Security: Methods to explore Windows 8 and windows 7.
By Rafael Fontes (Backtrack Team).
Readers, this article everybody would be going to understand techniques to exploit the operating system Microsoft Windows 8 (only for teaching purposes, for network administrators and security specialists understand how the mind works and to prevent the attacker). Through the Metasploit will learn how to hack some machines with Windows OS vulnerable, Windows 7 SP1 other OS is also applicable.
This exploit works "using Java Signed Applet Method" on any browser, but requires the java plugin installed, a file is created. "Jar", it is necessary that the target open a URL and allow the java applet to run in the browser. The applet is presented to the target through a web page. The Java Virtual Machine, of the victim will pop up a window asking if they trust the signed applet, after the victim clicks on "run" the applet is run with full permissions.
STEP BY STEP
Requirements for pentest:
I. You must have installed the Windows 8 operating system.
II. Some target computer or VMware (Virtual Machine) with a Linux distribution, can be Backtrack or Kali, whatever, the important thing is to have the “metasploit” up and running.
First reader, you need to open the terminal and enter the command:
Figure 1) Open metasploit.
After, we choose the exploit to use:
Let’s type use exploit/multi/browser/java_signed_applet .
Press enter and type “Show options”.
Figure 2) Use exploit and show options.
The SRVHOST and SRVPORT have defined default values 0.0.0.0 and 8080. The SRVHOST is the IP address that the server will work to make the connection url to be opened by the target browser. SRVHOST is set to 0.0.0.0, the target must be able to connect to this machine using your public ip.
Figure 3) Set payload.
The LHOST should be the IP address that the victim is connected.
Figure 4) LHOST and exploit.
When the target open this link on your browser displays a warning in a dialog box .
A window will open, and the victim can check the "I accept the risk and want to run this application", click "Run".
Figure 5) Java applet.
Therefore, after the victim open the malicious URL, then click Run, Metasploit will start a meterpreter session to the target machine, and you get full access!
You can directly run "sessions l" to see the active sessions.
Example: sessions-i 1, where 1 is the ID of the session.
The applet is able to connect to Metasploit.
Meterpreter session starts and is ready, as planned, and available options for you to exploit the system.
Figure 6) Session starts.
This article is only for ethical hacking, now you can have fun with the commands.
Figure 7) Webcam shot: Just 4 fun.