Tuesday, 18 November 2014

Backtrack Web Attack

Backtrack Java Applet Attack OUTSIDE NETWORK

Hey there! “w4rlock”  is here Today i will i show you how to preform Java Applet attack using Social Engineering Toolkit OUTSIDE your network. hope u  enjoy
You’ll need:
– BackTrack(or)kali linux
First thing that we need to do is Forward some Ports.
Go to start > run > cmd (if you’re using windows. If running BackTrack just type ifconfig in konsole)
Type ipconfig and look for default gateway.
By default it is
Copy your default gateway in your browser and then type admin for both username and password.
Try finding something that says forwarding or virtual servers. (If you don’t find it go to http://www.PortForward.com and find instructions to forward your router.)
Then click add
-For port type in 4444.
-For ip type local ip of BackTrack. (open konsole and type ifconfig)
-Chose protocol and there you go.
Now using the same method forward ports 443 and 80.
Now for multiple routers (ONLY IF ARE BEHIND MULTIPLE ROUTERS, IF YOU AREN’T SKIP THIS STEP) it gets difficult. Log in to your second router. Find WAN settings and take note of your other default gateway.–> the one of your first router.
Go to quick setup or something like that chose static ip and in ip fill in desired ip (any ip that has first 3 rows same as default gateway of your first router. Default gateway of my first router is, so i can set static ip to be, for subnet mask and for default gateway
For dns you need to log on to your first router. Find Primary DNS and copy-paste. Finish the quick setup. Congratz! You set up your routers static ip. Now we need to forward ports from 1st router to static ip, then from 2nd router to your local ip.
Now in the first router go to virtual servers and forward the port to static ip you just made (
and in the second router forward the ports (4444,443,80) to your local ip.
2# Configuring SET#
Start Backtrack. I am using BackTrack 5.
-First we need to configure SET. Go to /pentest/exploits/set/config and open set_config file.
-Change AUTO_DETECT=ON to AUTO_DETECT=OFF. And while you’re here change APACHE_SERVER=OFF to ON. Now save this.
3# Using Social Engineering Toolkit
-Open up a new console. Type:
cd /pentest/exploits/set/ (and press enter lol)
– Now type
This opens up Social Engineering Toolkit’s main menu.
– Now chose Website attack vectors. (2)
– Chose the Java applet attack (1)
– Chose site clone (2)
Now since we set auto detect off it asks if our SET machine is not on the same ip address as our listener. We say
– No
It asks for ip for reverse connection. Open up Google Chrome because it’s awesome and go to www.whatismyip.com
– Copy that ip and paste it. That is your external ip.
Now it asks for url to clone. If you wanna trick a friend you could use anything, he trusts you. But if you’re using this online copy url of some webcam site (like http://www.ivideochat.com/main.php) and pretend to be innocent girl. So for example, here we type
– http://www.ivideochat.com/main.php
Chose payload which you want to generate. That would be Reverse Meterpreter.
– 2
Chose encoder to bypass anti virus. The best would be:
– 16
Earlier we also turned told SET# to use apache, so we need to minimize SET#, And click on:
– Applications>Backtrack>Services>HTTPD>Apache start
[/color]Enter port for the listener. Earlier we Forwarded port
– 4444
Now Metasploit is loading. However lhost is set to
To change this simply press enter, and type:
– set lhost (your local ip)
This is pretty much it. Now you copy your external ip and go to http://goo.gl or any other shortening site, paste your external ip (one you found on http://whatismyip.com) and click shorten. Send that link to your friends, beloved ones, or just some fat, bald, horny guy on the internet. It’s your call!