Рет қаралды 5,076
This video going to shows you guys how to use these 3 tools to compromise a windows machine when visiting a legit website.
First, we use bettercap to perform arp poisoning to route all the traffic from target host to attacker host (MITM). Then inject BeEF hook.js script into any website the target browsed to hook the target browser. Now we going to perform social engineering attack to popup a fake notification to trick the user install adobe flash plugin which will download our msfvenom payload & capture our shell. Check out the video to see how does it works.
Tools Used:
Bettercap:
-http proxy used to inject BeEF hook.js
-ARP Poisoning between target host & gateway
BeEF-XSS Framework:
-hosting malicious hook.js to hook the browser
-perform social engineering on hooked browser to trick the target to click on it
msfvenom:
-generate a payload that trick the user to execute it