1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial (How to Hack) Windows 10 - Kali Linux 2 Part 1

Discussion in 'Linux Distributions' started by Nicolandia15, May 7, 2016.

  1. [​IMG]
    Hey Guys! Gusto kong i post tong tutorial na to last week pa kaso gusto ko lang i test pa further. As of this post not detectable siya ng Malwarebytes and my poor antivirus Avira (yung free). Update ko to pag may time ako mag test sa ibang AVs and sa ibang OS. Just need to post this kasi mukhang tanga naman ako pag pinost ko to tapos may pâtch na pala yung mga AV -- so it's just a matter of time. Any Pentester reading this feel free to modify or improve the exploit.

    Windows 10! Yes it's vulnerable! Sa ngayon. Alam mo yung feeling na magkaroon ka ng root access sa isang machine na wala man lang paki yung nakaupong antivirus or Windows 10 Security sa ginagawa mo. Sort of para sa mga advance user (not a pro here) but newbies can follow.

    Exploit: Gagamit tayo ng Excel para mag inject ng Power Shell gamit ang macro. Konting Social Engineering para ma deliver ang payload. Own the machine!

    Requirements:
    Kali Linux 2
    Separate Machine (Preferably Windows 10 na may ibang AV)

    Step 1:
    I'll be brief sa mga steps. Comment na lang siguro pag may confusion.
    Install Veil-Evasion <-- Love this guy. Never fails to amaze me pagdating sa AV Evasion

    Code:

       Sorry you need to Register / Login to see this Codes!    

    Download Git Clone for MacroShop -- [ Please or Register to view links]
    Kailangan naman natin to pang deliver ng payload gamit ang Office Macro

    Step 2:
    Gumawa na tayo ng payload.
    Fire up Kali Linux and type "veil-evasion"
    [​IMG]

    Press "N" for No. Pag nag yes ka may dagdag jan na mga useful tools pero initial installation will work just fine.

    Step 3:
    [​IMG]
    - Type "use"
    - May list na lalabas, gagamitin natin yung 23) powershell/meterpreter/rev_https
    Depende to sa number ng list mo.
    - Type "23" (If 22 sa'yo then type 22)

    [​IMG]

    - Type natin yung IP Address mo gamit ang "set LHOST". Kung binabalak mo tong gawin outside LAN then yung Public IP mo gamitin mo.
    - Then type "generate"

    Step 4:
    Pangalanan natin payload natin. Here I put "phcorner"
    [​IMG]

    Step 5:
    Next step is copy natin yung ginawa nating Payload File file just like this.
    [​IMG]

    -Press any key daw
    - Type Exit para lumabas sa Veil-Evasion

    Step 6:
    Naalala mo yung MacroShop na dinownload mo? Gagamitin na natin siya ngayon. Depende kung san mo siya sinave. Kailangan mo mag navigate dun gamit ang terminal.

    Note: I assume basic understanding po kung pano mag navigate sa Linux. Kasi di ko siya isasama sa Tutorial na to.

    [​IMG]

    - Let's run the Python script tsaka gumawa ng text file.
    [​IMG]

    - Voila! Meron na tayong shell na pwede i embed sating Excel File.
    Ganito maging itsura nya.

    [​IMG]

    Step 7:
    Mag navigate naman ngayon kung san naaka save yung text file. Actually andun siya sa MacroShop folder. Open up yung file gamit ang leafpad or any text file then copy mo ito. Eto ulit yung naka embed sa macro ng Excel File.

    Next tutorial tuloy natin kung pano eto ilalagay sa Excel and kung pano mag setup ng listener gamit ang Metasploit para ma own ang machine ng target mo.

    Part 2 is up!
    [ Please or Register to view links ]
     
    Last edited: May 26, 2016
    gmax02, pagebook and HauntedHearts like this.
  2. lol. You should check this out. It's awesome!
     
    Last edited: May 21, 2016
  3. AWESOME!!!x100 like
    pano ba mlalaman kung android/windows ba ang nasa LAN?
    at gawa ka nga TUTs sa pag set up ng DODENG DAGA
     
  4. Zomercat

    Zomercat Addict Established

  5. Maraming paraan po, kung same network lang din naman kayo, try mo access yung default gateway ng router then check mo yung mga naka connect na device, kung gusto mo naman sa Kali, try mo mag nmap tapos scan mo lahat ng port, yung mga mobile device normally port 80 lang ang open and marami sa Windows.
     
  6. huli ka balbon andito klang pla..pwede ba to sa 7-8.1?
     
  7. Pwede po, just titled it Windows 10 para parang hindi outdated.
     
  8. Thanks for sharing at salamat sa bagong kaalaman :)
     
  9. Anytime sir. :)
     
  10. "Fatsy" on the house haha...pwede kya pang e whoring yun?kikita ako ako malamang :punch:money is coming
     
  11. Haha. Pwede ring block is coming. :D
     
  12. uy may nag react:)...tabi2x po remember comedian
     
  13. Lol. I'm currently writing a tutorial tungkol sa Metasploit.
     
  14. ahw nice...sagarin muna lhat master kasi pag may klase kna once in a blue moon ka nlang malamang..go go go mighty morphine amphetamine meth ©râck lsd power ranger.....haile empress guru mentor nikol kedman hahaha
     
    Nicolandia15 likes this.
  15. No comment. Hindi na related yung mga post sa thread. Grr.
     
  16. hahaha..madada lang ako if nka mind altering just ignore it bata...kakahiya lang ang nagtuturo sakin nito isang HS student a shame on me..and well ok lang....:hungover:...positive vibration gyal