Learn About Computers

Teaching about Computers


    26. Lan Pentest Am I Hacked combined screens with Linux & Windows 10

    Share

    Aof
    Admin

    Posts : 63
    Join date : 2018-03-24

    26. Lan Pentest Am I Hacked combined screens with Linux & Windows 10

    Post by Aof on Tue May 29, 2018 1:26 am


    26. Lan Pentest Am I Hacked combined screens with Linux & Windows 10
    ----
    How to tell if you're hacked in Windows 10?
    1. User starts the Payload file, it opens up the zombie pic, and starts the payload within the first 2-3 minutes.
    2. A Meterpreter session has happened with the Hacker successfully hacking into the system,
    after the protection has been disabled. The Hacker silently navigates around the system freely.
    3. netstat /nao = The Windows user decides to check their computer's outgoing established connections.
    Windows 10 has a few established connections by default, because it's constantly updating etc..
    The User notices an extra one however and decides to investigate.
    It shows the Ip address, and the port number, and the PID number.
    5. The user decides to open the task manager, and selects "more details" to view all running processes. Windows 10 has several running by default, but the user sees that a Powershell session has been opened, and decides to cross-check the PID number with the one found by the netstat /nao established connection, it's a match.
    6. The User left clicks on the Performance tab within the Task Manager, and checks the
    Resource Monitor for outgoing network connections.
    7. The User has found the matching PID number was a match with the unknown
    Powershell session.
    8. The User decides they could be hacked, so disconnects the Hacker from the computer by
    killing the Powershell by either image name or pid.
    9. taskkill /pid 5040 /f = User decides to go with the PID number this time for demonstration purposes because in Windows 7: Am I Hacked? we chose to do it by Image Name.
    Windows 10 echoes an error back to use, because we tried it from a Command Prompt that did not have Administrative Priviledges.
    10. User right clicks the start menu, left clicks, "Run as Administrater" to run Command Prompt as Admin, then tried the taskkill command again.
    11. taskkill /pid 5040 /f = The command has been successful this time, disconnecting the Connection from the Powershell back door connection of the Computer.
    12. The Hacker can no longer access the user's pc, unless he had the .bat file set up to call for a future powershell connection, after the first initial connection.
    The User may do some research and report the Attacker's Ip Address if he wishes by visiting
    http://itools.com/tool/arin-whois-domain-search
    and finding the Attacker's Ip, then reporting them to their Internet Service Provider.

      Current date/time is Thu Aug 16, 2018 11:27 am