Results 1 to 7 of 7

Thread: Failing to exploit some machines

Hybrid View

  1. #1
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Failing to exploit some machines

    Hello to all BackTrack community.

    I have a problem, I created an environment that i expect to attack, im using 4 computers, one with BackTrack the attacker and the others are using Windows 7, Windows XP and Linux CentOS.

    What i want to do is get full access to those computers. Well all computers are full patched, i mean no ms08... exploits will work. I know i can exploit the XP machine that way but i want to perform a advanced attack. What i tought that would work was using the "java_rhino" exploit.

    1) I spoofed the ARP table of all computers, all the traffic going on, pass through BT machine, i used:

    #echo 1 > /proc/sys/net/ipv4/ip_forwarding
    #arpspoof -i eth0 -t (victim ip) (router ip)

    2) With armitage I found all the computers i want to get access. I had to disable the firewall on Windows Machines since i don't know how to get through the firewall with ICMP packets (if anyone wants to help me with that too, i would be gratefull)

    3) I started the "java_rhino" exploit. The victims need to get to the "website" http://192.168.1.100:53/" so i can get the attack done.

    4) I created a list of websites that are common that people to visit, since i dont want to go direct to http://192.168.1.100:53/ input on browser and i want to redirect those websites to http://192.168.1.100:53/.

    #echo www.google.com > websites.txt ; echo www.facebook.com >> websites.txt ; echo www.youtube.com >> websites.txt

    5) I read about hijacking the browser session on a Book about backtrack, written by Vivek Ramachandran, he used on an exaple:

    #dnsspoof -i mitm-bridge

    mitm-bridge is a bridge that he created comming from a honeypot

    I used:

    #dnsspoof -i ath0 websites.txt

    6) Every time the user connects to www.google.com it gets to a webpage with the text "It works" because he started an apache server.

    I don't have apache started but i have the "java_rhino" working as a server.



    The problem is that i can't get access to the machines, only if i write http://192.168.1.100:53/, but that takes the fun part out of the attack.

    I garantee that i'm performing this in my own network with my own computers. I hope that anyone could help me, thank you very much for reading the post.

    Strakar
    Last edited by strakar; 12-13-2011 at 03:08 AM.

  2. #2
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    12

    Default Re: Failing to exploit some machines

    What I would suggest is that you try running a web server, backtrack comes with apache out of the box, and then see if that works. The reason why I say that is because a browser goes to port 80 on a machine and tries to load it, but without anything listening on port 80, your BT machine will just silently ignore it. Correct me if I'm wrong, but that's what I would suggest.

  3. #3
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Failing to exploit some machines

    The dns spoofing points www.google.com and the other sites to your machine but on port 80
    Your exploit server is running on port 53.

    Redirect port 80 to port 53 using iptables on your machine.
    This should do the trick
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  4. #4
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: Failing to exploit some machines

    I thought about that and i used:

    #iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 53

    But i guess that dnsspoof is working on port 53 UDP and not TCP. And that might be the problem

  5. #5
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: Failing to exploit some machines

    If i change to... -p udp --destination-port 80 -j REDIRECT --to-port 53

    Would it work?

  6. #6
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Failing to exploit some machines

    First of all make sure the dns spoofing actually works.
    Try spoofing google.com to the apache server on your machine just to make sure.

    If that works try entering www.google.com:53 with dnsspoofing and without the iptables in the victim browser ? Does this work ?
    And why does your exploit server run on port 53 ? Can't you change that ?
    I know DNS uses port 53. Might this maybe cause some kind of a problem ?
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  7. #7
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: Failing to exploit some machines

    I can run the exploit in what port i want but when i run dnsspoof it says that it's dnsspoofing is running in port 53.

Similar Threads

  1. Virtual machines
    By rhoomega in forum BackTrack 5 Beginners Section
    Replies: 7
    Last Post: 05-30-2011, 11:11 AM
  2. Search for machines in network?
    By magliter in forum Beginners Forum
    Replies: 3
    Last Post: 10-07-2010, 11:30 AM
  3. Problem with SET on machines outside of my LAN
    By tehryan in forum Beginners Forum
    Replies: 2
    Last Post: 08-12-2010, 01:24 PM
  4. 1 bt4 usb with drivers for multiple machines?
    By Krytical in forum Beginners Forum
    Replies: 1
    Last Post: 06-08-2010, 09:05 PM
  5. Add existing virtual machines
    By playtrack in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 09-09-2009, 05:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •