Hacking Windows Just by Sending an Email
Hi Friends, In this post I am going to show how to hack
windows just by sending an email. To make this work, we need to trick
the victim to open the attachment sent via email.
In this post we are going to exploit the well known office word hta
vulnerability in Microsoft Word which allows the execution of remote
code when a malicious word file is opened. The Vulnerability was marked
as CVE-2017-0199. There is also a metasploit module available for this and we are going to use it.
Open up your terminal and type msfconsole to start the metasploit console. Once it starts, use the metasploit module
Refer to the screenshot below.
exploit/windows/fileformat/office_word_hta. Refer to the screenshot below.
When we lists the options, we see it does not have a payload set by
default. So, we need to set up the payload first. We also need to set
the other mandatory options as well.
After setting the payloads and other mandatory options, we
just run the exploit. Upon running the exploit, it will create a word
file named msf.doc in a location highlighted in the screenshot above.
Now, you need to send this file as an email attachment to
the victim and wait for the victim to open it. Once the victim opens the
file you will get a meterpreter session as shown below.
Now that you have got a meterpreter session, you are in a
full control of victim’s machine. You can run whatever be the commands
you want.
Let’s just drop into the victims command shell and run the command whoami.
Sumber : https://www.ethicalhackingtutorials.com/
0 comments: