EvilZone

Hacking and Security => Tutorials => : geekmango June 17, 2015, 10:51:19 PM

: Injecting payload into softwares via HTTP
: geekmango June 17, 2015, 10:51:19 PM

Demo Link:https://youtu.be/FMahvXMYuT4
 
Hi, this is a quick demo about how to backdoor executables (software) sent over
HTTP using MITMF, backdoor factory
This attack works on LAN

REQUIREMENTS:

Kali Linux or any Linux OS
Wireless USB Adapter e.g. (TL-WN722N)
MITMf (man-in-the-middle framework) https://github.com/byt3bl33d3r/MITMf (https://github.com/byt3bl33d3r/MITMf)
MSFconsole or Armitage
LAN network, same as the target/victim

ATTACK SCENARIO:

Machine A-victim
Machine B-attacker
A situation where machine A wants to download a software for example winrar, the victim goes through google and lands on the page (http://www.win-rar.com/download.html?&L=0 (http://www.win-rar.com/download.html?&L=0)) the attacker is already waiting to inject payload into binaries served over (HTTP)
This attack is possible because a lot of tool websites still serve binaries via non-SSL/TLS means

Staff Edit: Why ruin your content with that large bbcode and poor formatting?

: Re: Injecting payload into softwares via HTTP
: 0E 800 August 14, 2015, 01:35:14 AM

The background music made me lose interest really fast.

How about a step by step documented tutorial w/ screenshots?

Be well.