Jump to content

Wifi Router - Dns Possiblities


shesellsseaSHELLS

Recommended Posts

Okay guys first off to save alot of time-wasting and misunderstandings i will re-create a scenario so you can give the best possible feedback !.

SCENARIO

STEP 1: Find unsecured WIFI network or crack WEP of secured.

STEP 2: Connect to WIFI network

STEP 3: Login to Router 10.1.1.1 or any other type 198.162.1.1 doesn't matter

STEP 4: Okay here is what i mean by possibilities, Of course my main objective is to establish a remote desktop connection or be able to view files. I was thinking to do something with DNS re-direct so i can redirect all there attempts to a site of my own which would force a malware download, However this seems to be a little unethical due to the fact that creating a java-drive by will need a crypt of the trojan bla bla bla, So if anyone can think of any other methods i would greatly appreciate it.

So my final goal is to be able to have remote desktop on the other computers of the network or atleast one of them and/or view the files on there boxes.

Link to comment
Share on other sites

Clarify one thing for me, how do you want to RDP into the computers?

Via exploitation or just via normal RDP connection? (Like Start->Run->MSTSC and the IP address of the computer!)

Edited by Infiltrator
Link to comment
Share on other sites

Well MSTSC is not really what im looking for because i dont have passwords for the computers on the network. So yeah Exploitation would be my best option, Any ideas on exploitation ?

Well, suppose you are already authenticated to the wireless network, next thing you could do is use NMAP to scan the network for live machines and then use Metasploit to exploit your target machine. If you haven't used Metasploit before, I recommend watching the videos at securitytube.net, as well as getting your hands on the Metasploit book, by Jim O'Gorman, David Kennedy and Devon Kearns.

Link to comment
Share on other sites

I had assumed this to be one method of exploitation (metasploit) However, Metasploit in my past has been VERY unethical for gaining Remote desktop. I use metasploit in a VM instance of Backtrack but i always have technical difficulties, i do find trojan tools alot more simple with client and server (SCRIPT-KIDDIE) i know lol but do you know much on private encryption of exe files ? Because i could then DNS poison all computers on network to a JAVA DRIVE BY DOWNLOAD

Link to comment
Share on other sites

do you know much on private encryption of exe files ?

Metasploit has a built in encoder that allows you to do just that, so that way you can evade AVs detection. I know there are other ways, but I will need to research into that!

Link to comment
Share on other sites

I actually started another thread that touches on this subject. As mentioned in the other thread, many routers come with DNS servers hardcoded into the firmware, so for this attack to work you'll have to find one that doesn't (you should be able to edit /etc/resolv.conf on the pineapple to do this).

It sounds like you'd want to reroute traffic to a page that will somehow get you a meterpreter shell, be it java applet attack or browser exploit etc.

Once you get an open meterpreter shell carrying out your attack should be fairly painless from here, but getting axx to RDP especially from over the internet may be quite difficult without having the respective ports forwarded.

Link to comment
Share on other sites

Once you get an open meterpreter shell carrying out your attack should be fairly painless from here, but getting axx to RDP especially from over the internet may be quite difficult without having the respective ports forwarded.

Another possibility, would be to setup a reserve TCP connection, once you get a meterpreter shell, you could dump the hashes or create an user account with admin privileges and from there, you could RDP into the compromised host. You will also need port forwarding enabled on your router, if you plan on doing this from the internet.

Just throwing some ideas.

Edited by Infiltrator
Link to comment
Share on other sites

Although I've never done it personally, I've read several articles about people who want to accomplish the same net result (GUI) but instead use VNC and SSH to accomplish it. They used the metasploit VNC payloads and got the victim to vnc out via SSH to a remote server. The attacker then connects to the same server and I believe this eliminates the need to port forward. Or something like that : P

Link to comment
Share on other sites

Although I've never done it personally, I've read several articles about people who want to accomplish the same net result (GUI) but instead use VNC and SSH to accomplish it. They used the metasploit VNC payloads and got the victim to vnc out via SSH to a remote server. The attacker then connects to the same server and I believe this eliminates the need to port forward. Or something like that : P

If the victim is behind NAT, it would be difficult to penetrate through the firewall, but in situations like this a reverse_TCP_connection would be the way to go. The attacker machine will need to have its port forwarded on the router.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...