Malicious Metasploit Applet (via BeEF)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to load a malicious Java Applet on the client. If the client runs the applet a connection from the client’s system to the attacker’s system is made using the Metasploit Exploitation Framework. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Metasploit Autopwn (via BeEF)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to perform an iframe redirection to Metasploit Browser Autopwn or a Browser Exploit. However, in this video, we used netcat (nc) instead of Metasploit. We configured netcat to listen and verify that the request was made to netcat. In exploitation, Metasploit would launch the exploit(s) against the client once the first request is made. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.