autopwn browser msf tip

browser_autopwn
In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.In the next image you can see the available options and default settings for this module.


Options of browser autopwn module

We will set up the LHOST with our IP address,the SRVPORT with the port 80 (otherwise the link that we have to send to the user must me in the format IP:8080) and the URIPATH with / in order to prevent metasploit to set up random URL’s.


Configuring the Browser Autopwn

After the execution of this module we will notice that different exploits for a variety of browsers will start loading to our web server.


Loading the browser exploits

Now we can share the link through our email to our client employees.If any user opens the malicious link,the autopwn module will try all these exploits in order to see if it can break into the client.If the browser is vulnerable to any of these exploits meterpreter sessions will open.


Meterpreter sessions opened with Browser Autopwn

Browser based attacks are not stable.This is because browsers can crash which means that the meterpreter session or the shell access will lost.For that reason the metasploit will try to migrate with a another process more stable as soon as possible.


Migrate to another process

Juniper virtual MX / vMX install

dependencies (Ubuntu 14.04):

sudo su - && apt-get update && apt-get install linux-headers-3.13.0-32-generic bridge-utils qemu-kvm libvirt-bin python python-netifaces vnc4server libyaml-dev python-yaml numactl libparted0-dev libpciaccess-dev libnuma-dev libyajl-dev libxml2-dev libglib2.0-dev libnl-dev libnl-dev python-pip python-dev libxml2-dev libxslt-dev -y

KVM install and check CPU on ESXI

Check that your CPU supports hardware virtualization

To run KVM, you need a processor that supports hardware virtualization. Intel and AMD both have developed extensions for their processors, deemed respectively Intel VT-x (code name Vanderpool) and AMD-V (code name Pacifica). To see if your processor supports one of these, you can review the output from this command:

egrep -c '(vmx|svm)' /proc/cpuinfo


If 0 it means that your CPU doesn't support hardware virtualization.

If 1 or more it does - but you still need to make sure that virtualization is enabled in the BIOS.

By default, if you booted into XEN kernel it will not display svm or vmx flag using the grep command. To see if it is enabled or not from xen, enter:

cat /sys/hypervisor/properties/capabilities


You must see hvm flags in the output.

Alternatively, you may execute:

kvm-ok

usbkill py script

usbkill waits for a change on your usb ports, then immediately kills your computer. Anti forensic, usb -> kill


Unfinished project! Expect improvements to come.


But it does work and is effective.


To run: sudo python3 usbkill.py

#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
 

ntp monlist disable

Проверить свой сервер на уязвимость можно выполнив команду
ntpdc -c monlist адрес_сервера
Если команда выдает список клиентов (а не «timed out, nothing received»), значит система уязвима.

Устранение
Как минимум 3 способа:
1) Обновить ntpd до версии 4.2.7p26. В FreeBSD обновите порты и установите ntpd из net/ntp-devel.

Без обновления можно:
2) Отключить monlist в ntp.conf, добавив строчку
disable monitor

3) Или отключить любые запросы статуса сервера в restrict default
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

