Ready to Start Your Career?
July 10, 2015
PowerShell Exploit Using SEToolkit
July 10, 2015
July 10, 2015
PowerShell Exploit Using SEToolkitIn this tutorial, I'm going to show you how you can compromise any Windows computer that has PowerShell installed on it.The scope of this tutorial is to:
- Show you how to open a Meterpreter session on a victim's computer.
- Help you understand what's happening with the code, so that you can bump your knowledge level up and hopefully get yourself out of Script Kiddie status.
- Help you understand how to protect/defend your systems against this type of attack.
- Teach you how to install Kali Linux
- Teach you how to set up a virtual lab for practice (though I may add a tutorial on this at some point.)
- Show you how to social engineer someone's password
- How to do post-exploitation hacking or how to use Metasploit
- Disable their mouse and keyboard
- Run a remote key logger
- See through their webcam (if it's attached)
- And much, much more!
service postgresql start
service metasploit startThese aren't truly necessary, but it's a good habit to get into if you are going to be using Metasploit. Now, I'm going to be using a VM for my victim. The VM is a Windows Server 2012 R2, but it should be the same principle for most machines.
Go to the top menu and navigate to Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> SEToolkitNow, type in 2 and then Enter, to go to the Fast-Track Penetration Testing platform. Then type in 6, then Enter.You should have a prompt asking for the IP Address of the victim’s computer.Press SHIFT + CTRL + T to open up another terminal and type ifconfig. You should see an output of all the interfaces your computer is using and the networks you're currently connected to.Since I'm using a VM, I've set up all my VM’s to be on the same network. They're on the 192.168.56.0/24 network (the “/24” is a special notation for identifying the subnet mask. Basically the “/24” means that the only possible IP address this network can use is 192.168.56.1 – 192.168.56.254. For more information, you may need to Google “CIDR Notation Networking”. Hopefully that helps you out.)Note: This information will most likely be different from yours. The important thing is that you're connected to the same network as the victim.Be sure to note what your IP Address is. You can find it by looking at the right interface in the “inet address:” section. My IP Address is 192.168.56.101.Perform an Nmap scan of the network by typing:
- Right-click - "view image" for larger view
nmap <<Your network here>> for me, I will type: nmap 192.168.56.0/24From output, it said that the victim machine is at 192.168.56.103.Switch back to the terminal with SEToolkit running, and type in the ip address.Type in the victim’s username. NOTE: Spelling and spacing is important. You must spell it correctly. If there's a space between the name (i.e. John Smith), then type that name EXACTLY as it is.For me, the username is: Administrator.You should see the prompt for the password. Type it in. If you have managed to find the hash, you can put that in here as well. (This is called passing-the-hash.)You can type in the domain name, but I've never needed this. Press Enter to continue.Press Enter again for the default Thread count (Threads are how many background processes you want to run. The more threads, the faster the job gets done, but the more CPU processing they take up.) Unless your computer is super slow, the default shouldn’t be a problem.Okay, this is where you enter YOUR IP Address. If you don't have it, type ifconfig to find it.Press Enter for the default port. If you leave it 443, then it appears to be HTTPS traffic, which keeps the attack even more discrete. (Note: This does not make it impossible to track.) Section 3Success!If you've followed the tutorial up to this point, you should see a meterpreter session opened up on your machine. You may have to wait for a few seconds, but it should come up. If not, then go back and make sure you input everything correctly into SEToolkit.To interact with this session, type:
Sessions –i 1Have fun! Section 4More InformationIf you want to know more about all of these tools and techniques, I recommend that you spend some time reading this tutorial and googling anything you don’t know.To learn more about meterpreter, Google: Meterpreter post exploitation tutorial SummaryI may add another tutorial at some future point.Please, please, please let me know what you are interested in. I'm still learning myself, and I’m still learning to write tutorials. Thank you for reading my work.If you'd like to post my tutorial somewhere, I’m totally okay with it as long as you give me credit. Thanks!
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry