Skip to content

Releases: r00t-3xp10it/morpheus

Morpheus - automated TCP/IP Hijacking tool

16 May 17:11
Compare
Choose a tag to compare

morpheus

  Version release: v2.2 - STABLE
  Author: pedro ubuntu  [ r00t-3xp10it ]
  Codename: oneiroi phobetor (The mithologic dream greek god)
  Distros Supported: Linux Ubuntu, Kali, Debian, BackBox, Parrot OS
  Suspicious-Shell-Activity© (SSA) RedTeam develop @2018



Framework description

Morpheus it's a Man-In-The-Middle (mitm) suite that allows users to manipulate
tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications.
but this tool main objective its not to provide an easy way to exploit/sniff targets,
but ratter a call of attemption to tcp/udp manipulations technics (ettercap filters)

Morpheus ships with some pre-configurated filters but it will allow users to improve them
when launching the attack (morpheus scripting console) In the end of the attack morpheus
will revert the filter back to is default stage, this will allow users to improve filters
at runtime without the fear of messing with filter command syntax and spoil the filter.

v2.2 changelog

new modules

  • Devices DHCP discovery (be alerted when sellect device enters LAN)
  • Block cpu crypto-minning (drop/kill crypto-mining traffic)
  • Google easter egg pranks (redirect target traffic)
  • Capture https credentials (sslstrip + dns2proxy)
  • SmbRelay lateral movement (smbrelay C&C exploit)

improvements

  • option [14] alternative phishing webpages added
  • DebugMe.sh (debug script of morpheus main tool)
  • warn.sh (sound a beep warning when event its trigger)
  • nmap local LAN scans improved (local LAN NSE scan added)
  • nmap local LAN scans improved (single target NSE scan added)
  • nmap local LAN scans improved (scan using a fake User_Agent)
  • All filters (filter.eft) detection rules updated

new backend applications

  • morpheus/bin/Utils/smbrelayx.py
  • morpheus/bin/Utils/sslstrip-0.9
  • morpheus/bin/Utils/dns2proxy



Download/Install/Config

git clone https://github.com/r00t-3xp10it/morpheus.git
cd morpheus
chmod -R +x *.sh
chmod -R +x *.py
nano settings
sudo ./morpheus.sh




Nmap scans available [option S]

1º - nmap -sn 192.168.1.0/24
2º - nmap -sS -O 192.168.1.0/24
3º - nmap -sV -T4 -Pn --script vuln 192.168.1.0/24
4º - nmap -sS -Pn --reason --script vuln 192.168.1.72
morpheus v2.2-Alpha

Detecting DHCP requests to access local lan [option 17]

This module capture the sellected device request to access the local LAN (bootp-dhcp 67/UDP) and
it triggers one sound warning (BEEP) alerting framework users. Lets look at the follow cenario:
'IF you want to be alerted when your girlfriend its arriving home, then this is the perfect module'.
morpheus v2.2-Alpha

Detecting-blocking crypto currency connections [option 18]

This module allow us to block/kill all tcp/udp connections from (src) and to (dst) from sellected
device, by droping the packets before they arrive destination (source or destination). This is achieved
by regex search all TCP/UDP packets that maches any of the domain names in morpheus blacklist.
Review morpheus crypto mining domain names blacklist (cryptocurrency.eft) filter rules here:
morpheus v2.2-Alpha

Redirect all devices in LAN to google prank [option 19]

This module allow us to redirect target traffic [ All .com prefixed domains ] to google easter eggs.
This is the perfect module if we want to prank lan devices that are browsing the network, Lets look
at the follow cenario: The attacker uses this module to poison all devices inside local lan, if any device
in lan trys to access any prefixed .com domains then it will be redirected to google easter egg pranks.
morpheus v2.2-Alpha

Capture https credentials [option 20]

This module will use sslstrip2 + dns2proxy + iptables + ettercap to be abble to downgrade the
https traffic to http and with that allow us to capture the target inputed credentials in plain text ..
'This module allow us to mitm-sniff Lan in search of target inputed credentials in websites,etc..'
morpheus

SMBrelay lateral movement attack [option 21]

This module asks to framework users to input lhost (to build agent) and rhost (target to exploit).
Then it will wait for any smb auth connections taking place in local lan to be abble to capture the NTLMv2
hash and authenticate the attacker in target smb share with those creds to upload and execute our agent.
smb relay demystified and ntlmv2 pwnage with python (Article by SANS Penetration Testing):
morpheus



Usefull links

Tutorials
settings (configuration file)
how to read .ecp logfiles? (etterlog)
Scripting tutorials
tcp/udp scripting syntax (filters)
tcp/udp scripting (firewall DHCP filter)
tcp/udp scripting (parental control filter)
tcp/udp scripting (IRC chat filter)
morpheus - bug reports
bug reports
morpheus - youtube videos
https://www.youtube.com/playlist?list=PL6lei9H-Ej0IZ2kECHCN3xITljka7pCnT



Special thanks:

@ChaitanyaHaritash (SSA) <-- "For all the help in SMBRelay module development"

All the hard work goes to:
ettercap (alor&naga) | nmap (fyodor) | apache2 (Rob McCool)
dsniff (Dug Song) | driftnet (Chris Lightfoot) | zenity (Glynn Foster)
smbrelayx.py (@agsolino) | sslstrip (Moxie) | dns2proxy (Leonardo)

Morpheus - automated TCP/IP Hijacking tool

16 Mar 01:07
Compare
Choose a tag to compare

morpheus

Version release: v2.0-STABLE
Author: pedro ubuntu  [ r00t-3xp10it ]
Codename: oneiroi phobetor (The mithologic dream greek god)
Distros Supported: Linux Ubuntu, Kali, Debian, BackBox, Parrot OS
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017

Oneiroi phobetor (Greek God Phobetor, the personification of nightmares)


Framework description

Morpheus it's a Man-In-The-Middle (mitm) suite that allows users to manipulate
tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications.
but this tool main objective its not to provide an easy way to exploit/sniff targets,
but ratter a call of attemption to tcp/udp manipulations technics (etter filters)

Morpheus ships with some pre-configurated filters but it will allow users to improve them
when launch the attack (morpheus scripting console) In the end of the attack morpheus will
revert the filter back to is default stage, this will allow users to improve filters at
running time without the fear of messing with filter command syntax and spoil the filter.
"Perfect for scripting fans to safely test new concepts"...

HINT: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

morpheus v2.0-Alpha


Usefull links

morpheus - project main page
morpheus - framework screenshots
morpheus - tutorials
morpheus - settings (configuration file)
morpheus - how to read .ecp logfiles? (etterlog)
morpheus - scripting tutorials
morpheus - tcp/udp scripting syntax (filters)
Morpheus - tcp/udp scripting (firewall filter)
morpheus - bug reports
Morpheus - bug reports
morpheus - youtube videos
https://www.youtube.com/playlist?list=PL6lei9H-Ej0IZ2kECHCN3xITljka7pCnT


Special thanks: Shubham Singh | Chaitanya Haritash | Suriya Prakash
"For all the help provided in debuging this tool in diferent operative systems"

All the hard work goes to:
ettercap (alor&naga) | nmap (fyodor) | apache2 (Rob McCool)
dsniff (Dug Song) | driftnet (Chris Lightfoot) | zenity (Glynn Foster)