Breaking into my brothers laptop (LAN)

[AcidHead]

The following is a real-world scenario i'm faced with (my brother's laptop), any ideas on how i should approach it?
only interested in remote code execution without using RATs or any File Format attacks...

Victim is in the same LAN as me...
OS: Windows 7 Professional SP1 32-bit
Windows Updates: Enabled
Fire Wall: Windows Firewall
AV: AVG 2014

Browser: Firefox 29
Plugins: Adobe Acrobat 10.1.5.33, Java Deployment Toolkit 7.0.550.14 10.55.2.14

User: Doesn't use mail and will ONLY downloads from torrent sites...

Nmap Scan:
135/tcp   open  msrpc       Microsoft Windows RPC
139/tcp   open  netbios-ssn
445/tcp   open  netbios-ssn
554/tcp   open  rtsp?
2869/tcp  open  http        Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5357/tcp  open  http        Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 503)
|_http-title: Service Unavailable
10243/tcp open  http        Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
|_http-title: Not Found
MAC Address: 70:1A:04:XX:XX:XX (Liteon Tech)

Goal: Remote Code Execution.

Reply for additional info.
Thanks for your time =)

[Architect]

Try a bit of passive recon first.

[iTpHo3NiX]

If you have physical access why not just throw a backdoor like netcat or a metasploit backdoor?

The other option would be MitM, you're on the same lan.

You can create a torrent, host it on your local network for something he commonly downloads, ie a TV show. Make it appear to be that TV show and when he attempts to download the proper torrent file make it go to your torrent file and profit as he runs it to have your backdoor for further exploitation.

Also a rubber ducky to just plug in when he's on the computer that will install your backdoor automatically is another option too..

Idk there are a million different ways to go about it..

[AcidHead]

I do have physical access but i'm trying to prove a point, that someone can hack him remotely..

I have done a MiTM attack on him already but i want remote code execution.

The torrent scenario is possible but i don't think he would fall for it, keep in mind he knows i'm trying to hack him, and i don't think he would download from anything but Pirate Bay and other popular torrent sites...

i was thinking of using a MiTM to inject a trojan in a file he downloads, i don't know if that's possible but it seems the best way to go about, or use some browser side exploit(i haven't found any for the version of FF and plugins he has)...

any ideas is welcome....

[ande]

I am sorry, but im gonna closee this thread. All tho, somewhat interesting if OP actually knew what he was doing. We are not your personal army, definitely not when you have 2 posts...

There is really not much to go on when you only want remote code execution. You are pretty much stuck with MITM and injecting some sort of browser (or other service) exploit on the fly. If you can settle with a RAT/backdoor, you could just replace all exe, zip and rar files to contain a setup.exe which would be your entry.


PS: I changed the thread title. Next time think about how others see your post, how would the title benefit others etc. Keep it simple stupid while being informative enough.