Ethical Hacking and Penetration Testing Guide
Using Windows Box as Router (Port Forwarding)
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Using Windows Box as Router (Port Forwarding)
- Browser AutoPWN
- Problem with Browser AutoPWN
|
Using Windows Box as Router (Port Forwarding)
Now your Windows box has a public IP 75.15.84.55 running on port 80 whereas your BackTrack box has the IP 192.168.1.4 hosting the server on local port 4444. You need to redirect the traffic from your Windows box to your BackTrack box. You can use a neat tool called SPI port forward for this task. Here’s how it’s done: Local Port : It’s the local port of your Windows machine. Remote Host : This is where our BackTrack box is located. Remote Port : The port on which your malicious webserver is running; since it’s running on 4444 on my BackTrack machine, we will use 4444. Max Connections : Number of connections you want to set up. So whenever my Windows machine would receive a connection on port 80, it will forward it to the BackTrack machine running on 192.168.1.4 listening to port 4444. Browser AutoPWN Now that everything is configured, we can launch the “Browser AUTOPWN” attack via SET. In this particular scenario, we will use the SET to create a malicious webserver hosting our exploits. First, let’s have a brief look at “Browser Autopwn,” which will fire up all the available exploits pres- ent in Metasploit. Client Side Exploitation ◾ 221 Why Use Browser AutoPWN? With so many different types of browsers, how can we possibly know what browser the victim uses. To find out, we perform the Browser AutoPWN attack, which loads the webserver with all the malicious browser-based exploits, including the ones for Opera, Firefox, Internet Explorer, Google Chrome, etc. So if the victim is on any one of these browsers, the malicious code will run into the victim’s browser, hence compromising his system. Problem with Browser AutoPWN At this point of time, you might be wondering why use an individual exploit when we can use Browser AutoPWN that can make our work a lot easier. The answer is we don’t want to be blocked by intrusion detection systems and other network defense strategies. Browser AutoPWNs are very loud at the other end and can be easily detected as we are just firing the exploits on the browsers. So this strategy is not advisable and many pentesters avoid using it. 4. Setting Up Malicious WebServer On SET Now, we can finally set up our malicious webserver via the SET as follows: Step 1 —From the SET attack menu we will choose “Metasploit Browser Attack Method.” Step 2 —Next, it will ask you for the type of webtemplate you would like to use; we will go with the first option. It will now ask if NAT forwarding or port forwarding is enabled; since we are using it, we will type “yes”. After that it will ask for your external IP address; you would need to enter your public IP. You can check your public IP by going to getip.com, apart from getip.com there are tons of other sites that can show your IP. 222 ◾ Ethical Hacking and Penetration Testing Guide Step 3 —Next it will ask if your reverse handler is on a different IP address from our public IP, we will type “yes,” since we are running it on our local IP address. Step 4 —Next, it will ask for the type of template you would like to use, go with any template you like. Step 5 —You will see a huge list of browser-related exploits that are present in Metasploit. Since we want to use browser autopwn in this particular scenario, we will select the “Metasploit Browser Autopwn” attack vector. Step 6 —Next, it will ask for the payload we want to use. In my case, I want to use my favorite payload, that is, Windows reverse_Meterpreter. Step 7 —Next, it would ask for the port to use for reverse connection. The default is 443, but you can choose any port you want. Within a few minutes, the SET will launch the webserver. The victim would not be able to access it on the public IP address of the attacker on port 80. |