Xerosploit- A Man-In-The-Middle Attack Framework

Xerosploit- A Man-In-The-Middle Attack Framework


Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c, This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password etc.

Table of Content

·         Introduction to Xerosploit

·         Man-In-The-Middle

·         Xerosploit Installation

·         PSCAN (Port Scanner)

·         DOS (Denial of service)

·         INJECTHTML (HTML INJECTION)

·         SNIFF

·         dspoof

·         YPLAY

·         REPLACE

·         Driftnet

Introduction to Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform a man in the middle attacks for testing purposes. It brings various modules that allow realising efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.

For those who are not familiar with Man-in-the-middle attack, welcome to the world of internal network attacks

Dependencies

·         nmap

·         hping3

·         build-essential

·         ruby-dev

·         libpcap-dev

·         libgmp3-dev

·         tabulate

·         terminal tables

Built-up with various Features:

·         Port scanning

·         Network mapping

·         Dos attack

·         Html code injection

·         Javascript code injection

·         Download interception and replacement

·         Sniffing

·         DNS spoofing

·         Background audio reproduction

·         Images replacement

·         Drifnet

·         Webpage defacement and more 

Man-In-The-Middle

A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. There are many open source tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c

From Wikipedia.org

Xerosploit Installation

Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-

Open up terminal and type

git clone https://github.com/LionSec/xerosploit.git

cd xerosploit

./install.py

It will ask to choose your operating system, here we have press 1 for Kali Linux.

Description: https://i0.wp.com/4.bp.blogspot.com/-mk0DzTyEQa4/W9ihxlg6bII/AAAAAAAAa6U/NcA2jeeZmGMvJn8sq8j5G586V4AwWXElQCLcBGAs/s1600/1.png?w=640&ssl=1

Here it will display your network configuration including IP address, MAC address, gateway, and interface and hostname. Now run the following command on xerosploit console to know the initial commands:

help

Description: https://i0.wp.com/1.bp.blogspot.com/-qTqFaoYP8M8/W9ih0qNQTJI/AAAAAAAAa7A/4JEfQX2LmVgSsT6qan9RhAABXVf8dZyGgCLcBGAs/s1600/2.png?w=640&ssl=1

In this grid, we have a list of commands for our attack and we are going for the man in middle attack, so I will choose scan command in my next step for scanning the whole network.

scan

This command will scan the complete network and will found all devices on your network.

As you can observe that it has scanned all the active hosts. There are so many hosts in this network; you have to choose your target from the given result. I am going to select 192.168.1.105 for the man in the middle attack.

192.168.1.105

 In the next comment, it will ask for the module you want to load for the man in the middle attack. Go with this comment and type help.

help

Description: https://i0.wp.com/2.bp.blogspot.com/-9GucLaDrWS0/W9ih17hYFkI/AAAAAAAAa7Q/eN8UsqFMAjwz2XSTunTwRkL5yK60Nb_egCLcBGAs/s1600/3.png?w=640&ssl=1

pscan (Port Scanner)

Let’s begin with pscan which is a port scanner, it will show you all the open ports on the network computer and retrieve the version of the programs running on the detected ports. Type run to execute pscan and it will show you all the open ports of the victim’s network.

pscan

Description: https://i0.wp.com/4.bp.blogspot.com/-P12yPj9bCwI/W9ih2F9RNPI/AAAAAAAAa7U/HR8f8EX0aS4QT0SHrZwaCwovp6i_hqa-QCLcBGAs/s1600/4.png?w=640&ssl=1

DOS (Denial of service)

Type “dos” to load the module, it will send a succession of TCP-SYN request packet to a target’s system to make the machine unresponsive to legitimate traffic which means it is performing SYN Flood attack.

dos

run

press ctrl + c to stop

If you are aware of HPING tool then you can notice, this module is initially using HPING command for sending countless SYN request packet.Description: https://i0.wp.com/2.bp.blogspot.com/-TPam7o83WE8/W9ih2byXpMI/AAAAAAAAa7Y/3qM6MxuszQAE-pGeTUCGmd-zOZWiGXJKACLcBGAs/s1600/5.png?w=640&ssl=1

Inject HTML (HTML Injection)

HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized or the output is not encoded and the attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could use element and attributes to submit HTML content.

So here we will replace the victim’s html page with ours. Select any page of your choice as you will notice that I have written “You have been hacked” in my index.html page which I will replace with the victim’s html page. Whatever page the victim will try to open he/she will see only the replaced one.

First, create a page as I have created & saved it on Desktop by the name of INDEX.html

Description: https://i0.wp.com/4.bp.blogspot.com/-GJp7rD8gAoA/W9ih210yKZI/AAAAAAAAa7c/eIzakc07IDAz69GeTYduicmx6YkNBz9pgCLcBGAs/s1600/6.png?w=640&ssl=1

Description: https://i0.wp.com/3.bp.blogspot.com/-i_PUFYyMIVo/W9ih3Qba-fI/AAAAAAAAa7g/fuhA8Yyrv4csDNZB4vcCWdUUJx507xCPQCLcBGAs/s1600/7.png?w=640&ssl=1

Now run injecthtml command to load the injecthtml module. And then type run command to execute the injecthtml and enter the path where you have saved the file.

Bravo! We have successfully replaced the page as you can see in the picture below.

Hit ctrl^c to stop the attack.

Description: https://i0.wp.com/3.bp.blogspot.com/-B9BGpmYknfk/W9ih3k6mBwI/AAAAAAAAa7k/gR0HOWacuCYTj08M7xuOQ0XBRTzR0CHGACLcBGAs/s1600/8.png?w=640&ssl=1

Sniff

Now run the following module to sniff all the traffic of the victim with the command:




Komentar

Posting Komentar

Postingan populer dari blog ini

meretas menggunakan metasploit eksploitasi windows

 oke temen2 semua masih bersama saya dalam pembahasan seputar dunia hacking. Judul kita kali ini adalah peretasan windows menggunakan msfenom yang tentunya menggunakan metasploit sebagai senjatanya. Dalamartikel ini kita akan belajar bagaimana menggunakan msfvenomuntuk menghasilkan semua jenis muatan untuk mengeksploitasi windows. Daftar isi : Persyaratan Sintaks Msfvenom Payload dan Jenisnya Payload Yang dapat di eksekusi (exe) File batch Powershell Payload Aplikasi HTML (HTA) Payload Penginstall Microsoft (MSI) Pustaka tautan dinamis (DLL) Pawershell Payload (psh-cmd) Muatan Powershell (ps1) Muatan shell web (ASPX) Payload Visual Basic (.vba) Persyaratan : Kali linux Mesin Windows  Sintaks Msfvenom Msfvenom adalah generator payload mandiri Metasploit yang juga merupakan pengganti msfpayload dan msfencode. syntax : msfvenom -p (payload type) lhost=(Listening's_IP) lport=(listening's_port)  -f (file tipe) > (output filename) Payload dan jenisnya Payload adalah skrip be...
Baca selengkapnya