Post Views: 431

In this Article you’ll be Knowing about XeroSploit used for Man In Middle Attacks

Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c,

For those who are not familiar with Man-in-the-middle attack, welcome to the world of internal network attacks

Man-In-The-Middle:

The name itself reveals the attack pattern, the attacker gets in between the victim and his gateway(Router) connection, sniffing(Stealing) the network packets flow from the gateway to router and vice-versa.

 

Thus giving access to the hacker to obtain all the information victim sends to remote server

 

There are many open source tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c

This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password e.t.c

Its specific features are the following:

  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • Dns spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Web page defacement and more …

Installing Xerosploit:

Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-

Open up terminal and type

  • https://am6539.github.io/XeroSploit/ (Downloads Xerosploit)
  • cd xerosploit (change your working directory to the downloaded folder)
  • chmod +x install.py (get permission for the file to be executed)
  • python install.py (execute the file to be installed)
  • Select your OS( 1. Kali/Ubuntu – 2.Parrot)

Wait for some time this tool will update your system and install the required dependencies after installation run the command

“xerosploit”

 

MITM using xerosploit

  1. Check for your IP address, Gateway, Interface which will be shown at the start of the xerosploit interface

2. Now type in “help” to list the available commands

Here you can:

  • Scan : Scan the network for available connected devices
  • Iface : It can be used to change your interface manually
  • Gateway : This can be used if you want to set your gateway other than the one selected
  • Start : If you want to target a known victim you can use this
  • Rmlog : This will remove all the logs of xerosploit

 

3.To continue the attack we scan the network first

Here we can see all the device currently connected. Type in help to continue.

  1. We want to sniff all packets across the network hence we type all, if you want to target a single victim type in his IP or if multiple then IP1, IP2, IP3…

5.Again type in “help” to check available commands and then run any of the following commands

6.Select the modules and type in “run”.

 

This tool is best both for beginners and experts as it allows you an easy interface to inject HTML or JavaScript to redirect your victim to a malicious link or to force him to download malicious content using javaScript alert and Download function which can be injected into their network traffic and get access to their system.


Source: hackeroyale

Comments