Вы находитесь на странице: 1из 17

v.

01

,
Intercepter-NG, ,


. " ".
, ,

. ,
Intercepter-NG ,
.

, Intercepter-NG ,
,
.
:

1. , , ,
..

2. MiTM .

, Intercepter-NG
, .

Intercepter-NG Windows,
.
Android. ,
Linux\BSD Mac (OS X),
. Windows-
Wine.

. - ,
, WinPcap,
. ,
Microsoft, -
"Microsoft",
IP , .
.
"Play", .pcap .
-
. .pcap
(drag & drop),
.

.
Password Mode
:

Plain Text: PPTP\PPPoE PAP, Oracle, MS-SQL, PostgreSQL, NNTP, CVS,


WWW Basic, HTTP, SOCKSv5, MRA, FTP, DC++, POP3, SMTP AUTH-
PLAIN\AUTH-LOGIN, IMAP, LDAP, AIM, IRC.

Hashes: PPTP\PPPoE CHAP-MD5\MS-CHAP\MS-CHAPv2, Kerberos,


RADIUS, Oracle DES\AES128, MongoDB, MySQL SHA1, VNC, MRA MD5,
SMTP\POP3 CRAM-MD5, POP3 APOP-MD5, POP3 NTLM-SSP, IMAP
CRAM-MD5, ICQ MD5, SMB NTLM.

MiTM-
HTTPS, IMAPS, SMTPS, POP3S.


. john the ripper jumbo-
Intercepter-NG.
john.
Brute It!.

HTTP, ,
. Non-ASCII
, %XX (URL-encoding),
.
. cookie,
IE, .
Telnet\Rsh\Rlogin .
Messengers Mode
: ICQ\AIM,
JABBER, YAHOO, MSN, IRC, MRA. ,
.

Resurrection Mode
, : HTTP, FTP,
IMAP, POP3, SMTP, SMB, TFTP.
, .
,
,
HTTP .

Scan Mode

. ARP
(,
, ),
ARP Scanning. ARP Promisc
Detection,
, promiscuous-mode, .. ,
.
, (3com)
. DHCP
Discovering DHCP . Gateway
Discovering -;
tcp-syn 8.8.8.8:53.
(WiFi)

ARP Scan Timeout.

Smart Scan,
,
MiTM . "
" ARP ,
.
,
NETBIOS , Apple (Bonjour).
, Gateway Stealth
MiTM . ,
, MiTM
.
. Stealth
MiTM .
IP- .
,
, -
.

DHCP Mode
DHCP ,
, dhcp
MiTM .
MiTM . 1.1.1.,
.
SSL Strip, SSL MiTM
. NAT.
whitelist, IP MAC
, 00-11-22-33-44-55:1.2.3.4.

RAW Mode
""
Wireshark. ,
Intercepter-NG ,
. ,
, "" ,
, IPv6.
TCP\UDP RAW
,
ARP\DNS\NETBIOS . "Show Only Data"
. "Copy as Hex C-
Array"
. "Follow TCP Stream"
TCP .
Pcap Filter,
, Raw Mode. pcap-
, TCP UDP
"tcp" "udp" , HTTP
- "tcp port 80".

MiTM Mode
NAT MiTM.
NAT ICMP\TCP\UDP
FTP Active mode.
: Internal External.
MiTM , .
Gateway
-. Stealth, , IP
( ). Targets
-. "Play" NAT, ""
ARP Poison.

Settings
.

Resolve Hosts IP .
.pcap .

Lock on Tray - tray


. 4553.
settings.cfg, base64
.

Save Session - .pcap .

Promiscuous - .
.

Unique Data - .

Autosave -
.

Grid View - .
.
, ICQ MD5.

eXtreme Mode - ,
. .
.
Capture Only , Save Session.
, Intercepter-NG .pcap .

Resurrection - .

Spoof IP\MAC - IP MAC , ARP


Poison . MiTM
.

iOS Killer - . .

Kerberos Downgrade - aes-256-cts-hmac-sha1-96 rc4-hmac


AS-REQ .

HSTS Spoofing - . .

IP Forward - IP , ARP
Poison , Stealth IP. MiTM
.

Cookie Killer - . .

