Thursday, May 12, 2016

Websploit Tutorial – Network Webkiller

Websploit is an advanced MITM framework. It is an open source command line utility that composed on modular structure. But Websploit were not installed by default in Kali Rolling. In order of using websploit in kali rolling you need to install it first.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
In the last article, I posted about Websploit, including The installation of Websploit in Kali Rolling, websploit modules and websploit commands. If you are the first time to see Websploit, I recommended to check out our previous article about Websploit.
Today we will learn tutorial of using Websploit. One of exploit in the network modules is the Webkiller Exploit. This exploit able to drop any TCP packet from certain device that try to make a request to a target URL. In other word, Webkiller blocks a certain URL/host target.

Step 1 : Open Websploit 

Type into Terminal :
$ websploit
we1
If you are familiar with metasploit, then you have not to be worry about the Websploit basic commands.

Step 2 : Check The Modules and Exploits

To see the available modules and exploits of Websploit, type :
wsf > show modules
we2
We will use Webkiller Exploit in the Network Module, as I highlighted in above image.

Step 3 : Use The Webkiller Exploit

wsf > use network/webkiller
we3
heck the available options of Webkiller exploit. As shown above webkiller has Interface and Target option. Interface is used in the network, Eth(x) is for LAN connection, wlan(x) is for WLAN connection. You can check your interface by typing “ifconfig” in the terminal.

Step 4 : Set Value Options – Interface and TArget

Now, to set the value in each option, type the following commands:
wsf:Webkiller > set interface wlan0
wsf:Webkiller > set target target.com

we4

Step 5 : Start the Attack. RUN The Webkiller Exploit

Now type “run”, to start the exploit.
we5
As the result, all device in a network would not access the website target. Because websploit only drop TCP connection, not ICMP as general ping command does. Below is the screenshot of both client whom try to access target URL which is target.com and the ICMP packet from pinging to target.com .
we6

Step 6 : Stop The Attack 

To stop the attack just press “Enter” key.
we7+

0 comments:

Post a Comment

Twitter Facebook

 
Powered by Blogger