Hack a Remote Windows PC using Backtrack 5 | Social Engineering Tools
Hi folks...
Guys
i already described some of the methods about remote PC hack. But today
we are going to hack a remote PC using Backtrack. Backtrack is a live
OS and much powerful tool for hacks and in it we are going to use SET
toolkit. So first you have to know about SET.
What is Social Engineering Toolkit?
The
Social-Engineer Toolkit (SET) is specifically designed to perform
advanced attacks against the human element. SET was designed to be
released with the http://www.social-engineer.org launch and has quickly
became a standard tool in a penetration testers arsenal. SET was written
by David Kennedy (ReL1K) and with a lot of help from the community it
has incorporated attacks never before seen in an exploitation toolset.
The attacks built into the toolkit are designed to be targeted and
focused attacks against a person or organization used during a
penetration test.
Step (1)
Change your work directory into /pentest/exploits/set/
Or Goto:
Step (2)
Open
Social Engineering Toolkit(SET) ./set and then choose "Website Attack
Vectors" because we will attack victim via internet browser. Also in
this attack we will attack via website generated by Social Engineering
Toolkit to open by victim, so choose "Website Attack Vectors" for this
options.
Step (3)
Usually
when user open a website, sometimes they don't think that they are
opening suspicious website that including malicious script to harm their
computer. In this option we will choose "The Metasploit
BrowserExploit Method" because we will attack via victim browser.
Step (4)
The
next step just choose "Web Templates", because we will use the most
famous website around the world that already provided by this Social
Engineering Toolkit tools.
Step (5)
There
are 4 website templates Ready To Use for this attack methods, such as
GMail, Google, Facebook, and Twitter. In this tutorial I will use
Google, but if you think Facebook or Twitter more better because it's
the most accessed website, just change into what do you want.
Step (6)
For
the next step…because we didn't know what kind of vulnerability that
successfully attack the victim and what type of browser, etc, in this
option we just choose "Metasploit Browser Autopwn" to load all
vulnerability Social Engineering Toolkit known. This tools will launch
all exploit in Social Engineering Toolkit database.
Step (7)
For
payload options selection I prefer the most use Windows Shell
Reverse_TCP Meterpreter, but you also can choose the other payload that
most comfortable for you.
Step (8)
The
next step is set up the Connect back port to attacker computer. In this
example I use port 4444, but you can change to 1234, 4321, etc
Step (9)
The next step just wait until all process completed and also wait until the server running.
Step (10)
When
the link given to user, the victim will see looks-a-like Google(fake
website). When the page loads it also load all malicious script to
attack victim computer.
Step (11)
In
attacker computer if there's any vulnerability in victim computer
browser it will return sessions value that mean the exploit successfully
attacking victim computer. In this case the exploit create new fake
process named "Notepad.exe".
Step (12)
To
view active sessions that already opened by the exploit type"sessions
-l" for listing an active sessions. Take a look to the ID…we will use
that ID to connect to victim computer.
Step (13)
To
interract and connect to victim computer use command"sessions -i ID".
ID is numerical value that given when you dosessions -l. For example you
can see example in picture below.
Step (14)
Victim computer owned (Hacked). :)
Step (15)
Now you can do lots of stuffs with victim machine if u know the power of meterpreter.
If you have Any Queries Ask me in form Of Comments and don't forget to share and join this blog and like us on Facebook......
Categories:
Backtrack 5,
Hack,
Tips and Tricks,
Windows
0 comments:
Post a Comment