How to connect Openvpn Linux (Kali, BT, Debian) Windows lab.pentestit.ru

1. Install

# apt-get install openvpn

2. Setup

# cd /opt && mkdir pentestit

Copy files "lab.ovpn", "pass.txt" and "ovpn.sh" to "/opt/pentestit/.
lab.ovpn

client
dev tun
proto tcp
remote vpn.pentestit.ru 443
auth-user-pass /opt/pentestit/pass.txt
resolv-retry infinite
persist-key
persist-tun
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDXDCCAsWgAwIBAgIJAJeobwvMxFr5MA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAlJVMQwwCgYDVQQIEwNNU0sxDzANBgNVBAcTBk1vc2NvdzESMBAGA1UEChMJ
UGVudGVzdElUMRkwFwYDVQQDExBsYWIucGVudGVzdGl0LnJ1MSAwHgYJKoZIhvcN
AQkBFhFpbmZvQHBlbnRlc3RpdC5ydTAeFw0xMzEyMTIxNjU1NTZaFw0yMzEyMTAx
NjU1NTZaMH0xCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNNU0sxDzANBgNVBAcTBk1v
c2NvdzESMBAGA1UEChMJUGVudGVzdElUMRkwFwYDVQQDExBsYWIucGVudGVzdGl0
LnJ1MSAwHgYJKoZIhvcNAQkBFhFpbmZvQHBlbnRlc3RpdC5ydTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAonx9zXgc6O1Au8PxpoGVRXS2UGn9w6WwYT5O4Ozb
COFNmJCCEg/4zwgRFKHdcrcxEEXNOXnXzQVGFEilJortmXbrUJtDbprv7tzxq6sU
6+WKqYhjOzcS2bC0A2GXqaMPCrs+pG0WRMnZICJjceNg0tlm7tivD9RSu2xwAqBv
rzsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQURIEnvYfSGVQV+fVav271aVU3ck8wgbAG
A1UdIwSBqDCBpYAURIEnvYfSGVQV+fVav271aVU3ck+hgYGkfzB9MQswCQYDVQQG
EwJSVTEMMAoGA1UECBMDTVNLMQ8wDQYDVQQHEwZNb3Njb3cxEjAQBgNVBAoTCVBl
bnRlc3RJVDEZMBcGA1UEAxMQbGFiLnBlbnRlc3RpdC5ydTEgMB4GCSqGSIb3DQEJ
ARYRaW5mb0BwZW50ZXN0aXQucnWCCQCXqG8LzMRa+TAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBQUAA4GBAIItdiW5uFjx1p8G4RN3WQxsKA65xgwu2xkUweZOeRoq
UpDQweOosxhXBQc1FX+oSbTOPZ1sBjCT4V4sdXlu6THVEf3RNxUoVPQXeGjl9Jlx
ZvAzKKIeEVzHPu1frOCU1u7P2krXBQvHtlZRQ0zUfF09qz4fBht+r4uNIlgTwLrm
-----END CERTIFICATE-----
</ca>

pass.txt

Sign in or sign up for get credentials

ovpn.sh

#!/bin/bash
openvpn --config /opt/pentestit/lab.ovpn &

3. Run OpenVPN
Start connection:

# chmod +x /opt/pentestit/ovpn.sh
# /opt/pentestit/ovpn.sh

Stop connection:

# killall openvpn

1. Download and Install OpenVPN
http://openvpn.net/index.php/open-source/downloads.html
2. Setup
Copy "lab.ovpn" and "pass.txt" to "C:\Program Files\OpenVPN\config"

lab.ovpn
client
dev tun
proto tcp
remote vpn.pentestit.ru 443
auth-user-pass ./pass.txt
resolv-retry infinite
persist-key
persist-tun
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDXDCCAsWgAwIBAgIJAJeobwvMxFr5MA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAlJVMQwwCgYDVQQIEwNNU0sxDzANBgNVBAcTBk1vc2NvdzESMBAGA1UEChMJ
UGVudGVzdElUMRkwFwYDVQQDExBsYWIucGVudGVzdGl0LnJ1MSAwHgYJKoZIhvcN
AQkBFhFpbmZvQHBlbnRlc3RpdC5ydTAeFw0xMzEyMTIxNjU1NTZaFw0yMzEyMTAx
NjU1NTZaMH0xCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNNU0sxDzANBgNVBAcTBk1v
c2NvdzESMBAGA1UEChMJUGVudGVzdElUMRkwFwYDVQQDExBsYWIucGVudGVzdGl0
LnJ1MSAwHgYJKoZIhvcNAQkBFhFpbmZvQHBlbnRlc3RpdC5ydTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAonx9zXgc6O1Au8PxpoGVRXS2UGn9w6WwYT5O4Ozb
COFNmJCCEg/4zwgRFKHdcrcxEEXNOXnXzQVGFEilJortmXbrUJtDbprv7tzxq6sU
6+WKqYhjOzcS2bC0A2GXqaMPCrs+pG0WRMnZICJjceNg0tlm7tivD9RSu2xwAqBv
rzsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQURIEnvYfSGVQV+fVav271aVU3ck8wgbAG
A1UdIwSBqDCBpYAURIEnvYfSGVQV+fVav271aVU3ck+hgYGkfzB9MQswCQYDVQQG
EwJSVTEMMAoGA1UECBMDTVNLMQ8wDQYDVQQHEwZNb3Njb3cxEjAQBgNVBAoTCVBl
bnRlc3RJVDEZMBcGA1UEAxMQbGFiLnBlbnRlc3RpdC5ydTEgMB4GCSqGSIb3DQEJ
ARYRaW5mb0BwZW50ZXN0aXQucnWCCQCXqG8LzMRa+TAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBQUAA4GBAIItdiW5uFjx1p8G4RN3WQxsKA65xgwu2xkUweZOeRoq
UpDQweOosxhXBQc1FX+oSbTOPZ1sBjCT4V4sdXlu6THVEf3RNxUoVPQXeGjl9Jlx
ZvAzKKIeEVzHPu1frOCU1u7P2krXBQvHtlZRQ0zUfF09qz4fBht+r4uNIlgTwLrm
-----END CERTIFICATE-----
</ca> pass.txt
Sign in or sign up for get credentials 3. Run OpenVPN "as Administrator".