Another interesting auxiliary module for performing client-side attacks is the browser_autopwn. This auxiliary module works in the following sequence:
- The attacker executes the browser_autopwn auxiliary module.
- A web server is initiated (on the attacker's system), which hosts a payload. The payload is accessible over a specific URL.
- The attacker sends the specially generated URL to his victim.
- The victim tries to open the URL, which is when the payload gets downloaded on his system.
- If the victim's browser is vulnerable, the exploit is successful and the attacker gets a meterpreter shell.
From the msfconsole, select the browser_autopwn module using the use auxiliary/server/browser_autopwn command as shown in the following screenshot. Then, configure the value of the LHOST variable and run the auxiliary module:
![](https://static.packt-cdn.com/products/9781838822477/graphics/f388f8bb-66f0-44f5-a5a2-ddb2d3d525da.png)
Running the auxiliary module will...