Jasager + Set

[bobbyb1980]

Hey guys. I fired up the jasagerPwn script today and noticed the attack vectors they added in from SET. These really don't work that well for me, so I was wondering how it can be manually done. I read the jasagerPwn script and couldn't find any commands. So I thought I'd start from scratch.

The idea is to have all traffic redirected to an apache server on the attacking machine. From there we could either run browser autopwn or use a java app to get a payload across with the hopes of opening a meterpreter session.

First I would obviously need to configure ICS on the router/attacking machine.

Next I would need to start apache.

Now I need to somehow make all traffic redirect to the IP of the apache server. This is where I am having a hard time. I tried doing this using the FakeDNS auxiliary module in msf3, but it doesn't work that well. My next idea is to setup my own DNS server on the attacking machine then add that address to the DNS server entry on the router, then figure out how to have all the traffic routed to the apache server. Does this sound right?

Once these steps are completed, I would then have browser autopwn listen for requests or use an infected java applet. I basically want to do what the jasagerPwn and SET scripts do, but I want to do it in a step by step fashion so I can understand each step so I can further add to it. I am learning basic bash scripting right now so sometimes reading the more complicated scripts (like the ones SET uses) can be a little confusing.

Can someone direct me to a tutorial or similar that explains this? Thanks guys.

[bobbyb1980]

Well I have been researching how to do this and have come up with a plan. First I setup the router and the attacking machine and make sure people can connect to the AP. Once that is setup I go to the attacking machine and start SET. Here's where I am running into problems. I can start SET fine, no problems there, but I want to forward all network traffic to the server that SET starts. I am trying to do this using Iptables but I keep getting a 'bad argument 172.20.0.1' error. 172.20.0.1 is the addy for my attacking machine (where SET starts).

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.20.0.1:80

After issuing this command, I get a bad argument. I've tried many variants of this rule, such as forwarding from a specific IP, from a specific network, etc and they all give me the same error.

So would anyone know how to route all traffic on a LAN to one server via Iptables?

Edited September 29, 2011 by bobbyb1980

[bobbyb1980]

Finally got it working. I'm going to try to write a tutorial on how to do it but my brain jumps all over the place so it might not be the best.

I couldn't accomplish what I wanted to do using IP Tables (if anyone knows I'd still love to hear). I tried about a million different entries none of which worked. I did find a tool called ghost phisher which sets up a fake DNS and a DHCP server on the AP. The tool is designed to forward requests to a fake/cloned website so you can harvest credentials, but I just started the java page on SET and used ghost phisher to redirect all requests there and viola : ) I know it's a gui tool and kind of cheating, but I can't find any others. Will write tutorial in coming days.