|
aphillips888 favorited a video
(2 weeks ago)
This is a tutorial on how to use Backtrack 5 R1 in order to gain remote ...
more
This is a tutorial on how to use Backtrack 5 R1 in order to gain remote access to another computer on the network. Specifically, we'll be using the Java Applet attack along with ettercap's DNS spoofing attack to spawn a Meterpreter shell on the victim.
You must have backtrack 5 R1. All my subsequent tutorials will be using Backtrack 5, so if you really want to be a true hacker, start using Backtrack 5.
At around 11 minutes, my microphone stops working, but don't worry, I don't say anything important.
Please subscribe! I'll continue to upload more effective and powerful hacking techniques!
DON'T WORRY ABOUT MY BACKGROUND, BACKTRACK 5 R1 BY DEFAULT DOES NOT HAVE THE SAME WALLPAPER AS I DO. I GOT MINE OFF THE INTERNET.
If you're having troubles with this, and you've followed all the directions, try giving Backtrack an update. Do this by...
apt-get update
apt-get upgrade
apt-get dist-upgrade
If you want to allow the victim to browse their sites again, first migrate to explorer.exe, then type "shell" without quotes, then type the command without quotes: "ipconfig /flushdns"
Also make sure to stop ettercap by clicking in the ettercap terminal, then pressing "q" without quotes.
Also, I've been getting tons of questions on how to perform this OUTSIDE your LAN. This is very possible, but you can't do the DNS spoofing part. NOTE. PLEASE WATCH THIS TUTORIAL BEFORE READING THIS, BECAUSE YOU WILL GET CONFUSED. Now here's how:
This isn't too difficult, but you're gonna need to some extra work. First, you'll need to port forward traffic to your computer. You can do this by going to your router configuration settings and forwarding a port to your computer. That port can be any port number, I suggest something like 4444, or something like that.
Also, you'll need to know your external IP address. Go to www.whatismyip.com to find it out, and copy that somewhere. Go to the set_config file located at
/pentest/exploits/set/config/set_config and look till you see something like "auto detection of your ip address" and make sure that is set to OFF.
From there, I believe you should be ready to go. When you are following my video, after selecting the Java Web Template, it will ask you if you are using NAT or port forwarding. Say yes. Then it will prompt you for an IP address. Enter your EXTERNAL IP ADDRESS in. It's the one you copied down from that site.
After that, continue like normal. After everything is set up, just send someone that ip address and have them visit it, and when they click run on the java applet, everything should work just fine. If you want to make the attack more believable, put the IP address in a URL shortening service, like tinyurl, then send that link to somebody.
less
|
|
Peace