Version release: v2.2 - STABLE
Author: pedro ubuntu [ r00t-3xp10it ]
Codename: oneiroi phobetor (The mithologic dream greek god)
Distros Supported: Linux Ubuntu, Kali, Debian, BackBox, Parrot OS
Suspicious-Shell-Activity© (SSA) RedTeam develop @2018
Framework description
Morpheus it's a Man-In-The-Middle (mitm) suite that allows users to manipulate
tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications.
but this tool main objective its not to provide an easy way to exploit/sniff targets,
but ratter a call of attemption to tcp/udp manipulations technics (ettercap filters)
Morpheus ships with some pre-configurated filters but it will allow users to improve them
when launching the attack (morpheus scripting console) In the end of the attack morpheus
will revert the filter back to is default stage, this will allow users to improve filters
at runtime without the fear of messing with filter command syntax and spoil the filter.
v2.2 changelog
new modules
- Devices DHCP discovery (be alerted when sellect device enters LAN)
- Block cpu crypto-minning (drop/kill crypto-mining traffic)
- Google easter egg pranks (redirect target traffic)
- Capture https credentials (sslstrip + dns2proxy)
- SmbRelay lateral movement (smbrelay C&C exploit)
improvements
- option [14] alternative phishing webpages added
- DebugMe.sh (debug script of morpheus main tool)
- warn.sh (sound a beep warning when event its trigger)
- nmap local LAN scans improved (local LAN NSE scan added)
- nmap local LAN scans improved (single target NSE scan added)
- nmap local LAN scans improved (scan using a fake User_Agent)
- All filters (filter.eft) detection rules updated
new backend applications
- morpheus/bin/Utils/smbrelayx.py
- morpheus/bin/Utils/sslstrip-0.9
- morpheus/bin/Utils/dns2proxy
Download/Install/Config
git clone https://github.com/r00t-3xp10it/morpheus.git
cd morpheus
chmod -R +x *.sh
chmod -R +x *.py
nano settings
sudo ./morpheus.sh
Nmap scans available [option S]
1º - nmap -sn 192.168.1.0/24
2º - nmap -sS -O 192.168.1.0/24
3º - nmap -sV -T4 -Pn --script vuln 192.168.1.0/24
4º - nmap -sS -Pn --reason --script vuln 192.168.1.72
Detecting DHCP requests to access local lan [option 17]
This module capture the sellected device request to access the local LAN (bootp-dhcp 67/UDP) and
it triggers one sound warning (BEEP) alerting framework users. Lets look at the follow cenario:
'IF you want to be alerted when your girlfriend its arriving home, then this is the perfect module'.
Detecting-blocking crypto currency connections [option 18]
This module allow us to block/kill all tcp/udp connections from (src) and to (dst) from sellected
device, by droping the packets before they arrive destination (source or destination). This is achieved
by regex search all TCP/UDP packets that maches any of the domain names in morpheus blacklist.
Review morpheus crypto mining domain names blacklist (cryptocurrency.eft) filter rules here:
Redirect all devices in LAN to google prank [option 19]
This module allow us to redirect target traffic [ All .com prefixed domains ] to google easter eggs.
This is the perfect module if we want to prank lan devices that are browsing the network, Lets look
at the follow cenario: The attacker uses this module to poison all devices inside local lan, if any device
in lan trys to access any prefixed .com domains then it will be redirected to google easter egg pranks.
Capture https credentials [option 20]
This module will use sslstrip2 + dns2proxy + iptables + ettercap to be abble to downgrade the
https traffic to http and with that allow us to capture the target inputed credentials in plain text ..
'This module allow us to mitm-sniff Lan in search of target inputed credentials in websites,etc..'
SMBrelay lateral movement attack [option 21]
This module asks to framework users to input lhost (to build agent) and rhost (target to exploit).
Then it will wait for any smb auth connections taking place in local lan to be abble to capture the NTLMv2
hash and authenticate the attacker in target smb share with those creds to upload and execute our agent.
smb relay demystified and ntlmv2 pwnage with python (Article by SANS Penetration Testing):
Usefull links
Tutorials
settings (configuration file)
how to read .ecp logfiles? (etterlog)
Scripting tutorials
tcp/udp scripting syntax (filters)
tcp/udp scripting (firewall DHCP filter)
tcp/udp scripting (parental control filter)
tcp/udp scripting (IRC chat filter)
morpheus - bug reports
bug reports
morpheus - youtube videos
https://www.youtube.com/playlist?list=PL6lei9H-Ej0IZ2kECHCN3xITljka7pCnT
Special thanks:
@ChaitanyaHaritash (SSA) <-- "For all the help in SMBRelay module development"
All the hard work goes to:
ettercap (alor&naga) | nmap (fyodor) | apache2 (Rob McCool)
dsniff (Dug Song) | driftnet (Chris Lightfoot) | zenity (Glynn Foster)
smbrelayx.py (@agsolino) | sslstrip (Moxie) | dns2proxy (Leonardo)