shesellsseaSHELLS Posted April 2, 2012 Posted April 2, 2012 Okay guys first off to save alot of time-wasting and misunderstandings i will re-create a scenario so you can give the best possible feedback !. SCENARIO STEP 1: Find unsecured WIFI network or crack WEP of secured. STEP 2: Connect to WIFI network STEP 3: Login to Router 10.1.1.1 or any other type 198.162.1.1 doesn't matter STEP 4: Okay here is what i mean by possibilities, Of course my main objective is to establish a remote desktop connection or be able to view files. I was thinking to do something with DNS re-direct so i can redirect all there attempts to a site of my own which would force a malware download, However this seems to be a little unethical due to the fact that creating a java-drive by will need a crypt of the trojan bla bla bla, So if anyone can think of any other methods i would greatly appreciate it. So my final goal is to be able to have remote desktop on the other computers of the network or atleast one of them and/or view the files on there boxes. Quote
Infiltrator Posted April 2, 2012 Posted April 2, 2012 (edited) Clarify one thing for me, how do you want to RDP into the computers? Via exploitation or just via normal RDP connection? (Like Start->Run->MSTSC and the IP address of the computer!) Edited April 2, 2012 by Infiltrator Quote
shesellsseaSHELLS Posted April 2, 2012 Author Posted April 2, 2012 Well MSTSC is not really what im looking for because i dont have passwords for the computers on the network. So yeah Exploitation would be my best option, Any ideas on exploitation ? Quote
Infiltrator Posted April 2, 2012 Posted April 2, 2012 Well MSTSC is not really what im looking for because i dont have passwords for the computers on the network. So yeah Exploitation would be my best option, Any ideas on exploitation ? Well, suppose you are already authenticated to the wireless network, next thing you could do is use NMAP to scan the network for live machines and then use Metasploit to exploit your target machine. If you haven't used Metasploit before, I recommend watching the videos at securitytube.net, as well as getting your hands on the Metasploit book, by Jim O'Gorman, David Kennedy and Devon Kearns. Quote
shesellsseaSHELLS Posted April 2, 2012 Author Posted April 2, 2012 I had assumed this to be one method of exploitation (metasploit) However, Metasploit in my past has been VERY unethical for gaining Remote desktop. I use metasploit in a VM instance of Backtrack but i always have technical difficulties, i do find trojan tools alot more simple with client and server (SCRIPT-KIDDIE) i know lol but do you know much on private encryption of exe files ? Because i could then DNS poison all computers on network to a JAVA DRIVE BY DOWNLOAD Quote
Infiltrator Posted April 2, 2012 Posted April 2, 2012 do you know much on private encryption of exe files ? Metasploit has a built in encoder that allows you to do just that, so that way you can evade AVs detection. I know there are other ways, but I will need to research into that! Quote
bobbyb1980 Posted April 2, 2012 Posted April 2, 2012 I actually started another thread that touches on this subject. As mentioned in the other thread, many routers come with DNS servers hardcoded into the firmware, so for this attack to work you'll have to find one that doesn't (you should be able to edit /etc/resolv.conf on the pineapple to do this). It sounds like you'd want to reroute traffic to a page that will somehow get you a meterpreter shell, be it java applet attack or browser exploit etc. Once you get an open meterpreter shell carrying out your attack should be fairly painless from here, but getting axx to RDP especially from over the internet may be quite difficult without having the respective ports forwarded. Quote
Infiltrator Posted April 2, 2012 Posted April 2, 2012 (edited) Once you get an open meterpreter shell carrying out your attack should be fairly painless from here, but getting axx to RDP especially from over the internet may be quite difficult without having the respective ports forwarded. Another possibility, would be to setup a reserve TCP connection, once you get a meterpreter shell, you could dump the hashes or create an user account with admin privileges and from there, you could RDP into the compromised host. You will also need port forwarding enabled on your router, if you plan on doing this from the internet. Just throwing some ideas. Edited April 2, 2012 by Infiltrator Quote
bobbyb1980 Posted April 2, 2012 Posted April 2, 2012 Although I've never done it personally, I've read several articles about people who want to accomplish the same net result (GUI) but instead use VNC and SSH to accomplish it. They used the metasploit VNC payloads and got the victim to vnc out via SSH to a remote server. The attacker then connects to the same server and I believe this eliminates the need to port forward. Or something like that : P Quote
Infiltrator Posted April 2, 2012 Posted April 2, 2012 Although I've never done it personally, I've read several articles about people who want to accomplish the same net result (GUI) but instead use VNC and SSH to accomplish it. They used the metasploit VNC payloads and got the victim to vnc out via SSH to a remote server. The attacker then connects to the same server and I believe this eliminates the need to port forward. Or something like that : P If the victim is behind NAT, it would be difficult to penetrate through the firewall, but in situations like this a reverse_TCP_connection would be the way to go. The attacker machine will need to have its port forwarded on the router. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.