Guest Kabron Posted June 12, 2010 Report Posted June 12, 2010 What is this? The first release of metasploit-fakeUpdate (MFU). This is a bash script to automate 'Manning in the Middle' to 'pwn' whoever it can, via giving them a "Fake Update" screen. The attack is transparent (allowing the target to afterwards surf the inter-webs once they have been exploited!), and the payload is either SBD (Secure BackDoor - similar to netcat!) or VNC (remote desktop). How does this work? > Sets up a DHCP and web server > Creates an exploit with metasploit. > Waits for the target to connect, download and run the exploit. > Once successfully exploited it grants access to allow the target to surf the inter-webs. > Uploads a backdoor; SBD or VNC, via the exploit > The attacker has the option to run a few 'sniffing' programs (from the dnsiff suite) to watch what the target does! What do I need? > A network with client > An Internet connection (though you could modify it so its non transparent) > dhcpd3, apache, metasploit, dnsiff suite --- All on BackTrack > The script! metasploit-fakeupdate_v0.1.3.tar.gz (512 KB, SHA1: BD2502767C728130A0B048557116DDAE748DB15A) Whats in the tar.gz? > metasploit-fakeupdate.sh --- Bash script > www/index.php --- The page the target is forced to see before they have access to the Internet. > www/sbd.exe --- SBD Backdoor > www/vnc-g0tmi1k.exe --- VNC Backdoor > www/Linux.jpg, OSX.jpg, Windows.jpg --- OS pictures > www/favicon.ico, animated_favicon1.gif --- FavIcons How to use it? 1.) Extract the tar.gz file (via tar zxf metasploit_fakeUpdate_v0.1.3.tar.gz). 2.) Copy the "www" folder to /var/www (cp www/* /var/www/) 3.) Make sure to "Start Network" and to have an IP address. (via start-network and dhclient [internet Interface]) 4.) Edit metasploit-fakeupdate.sh with your "internet"interface. (You can view your interfaces via ifconfig and use kate to edit the file.) 5.) sh metasploit-fakeupdate.sh (don't forget to be in the correct folder!) 6.) Wait for a connection... 7.) ...Game Over. Video + download script : g0tmi1k: [script] metasploit-fakeUpdate (v0.1.3) Quote
Alexander33 Posted June 12, 2010 Report Posted June 12, 2010 uite aici intrebare: Merge pe orice fel de conexiune de exemplu: pe un IP de hamachi? Quote
Alexander33 Posted June 13, 2010 Report Posted June 13, 2010 ok am niste probleme cand execut scriptul:[: 32: false: unexpected operator[*] g0tmi1k's Metasploit (Fake Update) [MFU] v0.1.3[: 70: unexpected operator[: 70: unexpected operator[: 70: unexpected operator[: 70: unexpected operator[>] Target address?:xxx.xxx.xxx.xxx[>] Checking environment...[>] Setting up our end...[>] Creating exploit...(Windows)[>] Creating scripts...[: 183: sbd: unexpected operator[: 183: sbd: unexpected operator[: 196: sbd: unexpected operator[: 196: sbd: unexpected operator[: 213: sbd: unexpected operator[>] Starting metasploit...[>] Starting web server...[: 234: sbd: unexpected operator[>] Stealing interwebs...[>] Starting the "Man In The Middle" Attack...[*] Waiting for target to connect...asa si nu mi se deschide nici o fereastra cu metasploit/MTU sau altceva cum era in video... Quote
