CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/post/multi/manage/hsts_eraser.md
Views: 1904
Vulnerable Application
This module allows you to erase the HTTP Strict-Transport-Security cache of a target machine. When combined with a sniffer or a man-in-the-middle tool, this module will assist with the capture/modification of TLS-encrypted traffic.
WARNING: This module erases the HSTS cache, leaving the target in a vulnerable state. All browser traffic from all users on the target will be subject to man-in-the-middle attacks. There is no undo built-into this module. If you intend to revert, you must first backup the HSTS file before running the module.
Note: This module searches for all non-root users on the system. It will not erase HSTS data for the root user.
The following platforms are supported:
Windows
Linux
OS X
Verification Steps
Obtain and background a session from the target machine.
From the
msf>prompt, douse post/multi/manage/hsts_eraserSet the
DISCLAIMERoption toTrue(after reading the above WARNING)Set the
SESSIONoptionrun
Alternatively:
Obtain a session from the target machine.
From the
meterpreter>prompt, dorun post/multi/manage/hsts_eraser DISCLAIMER=True
Scenarios
Set up a Kali VM with some HSTS data:
Create an msfvenom payload, execute it, and then connect to it with multi/exploit/handler. From the Meterpreter session on the victim:
Confirm that the file was deleted: