. https://datazero.gr

Beef + Metasploit DNS Spoofed Beef Hooked Webpage HTA Attack Social Engineering & Persistence

In this video I show you how to take a compromised Windows device and use a post module to Dns spoof your way into getting a beef hook we alter the compromised devices host file so when the user types a websites host name its pointed to a ip address of our choosing and not the real one this can be used for many things we also explore the beef hook and what it can do by gaining a additional shell using a hta attack hosted via metasploit on our beef hooked page giving us a multi layered attack and a great amount of access which gives use many options to explore think outside the box with this one as you can change this attack many ways and do many different things with the methods shown here and remember hta attacks do not trigger user account control prompts or smart screen prompts making them much better for many reasons espeically when trying to social engineer someone into downloading and running a payload at the end of the video I quickly go over some of the other things you should do once gaining access.