Today we will discuss how to create a ‘drive by download’ using Metasploit.
“Drive-by-download is a type of injection to the target system. When client requests for a service from Hackers machine prepared by Black Hat, some malicious data or programs gets downloaded to client system without the knowledge of client.”
There is a module named as browser_autopwn written by ‘EGYPT’ to create such an exploit. To start the steps of creating drive-by-download, first update the metasploit and run it. This auxiliary resides in ‘server/browser_autopwn’. Type the command ‘use server/browser_autopwn’ and gets information about it using ‘info’ command. This module comes with several loaded payloads of reverse_tcp connections. We need to configure two main things: lhost which is IP address of host machine interface connected to remote machines and URIPATH which is path down in directory of IP address of server. You can check the loaded payloads using ‘set’ command, it will show all the attributes with their values set.
When we execute the exploit command, several payloads get loaded and server is started to listen on port 8080 with specified IP address. From the client computer, in the browser type IP address of server with port number and URIPATH like ‘http://192.168.80.101:8080/uripath’. The client system automatically downloads some programs from meterpreter library and opens a session (shell window accessing memory of target machine) on hacker’s machine. Then session of meterpreter is automatically migrated to another process (notepad.exe) and it becomes difficult to identify the exploit on client machine.
This drive-by-download can be loaded and exploited on such browser which has this vulnerability. Fully patched or newer versions got patched or do not have this vulnerability, so this exploit cannot be done in Win 7 explorer and Linux Ubuntu explorer.
No comments:
Post a Comment