Attacking A Windows XP Machine With SET - Browser Exploitation
Social engineering toolkit is a must have thing for penetration testers, Basically Social Engineering Toolkit a.k.a SET is the combination of all the exploits present in metasploit which are related to social engineering and involve the interaction of the target user. Social Engineering toolkit was created was David Keneddy who is a well known Penetration tester, He is also the the developer of the very famous Fastrack. So In this tutorial I will show you step by step procedure for attacking webbrowsers with Metasploit browser Autopwn, The operating system we would be targeting is windows XP and since we are using a browser autopwn attack we will be targeting all the browsers with potential vulnerabilities.
Requirements
Once you have got the backtrack loaded, open up your backtrack console and type the following command "cd /pentest/exploits/set", Once you are in the SET directory type ./set to launch the social engineering toolkit.
Step 2:
Once SET has been loaded, You should see wide variety of options, Since we are working with browser exploitation, we will select the second option which us website attack vectors.
Requirements
- Backtrack
- Windows XP Machine (Target)
Attacking A Windows XP Machine With SET
Step 1:Once you have got the backtrack loaded, open up your backtrack console and type the following command "cd /pentest/exploits/set", Once you are in the SET directory type ./set to launch the social engineering toolkit.
Step 2:
Once SET has been loaded, You should see wide variety of options, Since we are working with browser exploitation, we will select the second option which us website attack vectors.
Step 3
Next you would see variety of website attack vectors, but as we are working with browser exploitation, we would for the second options, which is "The Metasploit Browser Exploit Method".
Step 4
Now, SET will ask you about the type of attack vector you would like to use, I would recommend you to go for the first option, Or if you want to use your own webtemplate, you can go for the third option. Now SET is asking if I am using port forwarding or not, Since I am attacking on a local area network there is no point of using Port forwarding.
The very next line, you will see the option "Enter the iP address for the reverse connection:", You would need to enter the iP of your bactrack 5 box.
Step 5:
Next you would need to enter the type of browser exploitation attack, you want to use, In this case I am using a browser autopwn, So I will enter the "22" option.
Step 6:
The SET will now ask for the type of payload I would like to use for carrying out this attack, I will be using a simple reverse TCP connection payload.
Step 7:
The SET will now start cloning my local IP address of the backtrack box i.e. 192.168.75.138, After the website has been successfully cloned and all the browser exploits have been loaded. I will move to my windows box and enter the iP address of the cloned website 192.168.75.138, in the address bar. When the victim on the local area network will visit the above iP address, The cloned Gmail website will be loaded and all the browser exploits will be loaded into the victims browser.
On the other hand on my backtrack 5 box, You can clearly see that a meterpreter session has been opened on the victims box and a new process notepad.exe has been successfully created.
Attacking Outside The Network
The above method is only applicable for attacking inside your local area network, However if you would like to attack outside the network, You would need to obtain a public IP address and would need to do a port forwarding on your router. The port forwarding techniques vary from router to router, Some router support it, however some routers are not capable of doing it.
I hope you have liked the tutorial, If you have any questions feel free to ask.