Pictures of the attack will be available to you as well as a short video.īefore we start I would like to clarify that this is not a "How to invade" tutorial neither a method of how to install a Trojan to a victim's box. "official" method that I use the well known Armitage of the Metasploit arsenal. The traditional (manual) method that I use only Netcat and the. The final attack will be performed using two methods. In addition, a "home made" undetectable reverse shell (developed in c++) will be used in conjuction with a method of transferring or packing an executable inside another executable. The reason that I prefer the 2nd method is because of the fact that the 1st method trigger an alarm of the windows security essentials antivirus while the 2nd does not! The first method uses the documented windows API function CreateRemoteThread and the second method uses the undocumented funNtCreateThreadEx.
In this article I will present two methods of a successful attack to a windows 7 Ultimate OS that returns a reverse shell to the attacker. Serveral methods for preventing this has been developed by OS creators, but w/o 100% success. If this is the first time for you to read such things then do not bother to read the article.ĭLL Injection is a popular technique used by attackers to inject an executable in order to perform controlled code execution. In addition some knowledge of exploitation techniques is needed such as what is a reverse shell, how we can use netcat etc.
This article refers to people who already know how to program in c or c++ and have a basic knowledge of windows API calls.