n33dsh3llz Posted January 22, 2017 Share Posted January 22, 2017 Hello Hak5 members, New to this site and platform, but am pretty excited to be back in the states and to get my hands on the Tetra I purchased. When looking at modules I can't seem to find something similar to the MITMf framework integrated into it. This takes use of filepwn, but I have been having a great experience using Shellter. Where should I go for learning how to integrate a new module into the Pineapple? Here is what I am wanting: 1. Client makes request for .exe file 2. Pineapple forwards to the web server 3. Web server responds 4. Pineapple receives the traffic: If (PARAMS == TRUE): Pass the executable over to Shellter, inject a payload, then forward to the client. else: forward to the client Some of the params you would setup would be maximum file size (to make sure the process doesn't take too long), if the program is already wrapped, etc. Ideally, one would be running some sort HTTPS downgrade attack, or SSL Stripper, so the probability of injection is higher as most sites now use https. Shellter has been awesome for me when it comes to AV evasion, but it may also be perfect to allow user's to pipe the executable to whatever program they want to handle the payload injection and just have the module looking for the created file to popup in a specific location. Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted January 22, 2017 Author Share Posted January 22, 2017 Found the youtube series on creating modules: https://www.youtube.com/watch?v=Lvf2At3G1C0 I have experience with Bootstrap and AngularJS so it shouldn't take too long to figure out the formatting for the modules. Only thing is, hopefully I can leverage another module for finding *.exe download requests for a MITM attack otherwise it would make creating this a lot longer. Needs to be able to have a MITM running and replace any .exe a client requests with one that has a custom payload put in it. If anyone knows of something that already does this, then please let me know. Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted January 24, 2017 Author Share Posted January 24, 2017 ON-THE-FLY FILE INJECTION Goal: With a MITM attack in progress, be able to sniff traffic and modify any requested downloads to the victim/client machines utilizing Ettercap. With this, the attacker should have the option to use a previously created payload from a file location, or allow for on-the-fly injection using simple ‘expect’ scripts passing a downloaded file over to a program for injection before forwarding it to the client. For pre-set files, the filenames would be modified to match the requested file before being pushed to the client. Ettercap Filters: Locate Exe files Locate Office files Locate PDF files Stored user variables (Pineapple Module options using Bootstrap front-end): Max file size (prevent from injecting large files causing long latencies) Select associated client(s) to attack Injection Method On-the-fly (Shellter, Metasploit, Veil/Macro_safe.py) Payload (would be awesome to detect OS and use a correlated payload for it) LHost LPort Custom/Pre-set files File locations (payload.exe, payload.pdf, payload.doc, payload.docx, payload.xls, etc) Option to auto-add client/file correlation to a blacklist once it was already injected and forwarded Config files: Template for adding more injection methods to supplement Shellter, Veil, Metasploit as the defaults. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.