Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« This Celeb Gossip Site is safe says McAfee | Main | Top 10 Most Dangerous Things you can do online »
Wednesday
Aug182010

Client Side Attacks with Metasploit Express

DateWednesday, August 18, 2010 at 3:55PM

Today the team over at Rapid7 updated Metasploit Express today.

This inspired me to play around with the application and checked out the modules.

I know some of the fun of Metasploit is Client Side Attacks.  I figured I would test one of the modules out.  The tough part was choosing which module to use.

Lucky for me, Metasploit rates the exploits and I found one rated 5 starts.  Signed Applet Social Engineering Code Exec.

Time to fire up the browser and go to the link the exploit was waiting on.  It looks like a pop up... do I click? 

and the trap has been set... 

 

The code executed and showed me I have 1 session loaded.

Now normally when using the framework, I would be loading extensions to get some hashes and other goodies.

This time I hit a button.  Click.  Metasploit Express returned a picture of my desktop and my password hashes.

 

 

You can get a 7 day demo of the application over at http://www.rapid7.com/contact/metasploit-express-contact.jsp

To see the updates released today click here: http://www.metasploit.com/redmine/projects/pro/wiki/Updates_341

 

Authorn00bz Network | CommentPost a Comment | Reference1 Reference |
tagged in ,

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.