Saturday, October 20, 2012

Client side attack using BeEF and Metasploit

now i try to exploit web browser using BeEF when they try to open facebook

when they try to open www.facebook.com, i will leads it to my fake login facebook (facebook.html) which i have put BeEF.


run the BEef



this is my script facebook.html and i have put BeEF in it.


then, after they have access my fake login facebook, see on our beef panel



we can see that browser target's have exposed our hook BeEF.

then, i will send updater firefox to target, but i will make the payload update.exe first using msfpayload and msfencode.



we can see that our payload update.exe have been created.

then run metasploit (msfconsole) to listening on port 1234



and send it to target


then execute it.




then, after they download and run our updater (payload), we will leads into meterpreter (target system).



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)