MITMf by byt3bl33der has several modules that help in automating man in the middle attacks. This lab demonstrates the filepwn plugin being used in conjunction with the arp spoofing plugin to intercept executables being downloaded over http and patch our payload into them.
We'll be arp poisoning a virtual instance of Windows 7 with a Kali VM, and patching a reverse shell into an executable downloaded from an unsecured http site using internet explorer.
Download:
https://github.com/byt3bl33d3r/MITMf
Tutorial:
5 Responses
Did you search the forum before posting ?. Thanks anyway :) +1
1 question, how do you find that target IP? What method do you use?
Look into network scanners, most popular one is NMAP
Why ask if he read before posting can you only cover a tool once or is there another reason I'm trying to work out why you would say it.
Why don't you use :
load msgrpc Pass=abc123
So you don't have to edit the conf every time you use it.
Share Your Thoughts