Networking is an important platform for an Ethical Hacker to
check on, many of the threat can come from the internal network like network
sniffing, Arp Spoofing, MITM e.t.c, This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password
etc.
Table of Content
·
Introduction to Xerosploit
·
Man-In-The-Middle
·
Xerosploit Installation
·
PSCAN (Port Scanner)
·
DOS (Denial of service)
·
INJECTHTML (HTML INJECTION)
·
rdownload
·
SNIFF
·
dspoof
·
YPLAY
·
REPLACE
·
Driftnet
Introduction
to Xerosploit
Xerosploit
is a penetration testing toolkit whose goal is to perform man in the middle
attacks for testing purposes. It brings various modules that allow to realise
efficient attacks, and also allows to carry out denial of service attacks and
port scanning. Powered by bettercap and nmap.
For those who are not familiar with Man-in-the-middle attack,
welcome to the world of internal network attacks
Dependencies
nmap
hping3
build-essential
ruby-dev
libpcap-dev
libgmp3-dev
tabulate
terminaltables
Built-up with
various Features:
Port scanning
Network mapping
Dos attack
Html code
injection
Javascript code
injection
Download
intercaption and replacement
Sniffing
Dns spoofing
Background audio
reproduction
Images replacement
Drifnet
Webpage defacement and
more
Man-In-The-Middle
A man-in-the-middle attack (MITM) is an attack
where the attacker secretly relays and possibly alters the communication
between two parties who believe they are directly communicating with each other.
There are many open source tools available online for this attack like
Ettercap, MITMF, Xerosploit, e.t.c
From Wikipedia.org
Xerosploit
Installation
Xerosploit is an attack tool for MITM which can run only
on Linux OS to do so follow the simple steps:-
Open up terminal and type
git clone https://github.com/LionSec/xerosploit.git
cd xerosploit
./install.py
It will ask to choose your
operating system, here we have press 1
for Kali Linux.
Here it will display your network configuration including
IP address, MAC address, gateway, and interface and host name. Now run the
following command on xerosploit console to know the initial commands:
help
In this grid we have list of commands for our attack and we are
going for man in middle attack, so I will choose scan command in
my next step for scanning the whole network.
scan
This command will scan
complete network and will found all devices on your network.
As you can observe that it has scanned all the active
hosts. There are so many hosts in this network; you have to choose your target
from given result. I am going to select 192.168.1.105 for man in middle attack.
192.168.1.105
In next
comment it will ask for module you want to load for man in middle attack. Go
with this comment and type help.
help
PSCAN (Port Scanner)
Let’s
begin with pscan which is a port scanner, it will show you all the open ports
on network computer and retrieve version of the programs running on the
detected ports. Type run to execute pscan
and it will show you all the open ports of victim’s network.
pscan
DOS
(Denial of service)
Type “dos” to load the module, it will send a succession of
TCP-SYN request packet to a target’s system to make the machine unresponsive to
legitimate traffic which mean it is performing SYN Flood attack.
dos
run
press ctrl + c to
stop
If you are aware of HPING tool then you can notice, this
module is initially using HPING command for sending countless SYN request
packet.
INJECTHTML
(HTML INJECTION)
HTML injection is the vulnerability inside any website
that occurs when the user input is not correctly sanitized or the output is not
encoded and attacker is able to inject valid HTML code into a vulnerable web
page. There are so many techniques which could be use element and attributes to
submit HTML content.
So
here we will replace victim’s html page with ours. Select any page of yours
choice as you will notice that I have written “You have been hacked” in my
index.html page which I will replace with the victim’s html page. Whatever page
the victim will try to open he/she will see only the replaced one.
First
create a page as I have created & save it on Desktop by the name of INDEX.html
Now run injecthtml
command to load the injecthtml module. And then type run command to execute the injecthtml and enter the path where you
have saved the file.
Bravo! We have
successfully replaced the page as you can see in the picture below.
Hit ctrl^c to
stop the attack.
SNIFF
Now run the following module to sniff all the traffic
of the victim with command:
sniff
Then enter the following command to execute that
module:
run
Now it will ask you if you want to use SSLTRIP to
strip the HTTPS URl’s to HTTP so that we can they catch the login credentials
in clear text. So enter y.
When the victim will enter the username and password it will
sniff and capture all the data.
Now it
will open a separate terminal in which we can see all the credentials in clear
text. As you can see it has successfully captured the login credentials.
Hit ctrl^c to
stop the attack.
dspoof
It load dspoof module which will supply false DNS
information to all target browsed hosts Redirect all the http traffic to the
specified one IP.
Now type run command to execute module and then it will ask
the IP address where you want to redirect the traffic, here we have given our
Kali Linux IP.
Now as soon as the victim will open any webpage he/she
will get the page store in our web directories which we want to show him/her as
shown in the picture below.
Hit ctrl^c to
stop the attack.
YPLAY
Now let’s catch the other interesting module which is
yplay. It will play background video sound in victim browser of your choice. So
first execute yplay command followed by run command and give the video i.d what
you have selected.
Open your browser and choose your favorite video in
YouTube which you want to play in background in victim’s browser. If
video having any advertisement then skip that and select id from url.
Come back to xerosploit.
yplay
To
execute yplay module for attack type run.
run
Insert you
tube video ID which you have copy above
from url in next step.
febVHEarpeQ
Now in no matters what victim is doing on the laptop. If
he will try to open any webpage, on the background he/shell will hear the song
which we want him to listen.
Hit ctrl^c to
stop the attack.
REPLACE
I hope all the attacks were quite interesting. But the
next is going to be amazing. Now we will replace all the images of victim’s
website with our images. For this first execute the command replace followed by
run command. Don’t forget to give the path of the .png file which you have
created as a surprise box for the victim.
replace
run
/root/Desktop/1.png
As the victim opens any url he/she will be amazed to see
the replaced images of his/her website as shown here.
Hit ctrl^c to
stop the attack.
Driftnet
We will use driftnet module
to capture all the images the victim is surfing on the web with following
commands and it will save all captured picture in opt/xerosploit/xedriftnet.
driftnet
run
Once the attack is launched; we can sniff down all the images
that he is viewing on his computer in our screen. We can do much more with this
tool simply by using the move you can shake the browser
contents
As you can observe that all the images what victim is
viewing on his/her system is captured in your system successfully.
Hopefully! So it
is needless to say that this tool XERSPLOIT is quite interesting and useful as
well for performing so many attacks. I hope readers are gonna like this.
HaPpY hAcKing!!
