Getting meterpreter session over MITM Attack [Study Only]

Hello , I wanna share an interesting technique By which we would get a meterpreter Session Over a MITM in a very easy way.

Tools:

1. Ubuntu [Recommended Kali]

2. Subterfuge [Download Here]

3. Armitage/Metasploit

Now We are familiar with armitage and ubuntu.

What is Subterfuge?

Subterfuge is an automated Man In The Middle Attack Framework. Subterfuge is a web based tools that can run smoothly using ur localhost system without installing webserver (it is included in the installation software). It is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol.

Host Machine = windows 7 

Victim Machine = Windows xp 

Exploit Machine = Kali 

Get IP Address Effective Methods 4+

In this tutorial we're going to have a look at how you can gain someone's IP address.

What can I do with someones IP address?

Most people trace people's IP addresses to (D)DoS them. You will need to fill out the persons IP address to do so. Another reason can be that you want to make a complete DoX (Documentation) of a person, or maybe you just want to do a whois search on the IP. There are plenty of things you can do with gaining someones persons IP address.

The URL method:

This is the most easy way to do in a normal situation but it will require some social engineering. You will need to send your victim a link to a website which will then log the IP address of the person who visited that particular link and send hes IP address to you. When the victim visits the link it will turn into a 404 page (there are multiple websites that offer this service, the one we are going to use will result into a 404). This way it's less likely he'll be suspicious. After the link was clicked you will be send the IP address of your victim via mail (again, varies by website).