Browser Autopwn
Another interesting auxiliary module for performing client-side attacks is the browser_autopwn. This auxiliary module works in the following sequence:
- The attacker executes the
browser_autopwnauxiliary module. - A web server is initiated (on the attacker's system), which hosts a payload. The payload is accessible over a specific URL.
- The attacker sends the specially generated URL to his victim.
- The victim tries to open the URL, which is when the payload gets downloaded on his system.
- If the victim's browser is vulnerable, the exploit is successful and the attacker gets a meterpreter shell.
From the msfconsole, select the browser_autopwn module using the use auxiliary/server/browser_autopwn ;command as shown in the following screenshot. Then, configure the value of the LHOST variable and run the auxiliary module:
Running the auxiliary module will create many different instances of exploit/payload combinations as the victim might be using any kind of browser:
On the target system, our...
