The growth of Metasploit has increased over the years and has become rather popular among hackers, script kiddies, penetration testers, cyber security analysts, and information security engineers. The fact that it is open source is a reason for it’s popularity.
Metasploit can be used to test for a number of different security vulnerabilities and is well known for its evasion and anti-forensic tools. This article will be focusing on a single technique which we will call the Metasploit Powershell Shellcode Injector Hack.
METASPLOIT POWERSHELL SHELLCODE INJECTOR HACK – GETTING STARTED
We will be implementing a powershell shellcode injection that is part of the social engineering toolkit. Powershell is available on all Microsoft systems after the release of Windows Vista. The advantage of using a hacking technique like this is that antivirus vendors can’t detect it. The trickiest part is getting the target user to actually execute it.
The idea behind this attack is to setup a payload listener that receives incoming connections from Windows based systems. Then run the payload handler and wait for incoming connections after the powershell code has been delivered to the target user. When the target user executes that file a remote session is opened. There are many ways to deliver the powershell code to the target user but we won’t be getting into that. Keep in mind that you will need to be on the same network as your target user.
First you need to boot up Kali Linux and from “Applications” you need to select “Social Engineering Tools” and then “Social Engineering Toolkit“.When The Social Engineering Toolkit opens up in the terminal you will need to select “Social Engineering Attacks” which is option 1. So type “1” and “Enter“. From the next menu you need to select “Powershell Attack Vectors” so type “9” and “Enter“. Then you need to select “Powershell Alphanumeric Shellcode Injector” so type “1” and “Enter“.
you need to be on the same network as the target user
Now you will be asked to enter the IP address or DNS name for the reverse host. This is the IP address of the machine that you are using to perform this Metasploit powershell shellcode injector hack.
You can find your IP address by opening up another terminal and typing the following command:
When you have located your IP address you can close out that terminal. Now open up the other terminal that is running the social engineering toolkit. After you enter your IP address you will next be asked to enter the port for the reverse. You can type in “443” and then press “Enter“.
Now it will prep the payload for delivery and it will let you know that if you want the powershell commands and attack, they are exported to “/root/.set/reports/powershell/”.
Now we will need to open up another terminal and navigate to the location where the powershell commands and attack are. We can navigate there by using the following command:
Then we can use the “ls” command to see what is in the “powershell” directory. You should notice a file named “x86_powershell_injection.txt”. You will need to copy that file to the desktop using the following command:
cp x86_powershell_injection.txt ~/Desktop
When you have the file copied to your desktop you will need to rename it. On the Kali desktop right click on the file “x86_powershell_injection.txt” and rename it to “x86_powershell_injection.bat“.
METASPLOIT POWERSHELL SHELLCODE INJECTOR HACK – EXECUTION
Now that you have the “x86_powershell_injection.bat” file on your desktop you need to get your target user to execute it on a Windows based system. There are many different ways to deliver the powershell code to the target user but we won’t be getting into that.Keep in mind that it’s best to utilize an autorun feature. This way the target user doesn’t have to physically execute it.
For the purposes of this tutorial I will be using FTP to transfer the file from Kali to a Windows 10 system. When the “x86_powershell_injection.bat” file is transferred to the Windows 10 desktop you need to go back to the Kali terminal where the social engineering toolkit is running and type in “yes” where it says “Do you want to start the listener now“. When the listener has started it will listen for incoming connections.
Now when we double-click on the “x86_powershell_injection.bat” file on the Windows 10 desktop it will execute. When the powershell code is executed on a Windows machine a Meterpreter session will start in your terminal where the social engineering toolkit is running in Kali.
You can interact with a session issuing the following command:
sessions -i 5
Make sure that you specify the session the you want to interact with. Above we are specifying that we want to interact with session 5.
METASPLOIT POWERSHELL SHELLCODE INJECTOR HACK – METERPRETER SESSION
Now that you are interacting with a session you can get information about your target. Using the “sysinfo” command will give you basic information about your targets computer.
If you would like to grab a screenshot of your target users desktop you can use the following commands:
Keep in mind that these are two separate commands. You must first load the espia extention and then run the “screengrab” command. After you run the “screengrab” command an image of your targets desktop should pop up in Kali.
If you would like to capture keystrokes from your target user you can use the following command:
When you are ready to see everything that your target is typing use this command:
When you are finished using the keyscan feature you can use the following command to stop it:
If you want to see other features that Meterpreter has to offer you can use the following command:
Well that concludes this Metasploit powershell shellcode injector hack tutorial. If you have anything to add regarding this hacking tutorial you can use the comment form below.