[Getting shell access from browsing a URL]

Hi guys,

Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2.

I even tried downgrading to IE 8  then using the exploit: exploit/windows/browser/ms10_002_aurora.

But so far I got nothing. :( No meterpreter sessions.

 

This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help.

 

Thanks in advance!

[Evil Portals]

On 10/7/2017 at 1:11 AM, cheeto said:

Hi, it's because the page you're accessing is https

try accessing an http page with your evil Portal up and running.  the page should be intercepted by EP. 

Cheers 

So EvilPortal only works with http? How will I be able to intercept https traffic as well?

[Evil Portals]

Hey there

Awesome work with the captive portals. Looks really realistic. I just have some issues.

When a client connects to the WiFi and accesses a web page (e.g. www.nfl.com), it doesn't redirect them to the captive portal page. Could anyone provide some insight on this?