2015-05-30 16:15:29 -05:00
|
|
|
<ruby>
|
|
|
|
|
print_status("Starting BAP...")
|
2015-05-30 19:29:14 -05:00
|
|
|
print_status("Exploits will not be actually served, but you will know which ones the clients might be vulnerable to.")
|
|
|
|
|
print_status("You can do 'notes -t baps.clicks' in msfconsole to track clicks and client-specific exploit info.")
|
2015-07-02 15:29:24 -05:00
|
|
|
run_single("use auxiliary/server/browser_autopwn2")
|
2015-07-05 18:21:45 -05:00
|
|
|
run_single("set ShowExploitList true")
|
|
|
|
|
run_single("set MaxSessionCount 0")
|
2015-05-30 19:31:28 -05:00
|
|
|
|
|
|
|
|
# Instead of set Content, you can also do set Custom404 to redirect the client to an SE training website
|
|
|
|
|
# For example (why don't you try this? :-) )
|
2015-07-14 22:32:40 -05:00
|
|
|
run_single("set Custom404 https://www.youtube.com/watch?v=dQw4w9WgXcQ")
|
2015-05-30 19:31:28 -05:00
|
|
|
|
2015-07-14 22:32:40 -05:00
|
|
|
# run_single("set HTMLContent \"Hello, this is a security test. You shouldn't have clicked on that link :-)\"")
|
2015-05-30 19:31:28 -05:00
|
|
|
|
2015-05-30 16:15:29 -05:00
|
|
|
run_single("run")
|
2015-07-02 15:29:24 -05:00
|
|
|
</ruby>
|
