Getting shell access from browsing a URL

[jtkrl]

Hi guys,

Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2.

I even tried downgrading to IE 8  then using the exploit: exploit/windows/browser/ms10_002_aurora.

But so far I got nothing. :( No meterpreter sessions.

 

This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help.

 

Thanks in advance!

[zoro25]

While I've not done this on the pineapple,  only on websites I've tested. 

My advice would be to take a look at RFD attacks (Reflected File Download attacks). 

 

It should be possible to set up a vulnerable page/site using EvilPortal or something similar on the pineapple and then your link should auto-download and run shell commands on the users device. (works on both win and nix but I've only tested against windows users)

I'm not going to walk you through the whole attack but it's easy to do and requires little to no input from a user (it's also possible to bypass all browser security warnings also)

Here is a very good walkthrough by Oren Hafif who now works for FaceBook security I think. 

FACEBOOK RFD ATTACKS

Good luck.

PS this would make an awesome module (hint hint @Foxtrot and would give easy total pwnage to the pineapple devices)