Exploit Windows machine using MITM attack – Penetration Testing

Man-in-the-middle attack

Abbreviated as MITMA, a man-in-the-middle attack is an attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack but have to unencrypt the information before it can be read. In the picture below is an example of how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.

Tools

Ettercap: do MITM attack, redirect all victim traffic to attack webserver

Metasploit: creat backdoor and get meterpreter session

Method

1. Create a fake update web page
2. Create a payload using msfvenom
3. Using DNS spoof attack

Tutorial

The post Exploit Windows machine using MITM attack appeared first on Penetration Testing.

http://ift.tt/2te3xOw http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s