In
this article we will examine the effectiveness of metasploit browser
autopwn module.The basic idea behind that module is that it creates a
web server in our local machine which will contain different kind of
browser exploits.When the user will open the malicious link then the
execution of the exploits will start against the browser of the user
and if one of the exploits is successful a meterpreter session will
open.
In
order to use this attack we have to open the metasploit framework and
to use the browser_autopwn module.In the next image you can see the
available options and default settings for this module.
We
will set up the LHOST with our IP address,the SRVPORT with the port
80 (otherwise the link that we have to send to the user must me in
the format IP:8080) and the URIPATH with / in order to prevent
metasploit to set up random URL’s.
After
the execution of this module we will notice that different exploits
for a variety of browsers will start loading to our web server.
Now
we can share the link through our email to our client employees.If
any user opens the malicious link,the autopwn module will try all
these exploits in order to see if it can break into the client.If the
browser is vulnerable to any of these exploits meterpreter sessions
will open.
Browser
based attacks are not stable.This is because browsers can crash which
means that the meterpreter session or the shell access will lost.For
that reason the metasploit will try to migrate with a another process
more stable as soon as possible.
No comments:
Post a Comment