Extra SSL Port - SSL MiTM .


.

Remote Capture - rpcapd-


. not host IP
.

PCAP Over IP - .
Intercepter-NG.
tcpdump, netcat.
:

#cat log.cap | nc IP PORT

#tcpdump -i face -w - not port PORT| nc IP PORT


#dumpcap -i face -P -w - | nc IP PORT

IP - Intercepter, PORT - ,
2002.

WPAD Configuration - WPAD MiTM.


proxy-.

,
.

.
()
(). , HTML.
RAW .pcap .

HeartBleed
SSL HeartBleed,
.

ARP Watch
ARP :
NAT .

ARP Cage
ARP .
Bruteforce Mode
. : FTP, POP3
(TLS), SMTP (TLS), IMAP, SSH, HTTP Basic/POST, LDAP, SMB, TELNET,
VNC, VMWARE, RDP.

Test Password . Heuristic


Bruteforce . Single Mode
: - .

, .

X-Scan
, :

1.
: SSH, Telnet, HTTP\Proxy, Socks4\5, VNC, RDP.

2. SSL ,
web .

3. , .

4. VNC , SSL
HeartBleed. version.bind DNS.

5. -,
ShellShock.
200 OK, robots.txt.

6. SMB.
, uptime,
.
.
7. SSH
.
. (
), root.

8. HTTP Basic Telnet.


telnet .

, .
: 192.168.1.1:80,443
192.168.1.1:100-200. :
192.168.1.1-192.168.3.255. Scan ICMP Alive Only
"" ,
ping. ,
Scan All Ports. Custom userlist
,
. Reliable\Normal\Fast
,
.

Fast, Reliable.
MiTM
Intercepter-NG MiTM :
. ARP Poison,
DNS Over ICMP MiTM DHCP MiTM.
. (
" MiTM")
. :
SSL MiTM, SSL Strip, SSH MiTM, SMB Hijacking, Group Policy Hijacking,
LDAP Relay, MySQL LOAD DATA Injection, HTTP Injections.
: Spoofing Mode, Traffic Changer, WPAD MiTM.
:
MiTM Mode,
Gateway Stealth ARP Poison.
" " .
MiTM
Youtube .

SSL MiTM
SSL MiTM .
: HTTPS, POP3S, SMTPS, IMAPS.
Extra SSL Port . SSL
. iOS Killer, SSL MiTM,
iCloud, Instagram, VK, Cookier Killer
Facebook.
SSL Strip
https http,
.
https . .
HSTS Spoofing. ,
misc\hsts.txt.

SSH MiTM
SSH 2.0.
: password keyboard-interactive.
"MiTM SSH".

WPAD MiTM
WPAD - Web Proxy Auto-Discovery Protocol. llmnr\nbns
WPAD, proxy . web
. proxy
NETNTLM ,
. " WEB
WPAD Intercepter-NG".

SMB Hijacking
SMBRelay. .
"SMB Hijacking. Kerberos is defeated" "SMB Hijacking. Kerberos
". smb
hijack smb relay, NTLMv2.
GP Hijacking
SYSTEM shell
. "Group Policy Hijacking" "
Intercepter-NG 0.9.10".

LDAP Relay
Domain Admin NTLM Relay
. "Ldap Relay.
NTLM strikes back again" " NTLM-relay
1 ".

DNS Over ICMP MiTM


ICMP .
" + MITM- = 0x4553-Intercepter".

FATE
FATE : FAke siTE FAke updaTE.

FAke siTE
, SSL .
,
- .

Fake updaTE ,
, ssl .
,
misc\FATE\updates.
Traffic Changer
.
. ,
"\x01\x02\x03".
HTTP ,
Disable HTTP gzip encoding.

Spoofing Mode
DNS, LLMNR, NBNS.

HTTP Injection
. Pattern
,
, .jpg manual.doc. Content-Type
, Count ,
User-Agent UA .
Add ,
. Pattern
.jpg, GET /photo.jpg ,
. Update
, Count.
4 Inject .

Inject Java Backdoor - java .


Java -
shell .
Inject Plugin Detector - java ,

.

Inject Forced Download -


.

Inject Reverse Shell - back connect .


.

to be continued...

Оценить