hack windows 7

All posts tagged hack windows 7

Good morning aspiring hackers. Today we will see Windows hacking with Cypher. Cypher is a simple tool to automatically add shellcode to PE files. PE files means portable executable files.

But what is shellcode? It is a list of carefully crafted instructions that can be executed once the code is injected into a running application. So in simple terms, Cypher allows us to add shellcode to portable executable files like…. well it can be any Windows executable. Usually we use shellcode to get a remote shell or create a backdoor shell on our target system.  Cypher even allows us to get the powerful meterpreter shell.

Now let us see how to perform Windows hacking with this tool. First, let us git clone this tool into Kali Linux using commands as shown below.

cypher1

Make sure you are in the same directory where cypher is cloned. It gives information on how to create different types of payloads. Let us add a reverse meterpreter shell  using the command shown below.

cypher2

Now let us see all the options we specified.

addShell.py  : syntax of Cypher

-f                   :  the ‘f’ option stands for file. This is to specify the portable executable into which we want to create our                            backdoor. Remember that some executables are packed and don’t allow writing shell code. Test and                                use accordingly. Here, I’m using plink.exe located on my Desktop.

-t                   : the target OS for which you want to create this backdoor for. These include four options: 0,1,2,3. These                           are for Windows 7 32bit, Windows 7  64 bit, Windows 8.1 64bit and Windows 10 64bit respectively.                                 Here I have specified it as 1 since I’m testing it on Windows 7 64bit OS.

-d                  : offset. This is nothing but distance between the point where we are trying to enter our shellcode to the                           point where we are exactly placing our shellcode. Even if you don’t understand that sentence above, let                           me tell you why it’s important. The success of injecting our shellcode into an executable is that the                                   executable should work fine even after we inject our backdoor. The exe shouldn’t crash. By default, this                           value is set to four. But if your exe is crashing, set it to a greater value( I set it to 10) as I did above.

-H                : attacker’s IP address. In our case, IP address of Kali Linux.

-P                 : the port on which we want our shell back.

-p                 : Mind the lowercase. This stands for payload we want to set. ‘1’ stands for                                                                                  Windows/meterpreter/reverse_http.  The other options are,  

                        0 – windows/shell/reverse_tcp, 2- Windows/meterpreter/reverse_http + PrependMigrate,                                                3-  Windows/meterpreter/reverse_https, 4- Windows/meterpreter/reverse_https + PrependMigrate

After setting all the options, hit on Enter. The payload will be created with the same name but end with _evil as shown below. I leave sending the package to our intended victim to you but remember almost every antivirus can detect our file as malicious.

Since my blog is committed to make hacking as close to reality as possible, I have a solution. Google for “making Finfisher undetectable”. Open the first link Google search finds and follow some of the steps shown there. Trust me this works. Now send the package to the victim.

cypher3

Now to listen to our reverse shell, we need a listener. Open Metasploit and create a reverse_http listener as shown below.

cypher4

Set the required options like IP address and port. Note that they should be same as we specified while we added shell code to the file. Type run command. The exploit should hang on as shown below.

cypher5

Now when our victim clicks on the file we sent, we should get a meterpreter reverse shell as shown below.

cypher6

See how to hack Windows 10 with Hercules 

Good Evening friends. Today we will see how to hack a remote PC with ManageEngine Desktop Central 9 FileUploadServlet exploit.  Desktop Central is an integrated desktop and mobile device management software that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. This exploit exploits  a vulnerability in ManageEngine Desktop Central  9 which when uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. Start Metasploit and load the exploit as shown below.  Set the required options. By default, Desktop Central 9 runs on port 8020. Leave the targeturi as default only.

deskcen91

Set the payload as shown below. I am trying to get the shell on remote system. To select a suitable payload, you can type “show payloads” and  choose the payload you want.  Set the required options as shown below.

deskcen92

When all the options are set, type command “exploit“. You should get shell on the remote windows PC as shown below. Hence we have successfully hacked a remote Windows PC with ManageEngine Desktop Central 9 FileUploadServlet exploit.

deskcen93

Good evening friends. It’s been a long time since I  made a howto on hacking. In this howto, I’m going to show you how to exploit Windows 7 using recently released ms15-100 Microsoft Windows Media Center MCL exploit. For this, I am gonna use pentest lab i created in our previous howto. I am using Kali Linux as my attacker system for hacking windows 7.

Start Metasploit by typing command “msfconsole”. Search for our exploit using command as shown below.

ms15_100a

Load the exploit as shown below.

ms15_100b

Set the IP address of Kali Linux to “srvhost” option. Set payload as “windows/meterpreter/reverse_tcp“.  Set Lhost as IP address of Kali Linux.

ms15_100c

Check if all the necessary options are set by typing command “show options“. Now run  the exploit by typing command “exploit“. You will get the following result. Now copy the underlined link and send it to your victim.

ms15_100d

When your victim clicks on the link, he will get a popup asking him to download and save the file.

ms15_100e

When the user clicks on  the downloaded file,  we will get a meterpreter session on our attacker system as shown below. Type command “sessions -l ” to see the available sessions. We have one session available below.

ms15_100f

Type command “sessions -i  1“( 1 is the session number available to us and can vary for you) to use the meterpreter session. Type “sysinfo” to know about the target system.  Hurrah, we have successfully hacked our target.

ms15_100g