Sep 7, 2009

Browser based Exploitation using Metasploit and Ettercap

Web Browsers are slowly becoming a popular and easy attack vector for hackers. Recently, a lot of vulnerabilities were discovered in major browsers such as IE and Firefox. Also, the Flash player, ActiveX controls and PDF files have had a recent history of exploitable vulnerabilities. Exploit frameworks such as Metasploit and the new BeEF (Browser Exploitation Framework) have made the process very simple for hackers.

In this video, Chris Centore demonstrates a browser exploitation using Metasploit and Ettercap. The victim is on the same LAN as the attacker, but has its firewall enabled. Thus attacking service ports on the victim is ruled out. Chris redirects the victim's web traffic to his attack server running Metasploit by using Ettercap to conduct a DNS spoofing attack. Once the victim requests the attacker's server for a web page, it serves the victim the exploit. The victim succumbs and the attacker has complete access to the victim's computer. Chris explains the entire process in a very detailed yet simple to understand way. Great video!

# ITS ©
# 2008 - 2009

No comments:

Post a Comment