Hello , I wanna share an interesting technique By which we would get a meterpreter Session Over a MITM in a very easy way.
Tools:
1. Ubuntu [Recommended Kali]
2. Subterfuge [Download Here]
3. Armitage/Metasploit
Now We are familiar with armitage and ubuntu.
What is Subterfuge?
Subterfuge is an automated Man In The Middle Attack Framework. Subterfuge is a web based tools that can run smoothly using ur localhost system without installing webserver (it is included in the installation software). It is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol.
Host Machine = windows 7
Victim Machine = Windows xp
Exploit Machine = Kali
Procedure
1 .Start Your VM and Load Kali .
2.Installation of Subterfuge:
Installer Is graphical and you won't have any problem.
root@digit-laptop:~# tar -zxvf SubterfugePublicBeta5.0.tar.gz
root@digit-laptop:~# cd subterfuge
root@digit-laptop:~# python install.py -i
Running Subterfuge :
root@digit-laptop:~#subterfuge
If we get Such output after Running subterfuge then it is successfully installed.
Setting The Environment
a) Don't forget to replicated the Network to your VM machine
b) In VM Do It this way
3. Now Start subterfuge On External Ip adderss and on Any port You desire, This will Allow us to control Subterfuge from anywhere Around Netwotk
subterfuge -s IP:port
In This Case
root@kali:~# subterfuge -s 192.168.72.131:9000
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Validating models...
0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://192.168.72.131:9000/
Quit the server with CONTROL-C.
Now Minimize it.
Now You can Configure It from Anywhere Around Your network
Now Open Up Browser And Put the Address Of subterfuge
In This Case we Can configure it from exploit machine itself Or from our host Machine i.e Win 7
Exploit Machine:
Host Machine:
Configuring Suberfuge:
a) Click On settings
b) Select the network interface And Gateway
Note: Don't Auto configure as in some cases It results in problem
For VM , Go in Virtual network Editor to know and configure Your Gateway
c) In configuration section , You can Configure Injection rate and page reload rate
Injection rate Is the Timer After Which the Payload is Sent to victim.
Click Apply To save settings
4. Go to modules And Select HTTP Code Injection
5. Then Exploit as inject-ext-server and Payload as Iframe Injection
6. Fill In the IP of Exploit Machine i.e Kali and the port [Through Which Payload is Going to travel] Always 80 or 8080 for Http Injection
7. Click Apply , Go to Homepage and Click Start
Subterfuge is now Started
8. This Is the output You should Get on exploit machine where started subterfuge
Now Armitage Will Provide Us With Payload
Lets Configure the Payload
9. Start Up Armitage And Search signed Java Applet, Click On it Options are already configured and correct . Just set the URI Path To "/".
Note: Port Should be same as You put in subterfuge for sending Exploit
10. Start The exploit Server
11 . Open Up subterfuge again and Refresh it , Till You See a green Loading Bar
Everything Done , Now As soon as your victims in the network Browses anything There Will Be A Hidden Iframe on every page with Java applet.You Will Started getting meterpreter session in armitage
Victim:
Meterpreter Session:
No comments:
Post a Comment