Cybersecurity — Payloads
Never stop learning, because life never stops teaching.
Hello Everyone! Welcome to hacking world.
In IT Industry, we would have come across system patching activities, software hotfix updates. Do you really know what might happen if you don’t patch your OS to the latest version.
Why do you think we pay millions of dollars to auditors and security company. To make sure our systems are not vulnerable and is safe from malware and attacks.
NOTE: THIS IS EDUCATION PURPOSE ONLY! THIS IS ILLEGAL, I AM NOT RESPONSBILE FOR ANY DAMAGE. THIS IS PURELY INTEREST OF LEARNING AND UNDERSTANDING.
Today, I would be creating a payload that can hack the system! We use, MSFvenom
MSFvenom allows you to create a standard payload and deploy it on the target host for exploitation.
Pre-requisites:
Windows 10
Turn off the firewall — (You can still bypass the firewall running on a target).
Metasploit framework
Kali Linux
Turn off real time protection, open Windows Security and click on “Virus & threat protection”
LET’S CREATE A PAYLOAD. — NOTE “I already have msfvenom installed on my Kali Linux.
Trying to find the list of payloads available.
Select the payloads by typing -p parameter.
Hit Enter, and you allow the shell to create a payload for you. It names it as payload.exe
INTERESTING PART:- You can share this payload in USB stick or any media.
For now, let me start SimpleHTTPServer on Kali Linux and then from attacker machine, I will download the file from Kali box.
Let me connect to Windows 10 (Attacker machine).
Executing the above command in IE will create a reverse connection.
Now, you need to create a connection from Payload.exe to your machine. You need to use multi/handler module.
Start the metasploit framework console.
Type use multi/handler and set the payload to use reverse_tcp connection.
Set the local host you want to target.
Type exploit and hit enter to gain access to the shell and other tools what potentially gives control to the attacker.
I hope this was an interesting session! Thank you and stay safe.
