I'm posting this hack first because its easy to do, and it will get your feet wet as to what can be done with the right tools and enough patience. the goal for this hack is to show you what kind of damage an attacker who gains access to your LAN environment can do if left to his/her own devices. the major tool i will use is Metasploit, bu ti will simplify this for you because this is your first time hacking into anything, so i'm also using ARMITAGE. Armitage is an GUI Platform for Metaspoilt and in technical terms,it is a script-able red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.It saves time and is very powerful in commencing Metaspoilt attacks.
So Now about our attack:
What we need:
Latest Metasploit framework.
Java
Preferably Internet on LAN
Brains and patience.
Now lets us start our hack:
Step 1: Open armitage on Backtrack 5 by going to : Backtrack > Exploitation Tools > Network Exploitation Tools > Metasploit Framework > armitage.
Step 2: Connect Armitage:
Click on the connect button.
Step 3: Connecting Armitage :
Now use the patience part, and stretch your legs, it takes some time to connect.
Step 4: Armitage Window :
It has 3 Panels:
Target Panel
Module Panel
Tabs Panel
Step 5: Finding the alive host on the network :
Now you will search for Host on you network, by going to hosts -> Nmap Scan -> Quick Scan (OS detect). This will perform a quick scan to detect the host and their operating systems and vulnerabilities.
Step 6: Inputting The Scan Range :
Now You have to insert scan range,that is you LAN ip range, most preferably it would start with 192.168.0.- or 10.0.0.-.
NOTE : the ( - ) resembles the computers on LAN.
Start the scan.
Step 7: Scan complete: After the scan has completed, if their are any other PC's on your network on, then they would be visible in the Target Pane (the big black box on the upper right).
Step 8: Finding Attacks :
Now the fun parts starts. Click on "Attacks" tab in your toolbar and select 'find attacks' (Not hail mary, you might not be ready for that). Start the scan and wait till it completes.
Step 9: Set the vulnerability :
Right click on the 'host' icon (windows pc) -> Select attacks -> smb -> ms08_067_netapi vulnerability.
Now a window should pop, click on the check-box that says "Use a reverse connection", start attack
Step 10: The final result :
So did the host icon turn red? That means YOU PASSED.
So you did the hacking part right, now let us mess with the client.
Hack 1: Opening Command Prompt:
Right click on the host -> Meterpreter1 ->Interact -> Command Shell
Now you are in their command prompt. You can now change, rename, delete, create files on their pc now. Search Google for some powerful windows commands.
Hack 2: Start an KEYLOGGER:
Click on the Meterpreter2 -> Explore -> Log Keystrokes.
Now you will receive what the victim is typing.
Hack 3: Take a Screen Shot:
Click on the Meterpreter2 -> Explore ->Screenshot.
Now you can see what is on their Facebook wall or Google mail accounts.
Hack 4: Browse Files:
Right click -> Meterpreter2 -> Explore > Browse Files .
Now you can interact with all the files on victim PC via a GUI.
Hack 5: Get in His Webcam:
Right click -> Meterpreter2 ->Explore -> Webcam shot
If they have a webcam installed, this will stream to you what the camera sees.
This will get you started. Please try and do your own discovery, and research as much as possible. The habit of self discovery can fetch you far more knowledge than someone holding your hand and showing you the say.
Happy Hacking!
No comments:
Post a Comment