12.28.16
by

Hack Remote PC using PSEXEC Injection in SET Toolkit

Attacker machine: kali Linux

 In this article I am going to make powershell injection attack though SEToolkit; for this attack it is necessary that SMB service must be running and you should aware of username and password of your target pc to get the Meterpreter session.

Let’s Begin The Game!!!

Scan the victim IP from NMAP by typing following command on terminal in kali Linux

Nmap –sV 192.168.1.104

Under version scan it shows port 445 is open and if you are not aware from port protocol services then let me tell you that port 445 is use for SMB protocol for making communication between two different operating systems like as we have Linux and windows.

Now Click Applications > Exploitation Tools > Social Engineering Toolkit > setoolkit.

A new terminal gets open for setoolkit framework and now you have to follow these steps for making attack on target.

From screenshot you can perceive that it through a menu to select following approach for attack.

Choose penetration testing (fast-track) and type2 for this method.

Fast-Track is an automated penetration suite for penetration testers. So from next screenshot again we have following option, choose PSEXEC Powershell Injection and type 6 for it.

PSEXEC Powershell Injection Attack: This attack will inject a meterpreter backdoor through powershell memory injection. This will avoid Anti-Virus since we will never touch disk or memory. Will require Powershell to be installed on the remote victim machine. You can use either straight passwords or hash values.

Now give following information to execute attack on victim pc.

Enter remote IP as rhost: 192.168.1.104

Enter username: administrator

Enter password: Ignite@1234

If you don’t know the domain name hit enter only for this and same for random select to number of threads hit enter.

Enter listener IP as lhost: 192.168.1.3

Enter port number: 445

Now this will generate a payload for powershell injection and start loading metasploit framework itself. From below image you will found that through alphabetic shellcode we have got meterpreter session1 open.

Now type sessions to view active session

Further Type sessions –I 1 to get inside meterpreter mode.

Meterpreter> sysinfo

{NOTE: This attack is depending upon the version of SMB PROTOCOL; if version is updated of 2.1 then may be this attack is not successful. Use aggressive scanning method for version detail.}

Leave a comment