Good evening and welcome to my small demonstration.
Tonight i will exploit a vulnerable Win 7 machine with a 0day.
This exploit will involve social engineering between two users, the attacker demouser1 and the victim demouser2 which I have a RDP session too.
I will kick off the exploit using the Metasploit browser_autopwn module; and control the payload and listener from Metasploit then I'll do some Social Engineering to get the Win 7 user to click a link, which I will have shortened using the Bit.ly URL shortening service, which I'll email to the user using Mozilla Thunderbird.
The payload will be a Java reverse shell and the vulnerability is the ms11_xxx_ie_css_import delivered in a .NET dll.
All of the utilities and features are included in Back|Track4.
