I setup a lab with 2 Windows 7 machines (32 Bit but should wokr on 64 too), one for the attacker and one for the victim. I am using the FUZZBUNCH tool from the leak which is some kind of exploit framework kinda like metasploit. Basically you use it to run exploits. Let’s use the ETERNALBLUE (MS07–10) exploits to take over the victim machine
After that we have several option. We can run shellcode on the machine or any .dll or .exe. In this case I wanted to try out the Dander Spiritz tool. It came with “pc_prep” another utility to generate payloads for Dander Spiritz A.K.A. PEDDLECHEAP.
Now that we have our dll payload we can start the listener in Dander Spiritz:
Upload our payload to the target using DOUBLEPULSAR:
And now we have a connection:
Just after the connection an automatic “survey” is launched. It basically collects information about the system, tries to crack passwords, look for “PSP” (Personal Security Products) etc and saves everything into log files.
After the connection is made you have different options with Dander Spiritz GUI such as taking screenshots, browsing files, managing processes etc.
But the most interesting parts are the plugins in the “Terminal” window.
Here are some of them:
YAK: install keylogger
ripper: steal information from Skype, Firefox & Chrome