Unlike last tutorial, we are not going to exploit any kind of vulnerabilities. We are going to use Social Engineering technique instead.
What exactly i am going to do?!
- Create a fake firefox extension with Metasploit that creates a backdoor from the victim system.
- Trick users into installing the add-on
- Break into the Target Machine.
Pre-configuration:
- As usual, you have to set up two virutal machines(VM ) in your virtualbox namely “Target” and “Attacker”.
- Install the windows xp or 7 in the Target VM.
- Install the Backtrack in the Attacker VM.
need help in configuring the VM?! you can read this tutorial “Set up pentesting lab“.
Part I: Update the Metasploit
As we are going to use the latest module, you are advised to update the Metasploit modules. Don’t know how to do this? No need to worry!
- Open the Terminal
- type msfupdate
- This will update the Metasploit with latest modules 🙂
Part II: Configuring settings in Metasploit for the fake-addon exploit
Step 1:
Open the Terminal and type “msfconsole” to get the Metasploit console.
Step 5: Payload
As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console:
Type “exploit” in the console.
Now the exploit is started. Our fake add-on is available at, “http://192.168.56.11/fakeEx”.
Once victim visit the link, it will ask user to install the add-on in order to view the page. Once user install the add-on, the system will be backdoor-ed.
Now , You can control the victim system from meterpreter.
Countermeasures:
I believe you understand the risks of installing the add-on from unknown sources. So, think twice before installing add-on . Always use trusted add-on. Search in the google for review about the add-on.
Disclaimer:
The article given here is educational purpose only. We suggest you to try this method in a controlled virtualbox environment. We are not responsible for your illegal activity.