# Make a Fake Webpage.
# Control Victim PC on LAN .
# Steal his files or destroy his PC.
For this you will need -
# Backtrack 5
# Internet Connection on a LAN
# Brain and Patience.
So Lets get it started.
Today we are going to hack a remote PC on LAN.LAN (local area network)
is used in schools,libraries,collages,hostels,dorms,airport,or in your
locality.Backtrack is a live OS and has powerful tool for hacks and in
it we are going to use SET toolkit. So first you have to know about SET.
The Social-Engineer Toolkit (SET) is specifically designed to perform
advanced attacks against the human element.SET was written by David
Kennedy (ReL1K) and with a lot of help from the community it has
incorporated attacks never before seen in an exploitation tool-set The
attacks built into the toolkit are designed to be targeted and focused
attacks against a person or organization used during a penetration
test.With This toolkit you can make fake and scripted pages.
Now,Back To Work -
Open up your Terminal and Change your work directory into /pentest/exploits/set/
OR
Step 2 -
Go To Menu and open Social Engineering Toolkit(SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options.
Step 3 -
When user open a website,78% of times they don't think that they are
opening suspicious website that including malicious script to harm their
computer. In this option we will choose "The Metasploit BrowserExploit
Method" because we will attack via victim browser.
Step 4 -
Now we will choose the "Web Templates" option,because we will use the sites that already provided by Social Engineering Toolkit.
Step 5 -
There are 4 website templates Ready To Use for this attack methods, such
as GMail, Google, Facebook, and Twitter. In this tutorial I will
use Google. Ofcourse you are more than invited to use your imagination.
Step 6 -
We are doing the attack on an unknown pc,so we don't know what kind of pc he/she is using,for example antivirus,browser,hardware configuration etc.So we will choose "Metasploit Browser Autopwn" to load all vulnerability Social Engineering Toolkit known. This tools will launch all exploit in Social Engineering Toolkit database.
Step 7 -
Now choose "Windows Shell Reverse_TCP Meterpreter",you are more-than-invited to use your creativity.
Step 8 -
Now for an connection we'll set up the Connect back port to attacker computer. In this example I use port 2838, but you can change to any port you like.
Step 9 -
The next step : just wait until all process completed and also wait until the server running.this may take some time.
Step 10 -
Now when the server has started runnuing,it will show up a command like this ->
Now give this link to user via facebook chat,mail,or anything and
provoke him/her to click on it,once they do the page will load it with
all malicious script to attack victim computer.
Step 11 -
Now if there is any vulnerability in victim computer it will return
sessions value that mean the exploit has successfully attacked the
victim computer.In case their is an exploit,it will automatically create
a new fake process named "Notepad.exe".
Step 12 -
To view active sessions that we have opened by the exploit type
"sessions -l" it'll listen for any active sessions. Take a look to the
ID…we will use that ID to connect to victim computer.For example ->
Step 13 -
To interact and connect to victim computer use command"sessions -i ID".
ID is numerical value that given when you do-sessions -l. For example you can see example in picture below.
Step 14 -
If you do everything right,the end result would be an opened meterpreter. By the help of meterpreter,you can do almost anything.For example type "systeminfo" and this will give you all the hardware and software information.You can shutdown and restart the victim pc (get the commands from here : http://www.computerhope.com/shutdown.htm ) or delete one of his system file and corrupt his/her pc.
You can do this on a remote pc (outside LAN) too if you own a web server of vpn.
You can do this on a remote pc (outside LAN) too if you own a web server of vpn.
Warning "This tutorial is only for education purposes,doing thing with
somebody who hates you would give you a free ride to jail if they find
out it was you."
No comments:
Post a Comment