![]() ![]() Send the meterpreter session to the background by typing the “background” command. Open the terminal application and type the following without quotes “service apache2 start” The last part of the initial setup is to start Apache on our Kali Linux computer. They will probably assume they typed their credentials into the page incorrectly. This way they will be less suspicious of any issues. Essentially, we are redirecting the victim to after they enter their credentials into our fake. Make sure you are still in the /var/www directory, open your favorite text editor, and type this into the new file: We still need to create this file in order for our victim to be less suspicious of any tampering. We have our index.html page ready, let’s focus on the creds.html page. Let’s just delete this whole section of the index.html file and save it. With, there is a script section of the web page that is going to get in our way. We have to create a creds.html file in our /var/Your index.html file should look like this now: Open the index.html file that wget created in your /var/Now we need to modify this value. We need to modify this page so that we send the victim to our computer, but we also need to make sure they don’t run into any weird issues that might make them suspect that something is amiss. Let’s change the directory into the /var/Now for the tricky part. Specifically, we will need to modify the action that the logon form will take when the user clicks the submit/logon button on the form. The next order of business that we need to attend to, is that we need to get the source for the logon webpage and modify it appropriately. All other HTTPS connections should be forwarded along to their respective hosts. The file will probably look something like this:įor this example, we are concerned with gathering credentials for logins. Technically you can name it whatever you want, as long as the file extension is “.pac”. You need to create a local proxy.pac file. But we don’t want to become a web proxy for all their web browsing habits, simply for the website(s) we want to gather credentials for so we can gain access to that system.įirst there is going to be some setup for this exploit to work properly. The goal – to become a web proxy for them. However, there is a better way to get the user to send their credentials right to your computer. You could try to perform an arpspoof and orchestrate a man in the middle attack, but that could raise some alarms if the client’s intrusion detection system is operating properly. If they follow your instructions, you should see a meterpreter shell created and you can now proceed with the gathering some of their credentials. You could craft your own Powershell script, but since the Social Engineering Toolkit already provides a means to do this, let’s use that tool instead. Why Powershell? We don’t want Anti-Virus to alert any administrators or the users of our penetration test and Anti-Virus software rarely categorized Powershell scripts as malicious. Preferably one that utilizes a Powershell script that creates a reverse connection to your attack system. The first thing that you need to do, is to gain access to their computer via a social engineering attack. You can dump the password hashes or use Mimikatz to output any clear text credentials in memory, but if they haven’t logged into the web application in a day or two, you might be out of luck using either of those methods. You have successfully socially engineered a system administrator or other user with privileges to a web application and you have established a meterpreter shell. There are times during a penetration test when you are having difficulty gaining the credentials you want from a host that has already been compromised. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |