Hi all this is one of the popular attack know as browser auto pwn Vulnerability which we are going to use in this tutorial.
This is a simple vulnerability that allow attacker to hack to remote machine just by a single click by the victim.
in metasploit there is a module known as browser autopwn.The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits.When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.
follow these steps to carry out the attack.
open you backtrack/kali terminal make sure metasploit is there (which is present by default :D ).
type #msfconsole on terminal
Now follow these steps as show in image
use the browser_autopwn module
We have set up the LHOST with our IP address,the port to be 4445 and the URIPATH with / in order to prevent metasploit to set up random URL’s.now you will see below image.
next we need to send the link to victim (like here http://192.168.205.131:8080/).as soon as the victim open the link its all done.
we have the meterpreter shell control in out hand you can do various activity you wish with meterpreter shell functionality.
Enjoy the hack of your victim machine have fun .