Another interesting auxiliary module for performing client-side attacks is the browser_autopwn. This auxiliary module works in the following sequence:
- The attacker executes the browser_autopwn auxiliary module.
- A web server is initiated (on the attacker's system), which hosts a payload. The payload is accessible over a specific URL.
- The attacker sends the specially generated URL to his victim.
- The victim tries to open the URL, which is when the payload gets downloaded on his system.
- If the victim's browser is vulnerable, the exploit is successful and the attacker gets a meterpreter shell.
From the msfconsole, select the browser_autopwn module using the use auxiliary/server/browser_autopwn command as shown in the following screenshot. Then, configure the value of the LHOST variable and run the auxiliary module:
Running the auxiliary module will...