (external)

[2901119]

hey guys,

I'm trying to test a cred. harvester attack externally. I'm testing from my desktop connected to my private network to my laptop which is connected to an unsecured network. my ports are forwarded, when i dial up my external ip address on the victim side it directs me to my cloned site but when i type in credentials and hit enter it just hangs, then tells me its taking too long to respond.On the attacker side under SET it says code 404 message file not found GET /JAVA/CLASS.CLASS HTTP/1.1 I've tried switching the ports in config/set_config from the default port 80 to port 4444 and still the same result. can anyone see what im doing wrong here?

any and all help is greatly appreciated, thank you!

[iproute]

Are credentials successfully obtained when browsing to the malicious site from LAN? When using this attack vector, typically I do not modify anything in set_config. Server port should definitely be left to 80. Get this working locally fist, then to get it working externally, all you would need to do then is forward the port, and nothing more. With this particular attack, there is little difference between external and internal.

[2901119]

yeah i have it working perfectly locally im gonna try everything set to default once more. thanks again for the reply and advice iproute!

[iproute]

Also, typically were I to perform this attack, I like to set up the malicious webserver at home (backtrack server if you will) of cloned site, then with mobile backtrack machine, arp poison with dns spoof or by some other means redirect pentest client workstation to malicious server with my mobile machine. I've found that seperating these function helps the attack to succeed.

[2901119]

ok so i think my problem may lie with my port forwarding... in my router settings it gives me two choices for my web server ports.
1. public port
2. private port

when i have both set to 80 and i dial up my external ip address on the victim side it hangs and says connection has timed out the server is taking too long to respond...

when i have public port set to 8888 and private set to 80 everything works excellent from bringing up my page to redirecting me to the legitimate site which is great but i still don't capture any credentials when i type them in on the victim side.

i have tried many configurations including running the server on my internal ip and external ip and having both ports set to 80 and also having private at 80 and public at 8888... still no luck

as always any help is greatly appreciated!

thank you

[2901119]

My port 80 is being blocked by my isp... man those guys are COX lol